default share permission change

基於資訊安全原則,我們不想讓everyone出現在預設的分享權限中,所以必須對系統作微調
機碼位置
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity]
"SrvsvcDefaultShareInfo"

由於這各機碼值是不容易讀取的,所以必須藉由tweak-ui去作調整

事後的部署

在AD的環境下~~可透過GPO來安裝~~

Computer Configuration --> Windows Settings --> Scripts (Startup/Shutdown)

regedit /s xxx.reg

在workgroup的環境下可透過psexec,wmi,reg add,powershell來補正


for windows vista and/or higher version
Once you apply default share permission onto your system. All the other machines access either root share or adminitravtive share until you apply below setup onto your machine.

reg add HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters /v Level2Compatibility /f /t REG_DWORD /d 1
restart server service to apply the setup to system immediately
net stop server /y
net start server /y

http://support.microsoft.com/kb/971277/en-us?sd=rss&spid=14019

Below artical instructs you how to customize your default share
all your share permission setup can be found at below path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Shares\Security\
customize permission for specific folder and then import the setup to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity\SrvsvcDefaultShareInfo

http://www.sepago.de/d/helge/2010/07/23/how-to-modify-default-share-permissions-and-other-tweaks