Windows NT and 2000 file sharing fixes



last revision August 10, 2004

Steps to secure your Windows PC:
  1. Use strong passwords
  2. Install security patches
  3. Share files correctly
    1. Fixes for Windows 95, 98, and ME
    2. Fixes for Windows NT and 2000
    3. Fixes for Windows XP
  4. Use anti-virus software
  5. Protect against e-mail viruses
  6. Install PCLeland
  7. Minimize open network services
  8. Run a security analyzer
  9. Do regular backups
  10. Apply special Windows XP fixes

Windows NT and 2000 are pre-configured by default to share your entire disk on the network to anyone who knows the password to an Administrator account on your system. This includes other accounts (such as a personal account) which have been given administrator privileges. This type of sharing is "hidden" as an "administrative share". It does not show up in the network browser, but hackers can easily scan the network to find computers with administrative shares. An administrative share is difficult to disable, so make sure that you have strong passwords set for all accounts on your Windows NT or 2000 computer.

If you decide to purposely share a directory on a Windows NT or 2000 computer so that it will show up in the network browser, be aware that by default, the folder is shared with complete write access to anyone on the network, without any need to supply an account name or password. You must disable the "everyone" privileges (or completely disable the guest account, which is difficult to do properly) to close this security hole. Then you can allow specific accounts (with passwords) to access this share.