Plugging Common Mouse Holes

Unseen administrative shares

Each time Windows 2003 boots, a hidden administrative share is created for every drive. These shares are backup paths for the system just in case direct access to system files is somehow interrupted . In other words, it's a redundancy you don't need! The administrative shares are disabled by adding AutoShareServer to the following Registry key:

 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters 

A value of 0 turns the administrative shares off, and a value of 1 turns them back on. Consult Microsoft TechNet for details about disabling administrative shares.

A hidden share is just like any other share, except it has a dollar sign as the last character in its name . This tells the system not to display the hidden share in standard browser listings of shares. You can use the System Manager to view hidden shares. You can create your own hidden shares just by adding a dollar sign to the end of the share name.

The problem with administrative shares is that they offer unrestricted access to every file on a drive. If the username and password of an administrator account are ever compromised, this share can be used by anyone to man to any administrative share on the network. Therefore, it's a good idea to turn off the administrative shares just as a precaution.

Decoy accounts

Everyone knows the name of the most important user account on your system. Because Windows 2003 creates the Administrator account when Windows 2003 is installed, everyone already knows that you have such an account and exactly what its name is. Therefore, you need to change it!

Don't just change the name. Do one better and create a new dummy account that has absolutely no access or privileges at all and give it the name administrator. This dummy account will serve as a decoy to lure hackers away from real access.

Creating decoys for other common accounts, such as the Guest account and IUSR account (the one created by IIS), is also a good idea.

Last logged on username

By default, when Ctrl+Alt+Del is pressed, the logon dialog box displays the username of the last person to successfully log on. This is not the most secure setting. To prevent the dialog box from appearing, enable the option titled Interactive logon: Do not display last user name policy. This option is in the Security Options area of the Group Policy (see the "User rights" section for details on finding this area).

When good floppies go bad

A nifty tool from System Internals (http://www.sysinternals.com) enables anyone to read NTFS files after booting from a DOS floppy. The NTFSDOS drivers make possible what Microsoft claimed was impossible . Now, anyone who has physical access to you system can reboot with a floppy and copy files right off your NTFS protected drives. If you value your data (and your job), remove the floppy drives from critical systems.