COMMAND

    shares

SYSTEMS AFFECTED

    Win NT

PROBLEM

    The following may represent security risk if you are not going  to
    pay atention to it.  It was brought to public by Harald Goci.

    Let's say you have NT server with one HD with one partition (NTFS)
    and one CDROM.  Some directories of the HD are shared and also the
    CD ROM drive is shared.

    You decide to install a new HD into the server which leads to  the
    following drive letters:

        C: old HD
        D: new HD
        E: CD ROM

    Unfortunately NT gives the share of the former CD ROM (old D:) now
    to the new disk (new D:) with the same sharename.  People  usually
    leave  the  default  permission  on  CD drives (Full for Everyone)
    because nobody  can write  on CDs,  so what  can happen.  BUT this
    default permission now  shows to a  HD!!!  Note  that this can  be
    feature as well.

SOLUTION

    This is because the shares are in the registry and do not seem  to
    budge in  any way  unless you  explicitly remove  them. Many think
    that when they delete a directory,  its share goes too - but  they
    don't.

    Don't use share permissions.   Use NTFS permissions only, then  if
    you move a drive, the perms move with it.

    Another useful trick is to backup:

        HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares

    key in the registry to disk. (This is where the shares live).  You
    can then reinstall  NT from scratch  if you like  (As long as  you
    don't  format   any  drives).    When  you   have  finished   your
    installation stop the  server service and  import the key  back in
    from disk.  Then delete  any printer related shares under  the key
    (You have to manually recreate these).  Once you start the  server
    service again hey presto your shares are back with the security.