Jump to content
RESET Forums (homeservershow.com)

Default share chaos?


calmasacow
 Share

Recommended Posts

Ok This is a bit crazy! I can't be the only  that thinks having these shares all visible even to the Guest account is OK?

 

when I connect as guest I see:

 

CertEnroll

Company

FileHistoryBackups

Folder Redirection

Music

NETLOGON

Pictures

Shared Folders Wich contains copies of "Company, Music, Pictures, Users, Videos"

SYSVOL

Users

Videos

 

At a minimum is there way to get arid of the Shared Folders share I mean it just is a extra level duplicate of the same shares? Ideally I would like most everything  except the usual stuff like "Documents, Pictures, Music, Videos, and Users" and then there are a few that I would add but I know how to do that. I just wanna know what I can get rid of without causing problems for the OS or anything else.

 

Tell me if I'm wrong but wouldn't stand to reason to at least remove the everyone>Read permission from these???

Edited by calmasacow
Link to comment
Share on other sites

This is normal.

 

Specifically, the "Shared Folders" share is added a shortcut by the connector, that way you can see the shares but not all the "extra" stuff.

And you should NOT mess with the CertEnroll, NETLOGON, or SYSVOL folders. These are REQUIRED for the domain controller and messing with them can break the domain (including the server).

 

Ideally, just use the the "Shared Folders" folder and create a shortcut if needed.

Link to comment
Share on other sites

Could you not use a Group Policy to hide shares from the Users group?

I don't think so, actually.

 

But you could use a group policy to create a shortcut.

Link to comment
Share on other sites

The "Share" permission and the "NTFS" permissions are not be the same.  I always tell people it's liking walking down a street with shops that all have locked doors.  The shops being the shares.  If you have the "keys" or permission you can at least walk in the store to view.

Link to comment
Share on other sites

I take your word for it Drashna (as I do for many things ;) ). I haven't done any Group Policy stuff in ages, and I never was deeply immersed in it to begin with.

Link to comment
Share on other sites

The "Share" permission and the "NTFS" permissions are not be the same.  I always tell people it's liking walking down a street with shops that all have locked doors.  The shops being the shares.  If you have the "keys" or permission you can at least walk in the store to view.

 

Yeah, we always set the top level permissions as "Everyone, Everyone" and then drill down the Security tab to set the real permissions. It was funny to take a course once where the MS trainer told everyone to set permissions exactly the way we'd been doing it for years. Of course, someone had to ask, "So why have the top level permissions?". The trainer basically said that somebody at MS probably thought they might have a use some day, but they never have.

I guess the bigger question is , why are you enabling the GUEST account?

 

He is? I missed that.

Link to comment
Share on other sites

I always thought you could hide any folder, or at least you could in 2011.

That's right, you can hide shares you can't access, by using the share manager.

However, the system shares (certenroll, sysvol and netlogon) may not let you, and may not be a good idea.

 

 

ALso, to clarify, the REASON the "Shared Folders" DFS root share exists is specifically for this reason.

Instead of seeing all the shares, the Shared Folders share ONLY shows the server shares. Which is why I insist on using it.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...