Securing XP Pro

#1
Various books and websites advise getting rid of certain administrative shares (usually FAX$ ,IPC$, & PRINT$) to better secure the OS. I've tried several ways to uninstall or disable, but every time I turn off the PC, these shares return. After a lot of searching, I found this explanation.

http://support.microsoft.com/kb/314984

What is the mechanism that is doing this:
"Hidden administrative shares that are created by the computer (such as ADMIN$ and C$) can be deleted, but the computer re-creates them after you stop and restart the Server service or restart your computer"
...and how do I eliminate its ability to undo what I delete, disable, or uninstall?
 


#2
If you are absolutely intent on retaining XP, the only obvious way to do what you want is to remove some of the Pro functionality. You could try to find an iso for the Home Edition and downgrade your installation (looks like you might have to go to a 32 bit OS with that route, which wouldn't necessarily hinder your use), or find a way to dismantle portions of the Pro OS.

Just another alternative to consider: you sound like you know your way around the computer, or at least aren't intimidated by the need to learn and explore to solve your problem. You would be a good candidate for trying Linux as an XP replacement. If you haven't already, just create a liveDVD of one or more offerings and see what you think without installing anything on your computer. If you find a candidate you like, you can load it on a USB stick or external hard drive and use it without even affecting your XP installation. If you are running Pro, I'm guessing the computer has at least 1 GB of RAM. Something like Linux Mint Mate (http://blog.linuxmint.com/?p=2627) would run easily and would be an easy transition from XP (it's pretty XP-like), and it would probably be faster than XP.
 


ussnorway

Windows Forum Team
Staff member
Premium Supporter
#3
1. What the articles should be advising is too stop using unsecured networks designed from 10-20 years ago and upgrade your entire network to a modern ip 6 based model which has simple to use and much safer security built into it from the ground up. That’s not the same thing as just turning off a hidden share which does not really prevent a hacker from entering your network.

2. A hidden share is just a normal share with a $ symbol added on… it just tells the explorer to not show the share (by default) and adds no extra security beyond this so if the user knows that the share is there… even if they aren’t sure of the exact path then it doesn't make any difference to the networks viability.

3. It is most likely system restore that is putting the files back in but it could also be the efi drive detecting the error... just depends on which service pack level you are using.

4. As a practical matter I agree with what Fixer1234 posted with perhaps a commercial or Edian firewall between the machine and other network parts… at least between the internet but without knowing what you expect this system to do & perhaps some idea of a budget it is very hard to give solid advice.

5. As a final note, ime stripping xp of too much network infrastructure will just make the system slow and unstable.
 


#4
If you are absolutely intent on retaining XP, the only obvious way to do what you want is to remove some of the Pro functionality. You could try to find an iso for the Home Edition and downgrade your installation (looks like you might have to go to a 32 bit OS with that route, which wouldn't necessarily hinder your use), or find a way to dismantle portions of the Pro OS.

Just another alternative to consider: you sound like you know your way around the computer, or at least aren't intimidated by the need to learn and explore to solve your problem. You would be a good candidate for trying Linux as an XP replacement. If you haven't already, just create a liveDVD of one or more offerings and see what you think without installing anything on your computer. If you find a candidate you like, you can load it on a USB stick or external hard drive and use it without even affecting your XP installation. If you are running Pro, I'm guessing the computer has at least 1 GB of RAM. Something like Linux Mint Mate (http://blog.linuxmint.com/?p=2627) would run easily and would be an easy transition from XP (it's pretty XP-like), and it would probably be faster than XP.
I do not see any need to downgrade to Home Edition. XP Pro SP3 is 32-bit, and I have already trimmed away the useless crud (Telnet, IRC, System Restore, and so on). Whatever hidden code that resurrects the administrative $hares, index.dat files, etc., failed to stop me from eliminating the useless junk. That tells me FAX$, IPC$, and PRINT$ has some special protection (beyond its Harry Potter cloak of invisibility, which I ripped away), and I need to target it so that when I jettison something it stays gone...permanently.

Already fooling around with Linux. Have Netsecl installed on the other HDD for use on risky sites, and use Puppy Linux as Live CD for its speed-demon ability.
 


#5
1. What the articles should be advising is too stop using unsecured networks designed from 10-20 years ago and upgrade your entire network to a modern ip 6 based model which has simple to use and much safer security built into it from the ground up. That’s not the same thing as just turning off a hidden share which does not really prevent a hacker from entering your network.

2. A hidden share is just a normal share with a $ symbol added on… it just tells the explorer to not show the share (by default) and adds no extra security beyond this so if the user knows that the share is there… even if they aren’t sure of the exact path then it doesn't make any difference to the networks viability.

3. It is most likely system restore that is putting the files back in but it could also be the efi drive detecting the error... just depends on which service pack level you are using.

4. As a practical matter I agree with what Fixer1234 posted with perhaps a commercial or Edian firewall between the machine and other network parts… at least between the internet but without knowing what you expect this system to do & perhaps some idea of a budget it is very hard to give solid advice.

Tried Vista-it grated on my nerves. Been using Win 7 at libraries for a year now- if I could cuss here I could tell you what I think about this OS, but since I can't, I won't try. Not even gonna try Win8, and after reading the reviews, it looks like I'm not missing much, unless you count even more irritation than Win7 provides as 'missing much'. So no thanks.

Hidden shares with the $ are most definitely not "normal" shares. Normal shares I can nuke into oblivion, turn off the dang PC for the night, turn it back on the next day, and the normal shares are still gone. Same with the Telnet, SystemRestore, and everything else I've erased, uninstalled, disabled, etc. These gawd-awful $shares return again and again. Whatever mechanism or registry code that brings them back and overrules my choices to eliminate them must be terminated (with or without extreme prejudice!), and I'm still looking to find out how.

Not sure what "efi drive" is. Google suggests its connected either to UEFI or Intel platform. If so, I have neither. My custom build is based on AMD legacy components, BIOS motherboard, and so on.

Already have software firewalls (one for XP Pro and NetSecL has its own) and router firewall, but this is off topic.







5. As a final note, ime stripping xp of too much network infrastructure will just make the system slow and unstable.
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top