restrict access to c$

By acquarianblue ·
i have a user who knows how to access other workstations local drive remotely by using c$. at the same time, the person also knows a domain admin account and uses it to be granted access to the remote drive. i want to restrict that user from accessing remote drives of other workstations but not restrict the shared folders that is allowed for him to access. aside from changing that password of the domain admin account, what else could I do to restrict the user?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Changing the domain account password will do

by ManiacMan In reply to restrict access to c$

Also, if all of the PCs' have the same local admin password and he knows what it is, then you now have to change all the local admin passwords as well because he can use that to map to the remote C$ share using the local admin credentials. Start by removing his ability to use the domain admin account and also ensure that his account is not a member of a domain admins group.

Collapse -

re:Changing the domain account password will do

by acquarianblue In reply to Changing the domain accou ...

thanks ManiacMan.
the user doesn't know the local admin password so i'm ok with that. i'll double check to see if he's not included in the domain admins group. but i wan't an alternative method aside from changing the domain admin password....

what if I assign his domain login account as a member of the user or guest group of his workstation, would that do the trick?

Collapse -

re: Changing account PW

by ThumbsUp2 In reply to re:Changing the domain ac ...

If the user knows the domain admin PW, he/she could get access even if you set their user account to guest. That's why PW's need to be protected. You need to change the PW, plain and simple.

Collapse -

He also needs to make sure the user didn't create a backdoor account

by ManiacMan In reply to re: Changing account PW

that he can use to gain admin access to the domain.

Collapse -


by scott_heath In reply to He also needs to make sur ...

... he needs to have his management speak to the users management. And HR. The need to revise there security policies to include unauthorized electronic access so that this employee may be terminated if they do it again. If I found out that one of my employees was accessing other computers for reasons outside of technical support I'd have them written up and possible terminated.

Collapse -

Forget HR, I'd be smashing a monitor over his head out of anger :^0

by ManiacMan In reply to And...

Nobody messes with my network and walks away without broken bones...muaaaaahahahahaha :^0

Related Discussions

Related Forums