i manage to successfully remotely control administrative shares if i log onto win2k pro boxes, but not on winxp pro. even if i provide a username with administrator privileges (blank password) can't log onto that xp machine. the only way i managed to do this was by adding guest account to administrators localgroup. but, obviously, i'm not satisfied with this. any suggestions?

If the firewall is disabled you can control the computer just like on 2k. If the firewall is enabled you run into two problems.

You will be asked for a username. The user name is not Administrator it is domain\administrator - The domain will be the local name of the computer if its not on a network which can be found using a program called "Super Scan" offered be foundstone.com

Super Scan (http://foundstone.com/resources/scanning.htm)

Now you can connect to the Administrators account if the password is left blank...

net audit of tamos` essential net tools says:

* Checking ip.of.the.svr ...
* Obtained NetBIOS name table:
MIHAI <00>
WORKGROUP <00>
MIHAI <20>
WORKGROUP <1E>
* Trying username "ADMINISTRATOR", password "": succeeded
* Obtained share list:
E$ Default share
IPC$ Remote IPC
D$ Default share
print$ Printer Drivers
SharedDocs
Printer2 Canon i320
ADMIN$ Remote Admin
C$ Default share
* Obtained server information:
Server=[MIHAI] User=[] Workgroup=[WORKGROUP] Domain=[]
* Checking share E$: access denied
* Checking share D$: access denied
* Checking share print$: read-only access
* Checking share SharedDocs: read-write access
* Checking share ADMIN$: access denied
* Checking share C$: access denied
* Finished checking ip.of.the.svr

the os is winxp pro. password for administrator is, as you see above, blank. and server`s firewall allows incoming traffic on ports 137-139 & 445. the pc is not in a domain, but in the same workgroup as i am. so, i try:

C:\>net use \\num.num.num.num\c$ /user:mihai\administrator ""
System error 5 has occurred.

Access is denied.

i know you said that server must be in a domain, but... it isn`t.
what now? i even triyd creating a new user on the server, same as mine logging on my pc. same damn error 5. also noticed that, if i make new hidden share of any drive, it becomes accessible by any user. that's normal, i suppose, as any user is part of "everyone" localgroup. i tryed to change permissions for the default administrative shares, but wouldn't even let me view them. says that permissions for default shares cannot be changed. so, in fact, who has access to them? administrators don't... lol

As you can see there is a HUGE door open here:

Checking share SharedDocs: read-write access

-----------------

Now you can drop a virus/trojan here and run it on the local machine using psexec.exe

hey man, again thanks a lot! got the whole suite of pstools.zip and they are really really charming :) thanks for the hint!

~Welcome