From: Earnie B. <ea...@pr...> - 2005-10-22 12:50:54
|
Quoting amores perros <lif...@ho...>: > > > >> From: Earnie Boyd Subject: Re: [Mingw-users] MinGW 5.0.0 installer feed back >> Date: Fri, 21 Oct 2005 12:12:24 +0000 >> >> Quoting amores perros <lif...@ho...>: >> >>> >>> I was rather surprised that an ordinary user can create a new >>> subdirectory off of the system root (C:\) in Windows XPSP2, >>> out of the box. Apparently there is an ACL entry for allowing >>> anyone to append, on the root. >>> >>> Even more surprisingly to myself, I see what I think is the >>> same situation on a 2003SP1 server (not integrated SP1): >>> >>> cacls c:\ >>> ... >>> BUILTIN\Users:(CI)(special access:) >>> FILE_APPEND_DATA >>> >>> BUILTIN\Users:(CI)(IO)(special access:) >>> FILE_WRITE_DATA >>> >>> >>> But I'm off-topic. >>> >> >> Yes we certainly are, but since you're so surprised; you may be even more >> surprised to know that you can access remotely the root of any drive on any >> server as a mapped drive on your client. All you need to know is >> the host name >> of the PC you wish to connect to. E.G.: \\yourserver\C$ mapped to >> z:. When a >> PC boots the default behavior is for the root of all drives attached to be >> shareable with a share name equal to the drive letter. >> > > That contradicts Microsoft's documentation on the > subject, which I have assumed is correct. > > Here is a sample: > > http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prde_ffs_mgte.asp > > (assuming that a url to an article on a Microsoft site can stay > valid for long enough for you to click it -- they seem to break > their own urls amazingly rapidly). > > They say -- and I believe they've long said -- that those > are not accessible to just any client, but to only > members of the local Adminstrators group (as one > would expect), although I've also seen it claimed > that they're accessible to members of the > local Backup Operators group as well. > The document didn't use the word local. I've never experienced any problem accessing what MS is calling an Administrative Share from a remote computer unless steps were taken to prevent it after the computer was rebooted or Server service was restarted. The prevention steps must be taken upon each reboot and do not persist with shutdown. Earnie |