('binary' encoding is not supported, stored as-is) In-Reply-To: <Pine.LNX.4.33.0303192037260.4118-100000at_private> I would like to shed some light on this issue. First of all the correct name of the share is SPM2000C$. It is indeed created by Service Pack Manager 2000 (SPM2000) by Gravity Storm Software. SPM2000 creates this for its own purposes for pushing security patches and Service Packs to the remote machine and for the purposes of verification of patch installation (accessing individual file versions and checksums). This share is created in a very temporarily way and after SPM2000 is done it cleans the share up. Share is indeed administrative. You can remove it by using for example Windows Explorer, but in addition you have to remove the entry in the registry, otherwise the share comes back after reboot. Somewhere during the summer 2002 one of the versions of Service Pack Manager 2000 had the share cleanup functionality broken and was failing to cleanup the share properly. When it was reported, we immediately provided the fix. In addition, we also provided the functionality in SPM2000 that allows you to remove ANY type of share easily. Leon Havin, Gravity Storm Software > >On Tue, 18 Mar 2003, Robinson, Jonathon wrote: > >> Harlan, >> >> If I go to the management console> shared folders> shares> Right-click and >> properties> I get the following: >> >> "This has been shared for administrative purposes. The share permissions and >> file security cannot be set." >> >> However, I'm not able to reboot the server at this time as it's currently in >> production, so the reoccurrence of the share is simply an assumption. >> >> I'd just like to know why this share exists. > >The software package mentioned earlier is produced by Gravity Storm >Software http://securitybastion.com. I have used this software on NT4 with >great success. It did not exhibit this behavior. I can't say that is does >not exhibit this behavior by default on Win 2000 as I have not tested it. >However, I suspect that it could have created the share for it's own use. >Most likely to facilitate the distribution of service packs and hotfixes. >The version I tested prompted you to do this on your own, perhaps newer >versions do not. The maintainer can be contacted with the addresses on the >web site. > >-- >Jonathan Rickman >X Corps Security >http://www.xcorps.net > > > > >-------------------------------------------------------------------------- -- > ><Pre>Lose another weekend managing your IDS? >Take back your personal time. >15-day free trial of StillSecure Border Guard.</Pre> ><A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A> > > > ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Thu Mar 20 2003 - 07:37:17 PST