Hi,

We have BaaN IV c4 , service pack 11 installed, running on Win NT 4.0 , and informix 9 as database, i see all my partitions in NT as having a Default share $, can i remove it, i hope there won't be any implications regarding that.

Somebody told me that since the database chunks and dbspaces r there in these partitons , if i remove the defualt share then i won' be able to save any record in BaaN.

also i would like to know what would be the benfit of removing the default share ??

Waiting for your replies gurus :-)

Hi,

I can't say something about the database, but I would not remove the default share. Some other programs use this for remote access. Like a Anti Virus program for a remote installation of the software or somtething like this.
It could be a benefit in the security of your server, but I think you have a firewall in your company.

Greetz
Thomas

Well of course the firewall is implemented , well i supose my anit virus is not at all using this feature of default share, the only disadvantge i suppose is by removing the default share is that users won't be able to create a temporary file on the server ( using device type ascif ) when working in BaaN.

am i right ???

learner,

Baan does not use default share of NT for any of its activities. Be it creation of temporary files or updation/access of DB.
Default share is purely for OS usage.. and some other applications which access computers over networks. i have no idea which.

The default share even if disabled will return when u restart your machine. The permanent disabling of the default share is possible only by changing certain registry keys. But before you do any such activity better to confirm with an expert on windows NT. A network security guy would be your best bet.

Anup

learner: ..., the only disadvantge i suppose is by removing the default share is that users won't be able to create a temporary file on the server ( using device type ascif ) when working in BaaN.The access rights of the default shares is quite limited. Permissions cannot be set. Users that need a share to print, should rather be given a dedicated share with proper permissions been set.

Just to rectify the issue: The creation of temporary files on the Baan server is handled by the bshell, running on the server itself! Therefore, no shares are needed!

The default shares are purely used by the O/S. Something Bill Gates put in there no annoy us :D ! I did a quick search on the M$ site, and, strangely, can not find anything useful. Using Google, I found the topic of default shares popping up frequently, and everybody seems to agree that this is a security risk if you don't have a good firewall. As for the reason why Windows creates these shares, no idea! Probably for remote adminstration, but I'm not sure.

Regards,
Nico

Default share on NT systems are only for remote admin access.
Only Admin group is allowed to see that share.
No damage is done if default share is removed since Baan is not using it and also there are other ways to access server without using a default share (...\C$).

Well the reason why i thought that sharing is important for creating a file on server through baan is since whenever user gives his pc address / or somebody else pc's address to make a file through baaN ( by selecting device type ASCIF ) in the path where , that pc must be having a full share and without the password.

so if sharing is not important, then if i take device type as ASCIF and give the file path on somebody elses LOCAL PC why it doesn't allow to create the file ??? whereas if i keep full sharing his LOCAL PC hard drive it allows me to do so.

and one more thing even if there is a password on this LOCAL PC's drive then also it does'nt allow to create a file.

When a baan process (a session started by an user) creates a temp file then it will always create it in the ${BSE_TMP}. When it does this the path of ${BSE_TMP} is local for that process as it is running on that server. But when you say device ASCIF in a print session and give the path other than the baan server say for eg a path on clients PC then the file is first created in the ${BSE_TMP} directory and then transferred to the client pc folder using the OS functions. Now during this transfer from the ${BSE_TMP} to the client pc folder it will ask you to share the folder on the network without a passwd as other wise it cant access this folder.

Anup

some of the info in the replies above is incorrect....

default shares exist on all newly created drives in NT, eg F$
the purpose of the '$' is that they DO NOT appear when you browse the network to look at available shares on the server.

If you have not activated the Guest user in NT and unset the password, then the security risk is limited.
However, I would remove all the default shares on all the drives - on the drive properties, under 'share' tab, just select 'do not share' and click 'apply'. The share will NOT reappear after a reboot.

Baan by default makes no use of NT drive sharing to access data on the local server.

If you need to setup shares for a specific purpose, specify folders on drives rather than an entire drive and share those.

I hope this clears things up

Thanks for the info i will try it.

NvanBeest: ... The creation of temporary files on the Baan server is handled by the bshell, running on the server itself! Therefore, no shares are needed!...Nico, there is a situation where a share is needed also from Baan:
If you need a printout on a workstation and you do not want to share some parts of the Baan server, you will need a share accessable from both the server and the client.

server ------> share <-------- client

In the situation where the (dumb) client user does make a file in Baan, he often thinks the file will be written locally (search your unix server for files like "c:\temp\file").

If you can educate your client users to put the files on their (common) share \\baanoutput\files\ (drive o:\) they can put their files on a virtual local drive. This construction only works if the server has the same drive letter o: for the same share \\baanoutput\files\. Because in that case the client-based relative filename equals the server-based relative filename, the users can find the created files.

Note: I am not telling your perception is wrong, but what I am telling is that the user perspective may not be the same as the sysadmin's perspective...

Obviously correct! But the thread was about default shares, thus my statement still holds true. :D

Regards
Nico

There is an article titled "HOW TO: Remove Administrative Shares in Windows 2000 or Windows NT 4.0" - Microsoft Knowledge Base Article - 318751 available at http://support.microsoft.com/default.aspx?scid=kb;EN-US;318751


if it is of any use to anyone......