Programming4us
         
 
 
Windows

Windows 7 : Disabling the Hidden Administrative Shares

12/26/2010 5:00:22 PM
I mentioned in the preceding section that you can add $ to a share name to hide the share, and that it is a good idea to also modify the share name to something not easily guessable by some snoop. Note, however, that Windows 7 sets up certain hidden shares for administrative purposes, including one for drive C: (C$) and any other hard disk partitions you have on your system. Windows 7 also sets up the following hidden shares:

ShareShared PathPurpose
ADMIN$%SystemRoot%Remote administration
IPC$N/ARemote interprocess communication

To see these shares, select Start, All Programs, Accessories, Command Prompt to open a Command Prompt session, type net share, and press Enter. You see a listing similar to this:

Share name   Resource                        Remark
--------------------------------------------------------------------------
C$ C:\ Default share
D$ D:\ Default share
ADMIN$ C:\Windows Remote Admin
IPC$ Remote IPC

So, although the C$, D$, and ADMIN$ shares are otherwise hidden, they’re well known, and they represent a small security risk should an intruder get access to your network.

To close this hole, you can force Windows 7 to disable these shares. Here are the steps to follow:

1.
Select Start, type regedit, and then press Enter. The User Account Control dialog box appears.

2.
Enter your UAC credentials to continue. Windows 7 opens the Registry Editor.

Caution

Remember that the Registry contains many important settings that are crucial for the proper functioning of Windows 7 and your programs. Therefore, when you are working with the Registry Editor, don’t make changes to any settings other than the ones I describe in this section.

3.
Open the HKEY_LOCAL_MACHINE branch.

4.
Open the SYSTEM branch.

5.
Open the CurrentControlSet branch.

6.
Open the Services branch.

7.
Open the LanmanServer branch.

8.
Select the Parameters branch.

9.
Select Edit, New, DWORD (32-bit) Value. Windows 7 adds a new value to the Parameters key.

10.
Type AutoShareWks and press Enter. (You can leave this setting with its default value of 0.)

11.
Restart Windows 7 to put the new setting into effect.

Once again, select Start, All Programs, Accessories, Command Prompt to open a Command Prompt session, type net share, and press Enter. The output now looks like this:

Share name   Resource                        Remark
--------------------------------------------------------------------------
IPC$ Remote IPC

Caution

Some programs expect the administrative shares to be present, so disabling those shares may cause those programs to fail or generate error messages. If that happens, enable the shares by opening the Registry Editor and either deleting the AutoShareWks setting or changing its value to 1.

Other -----------------
- Windows 7 : Hiding Your Shared Folders
- Windows 7 : Setting Security Permissions on Shared Folders
- Windows 7 : Setting Sharing Permissions on Shared Folders
- Configuring Windows 7 for Secure Networking
- Windows 7 : Setting Up User Security - Determining Who Is Logged On
- Windows 7 : Setting Up User Security - Using the Guest Account to Give Folks Temporary Access
- Windows 7 : Setting Up User Security - Renaming Built-In Accounts for Better Security
- Windows 7 : Setting Up User Security - Hiding Usernames in the Logon Screen
- Windows 7 : Setting Up User Security - Closing Off Your Computer by Disabling All Other Users
- Windows 7 : Setting Up User Security - Preventing Elevation for All Standard Users
- Windows 7 : Using Parental Controls to Restrict Computer Usage (part 2) - Setting Up Parental Controls for Games
- Windows 7 : Using Parental Controls to Restrict Computer Usage (part 1) - Activating Parental Controls
- Windows 7 : Working with Users and Groups from the Command Line
- Windows 7 : Setting Account Policies (part 2)
- Windows 7 : Setting Account Policies (part 1)
- Windows 7 : Creating and Managing User Accounts (part 2) - Working with the User Accounts Dialog Box
- Windows 7 : Creating and Managing User Accounts (part 1)
- Windows Vista : Managing Local Logon Accounts
- Windows Vista : User Accounts and Groups
- SOA with .NET and Windows Azure : Windows Workflow Foundation (part 7)
 
 
Most View
- Windows Server 2008 : Configuring Windows Media Services (part 13) - Configuring Caching Settings
- BizTalk 2009 : Understanding the Message Bus
- Programming WCF Services : Queued Services - The HTTP Bridge
- Using XML in SQL Server 2008: Relational Data As XML - The FOR XML Modes (part 1) - RAW Mode
- Windows 7: Troubleshooting Networking - Troubleshooting the NIC
- Exchange Server 2007: Monitor Your Exchange Environment (part 4) - Microsoft Operations Manager (MOM 2005)
- Windows Server 2008 : Using Virtualization to Increase Productivity and Facilitate Consolidation - Introducing Virtualization & Server Consolidation
- Windows Server 2008 : Perform a Full Server Recovery of a Domain Controller by Using the Windows Interface
- SharePoint 2010 : Use the Advanced Search (in SharePoint Server)
- jQuery 1.3 : Improving a basic form (part 6)
Top 10
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 3) - Configuring Recipient Filtering
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 2)
- Implementing Edge Services for an Exchange Server 2007 Environment : Utilizing the Basic Sender and Recipient Connection Filters (part 1)
- Implementing Edge Services for an Exchange Server 2007 Environment : Installing and Configuring the Edge Transport Server Components
- What's New in SharePoint 2013 (part 7) - BCS
- What's New in SharePoint 2013 (part 6) - SEARCH
- What's New in SharePoint 2013 (part 6) - WEB CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 5) - ENTERPRISE CONTENT MANAGEMENT
- What's New in SharePoint 2013 (part 4) - WORKFLOWS
- What's New in SharePoint 2013 (part 3) - REMOTE EVENTS