Possible problems when disabling admin shares (admin$) in a domain?

Z

zhylik2013-07-31 20:44:37

Active Directory

zhylik, 2013-07-31 20:44:37

Hello.
Tell me, please, what problems can arise when disabling admin shares (admin$, c$, d$ etc (except IPC$)) on client computers in the domain (AD on Windows 2008 R2, clients - XP SP3 or 7 SP1)?
In particular, how will installing software through GPO behave, will there be any other problems?
I saw KB on the MS website, but I would like additional information from those who have already done this.
In addition to the admin spheres, I want to forcibly disable the remote registry service on clients.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

I

Ilya Sevostyanov, 2013-08-01
@RUVATA

Disabling built-in shares will not bring you anything good, I assure you. (Especially if it is a DC, or a domain in the forest)
If you are interested in the security problem, then I assure you, you need to go from the other side.
It is better to tell what problem you are trying to solve in this way, and here perhaps best practicals will be prompted.

N

Nikolai Turnaviotov, 2013-08-01
@foxmuldercp

Embedded shares are usually disabled along with the server service. Without admin rights in the domain / on the local PC, a regular user cannot get to them.
If you want to make life difficult for your own technical support employees and yourself by disabling the server / remote registry services by disabling them, then something is seriously wrong in your conservatory.