Your browser is obsolete!

The page may not load correctly.

The rules of ”basic hygiene”

Правила гигиены

Other issues in this category (61)
  • add to favourites
    Add to Bookmarks

My folders are your folders!

Read: 800 Comments: 9 Rating: 14

It seems quite obvious that allowing anyone to create files on your computer is a bad idea and that you should grant shared access to your files and folders only when completely necessary. But users are often unaware of the fact that some folders on their computer are accessible to other parties. Because Windows is designed to be as user-friendly as possible, several folders are made accessible by default.

To view the list of shared folders, go to Start → Run (or press Win + R). Enter compmgmt.msc in the subsequent dialogue box, and press OK.

In the Computer Management window, select Shared Folders → Shares.

#drweb

As you can see, by default, Windows grants remote access to ADMIN$ (C:\Windows) and С$ (C:\). If other disk drives (E, F, etc.) are available, corresponding entries, such as E$ (E:\), F$ (F:\), are added for each available disk drive.

Ideally, only the members of the local administrator group on the computer can access the shared folders. But because users usually don't make an effort to create a strong password, it is safe to assume that anyone can gain access to most computers.

Ideally, only the members of the local administrator group on the computer can access the shared folders. But because users usually don't make an effort to create a strong password, it is safe to assume that anyone can gain access to most computers.

To access data in these folders, the administrator (or anyone who knows the password) only needs to enter something like \\«nombre del equipo»\C$ in the explorer window to gain full access to a remote machine’s file system.

If you don't use this option (you don't access files remotely), you'd better lock this backdoor.

In the snap-in window, select the share you don't want other people to access, and select the corresponding option in the context menu.

#drweb

But bear in mind that this change will only have a temporary effect, and the folder will become accessible again after a system restart. To deny access to the folder permanently, you need to use a registry editor.

Select Start → Run (or press Win + R). In the newly appeared dialogue box, enter regedit, and press OK.

In the newly appeared dialogue box, enter regedit, and press AutoShareWks. Set the value to 0 (for a PC). If you use a server version of Windows, the DWORD value name should be AutoShareServer, and it also must be set to 0.

#drweb

Now, the shares won't be accessible after a system restart.

If you want to make the folders accessible again, set the AutoShareWks\AutoShareServer value to 1, or delete the values from the registry.

Dr.Web recommends

If you don't like the idea of people getting into your computer at any moment, deny remote access to your folders, and use a strong password for your user account.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments