I
Ice Czar
Guest
well first off this is for standalone systems and can play havoc in a networked environment
in addition the Group Shares under the Security Tab in a drive's properties are NTFS permissions, so use NTFS
its far more secure than FAT32
remove the "Everyone" group shares and replace with "Authenticated Users" shares
the Everyone Group allows access to all the data by anyone that manages to log on to the network
Start > Programs > Accessories > Windows Explorer > (in tree at left) expand My Computer > RClick the first drive > Properties > Security Tab > Add > Authenticated Users > Add > OK >
then Remove > Everyone > Apply > OK
Repeat for each drive (except removable media) with drives that have Administrator and System permissions leave those permissions intact
disable default hidden shares
$C, $D, $E ect the root for each partition (these are typicaly accessed by the Administrator or Backup Operators Groups)
Start > Programs > Accessories > Windows Explorer > (in tree at left) expand My Computer > RClick the first drive > Properties > Sharing Tab > Check Do not share this folder radio button > Apply > OK
repeat for each drive
Delete default administrative shares for the current and later sessions
Start > Run > (type) Regedit > Navigate to >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
RClick the right pane > New > DWORD Value > (type) > AutoShareWks
and verify the value is 0x00000000 (0)
(both Microsoft Systems Management Server (SMS) and Microsoft Operations Manager (MOM) 2000 require administrative shares for correct installation and operation.)
disabling IPC$ Shares
for this you will need to download a few files (included in a few resource kits)
download here (autoexnt package)
you should have
Instexnt.exe
Autoexnt.exe
Servmess.dll
then open the notepad and type > net share IPC$ /delete
save as > Autoexnt.bat
than copy all 4 to WINNT\system32
then Start > Run > CMD > (type) instexnt install
at the command prompt > Enter
you should get
then Start > Run > regedit (XP\W23) or regdt32 (W2K\NT) naviagte to > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AutoExNT
Highlight it and on the top toolbar > Edit > Add value > (type) DependOnService > select REG_MULTI_SZ as the data type from the dropdown list > OK > a Multi-String Editor window will popup type > LanManServer > and > LanManWorkstation > OK
if the DependOnService value already exists, simply double click it and add
LanManServer > and > LanManWorkstation
Now reboot and after startup
Start > Run > compmgmt.msc > Expand Share Folders > Select Shares > you shouldnt see anything
what has effectively been done is you have installed a service that starts a batch file at startup, now you really need to protect that file, Id recommend hiding it, and placing a file checker or other security monitoring utility to watch it for changes, any other batch commands youd like to add could also be included
in addition the Group Shares under the Security Tab in a drive's properties are NTFS permissions, so use NTFS
remove the "Everyone" group shares and replace with "Authenticated Users" shares
the Everyone Group allows access to all the data by anyone that manages to log on to the network
Start > Programs > Accessories > Windows Explorer > (in tree at left) expand My Computer > RClick the first drive > Properties > Security Tab > Add > Authenticated Users > Add > OK >
then Remove > Everyone > Apply > OK
Repeat for each drive (except removable media) with drives that have Administrator and System permissions leave those permissions intact
disable default hidden shares
$C, $D, $E ect the root for each partition (these are typicaly accessed by the Administrator or Backup Operators Groups)
Start > Programs > Accessories > Windows Explorer > (in tree at left) expand My Computer > RClick the first drive > Properties > Sharing Tab > Check Do not share this folder radio button > Apply > OK
repeat for each drive
Delete default administrative shares for the current and later sessions
Start > Run > (type) Regedit > Navigate to >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
RClick the right pane > New > DWORD Value > (type) > AutoShareWks
and verify the value is 0x00000000 (0)
(both Microsoft Systems Management Server (SMS) and Microsoft Operations Manager (MOM) 2000 require administrative shares for correct installation and operation.)
disabling IPC$ Shares
for this you will need to download a few files (included in a few resource kits)
download here (autoexnt package)
you should have
Instexnt.exe
Autoexnt.exe
Servmess.dll
then open the notepad and type > net share IPC$ /delete
save as > Autoexnt.bat
than copy all 4 to WINNT\system32
then Start > Run > CMD > (type) instexnt install
at the command prompt > Enter
you should get
Code:
C:\Documents and Settings\Administrator > instexnt install
CreateService AutoExNT SUCCESS
with InterActive Flag turned OFF.
C:\Documents and Settings\Administrator>
then Start > Run > regedit (XP\W23) or regdt32 (W2K\NT) naviagte to > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AutoExNT
Highlight it and on the top toolbar > Edit > Add value > (type) DependOnService > select REG_MULTI_SZ as the data type from the dropdown list > OK > a Multi-String Editor window will popup type > LanManServer > and > LanManWorkstation > OK
if the DependOnService value already exists, simply double click it and add
LanManServer > and > LanManWorkstation
Now reboot and after startup
Start > Run > compmgmt.msc > Expand Share Folders > Select Shares > you shouldnt see anything
what has effectively been done is you have installed a service that starts a batch file at startup, now you really need to protect that file, Id recommend hiding it, and placing a file checker or other security monitoring utility to watch it for changes, any other batch commands youd like to add could also be included