Remove any unused shares and harden the NTFS permissions on any required shares. By default, all users have full control on newly created file shares. Harden these default permissions to make sure that only authorized users can access files exposed by the share. Also, use NTFS ACLs on files and folders exposed by the share in addition to explicit share permissions.
In this step, you:
Remove unnecessary shares .
Restrict access to required shares .
Remove all unnecessary shares. To review shares, start the Computer Management MMC snap-in and select Shares under Shared Folders .
Remove the Everyone group and grant specific permissions instead. Everyone is used when you do not have restrictions on who has access to the share.
If you are not allowing remote administration of the computer, remove unused administrative shares, for example, C$ and Admin$.
Note | Some applications may require administrative shares such as Microsoft Management Server (SMS) or Microsoft Operations Manager (MOM). For more information, see Microsoft Knowledge Base article 318751, "How To: Remove Administrative Shares in Windows 2000 or Windows NT 4.0." |