July 02, 2008, 5:54 AM — I mentioned in my previous post that you can add $ to a share name to hide the share, and that it was a good idea to also modify the share name to something not easily guessable by some snoop. Note, however, that Windows Vista sets up certain hidden shares for administrative purposes, including one for drive C: (C$) and any other hard disk partitions you have on your system. Windows Vista also sets up the following hidden shares:
| Share | Shared Path | Purpose |
|---|---|---|
| ADMIN$ | %SystemRoot% | Remote administration |
| IPC$ | N/A | Remote interprocess communication |
| print$ | %SystemRoot%\System32\spool\drivers | Access to printer drivers |
To see these shares, select Start, All Programs, Accessories, Command Prompt to open a command prompt session, type net share, and press Enter. You see a listing similar to this:
Share name Resource Remark ----------------------------------------------------------- C$ C:\ Default share D$ D:\ Default share ADMIN$ C:\WINDOWS Remote Admin IPC$ Remote IPC print$ C:\System32\spool\drivers Printer Drivers Public C:\Users\Public
So although the C$, D$, and ADMIN$ shares are otherwise hidden, they're well known, and they represent a small security risk should an intruder get access to your network.
To close this hole, you can force Windows Vista to disable these shares. Here are the steps to follow:
- Click Start, type regedit in the Search box, and then click
regedit.exe in the search results. The User Account Control dialog box appears. - Enter your UAC credentials to continue. Windows Vista opens the Registry Editor.
- Open the HKEY_LOCAL_MACHINE branch.
- Open the SYSTEM branch.
- Open the CurrentControlSet branch.
- Open the Services branch.
- Open the LanmanServer branch.
- Select the Parameters branch.
- Select Edit, New, DWORD (32-bit) Value. Vista adds a new value to the Parameters key.
- Type AutoShareWks and press Enter. (You can leave this setting with its default value of 0.)
- Restart Windows Vista to put the new setting into effect.
Remember that the Registry contains many important settings that are crucial for the proper functioning of Vista and your programs. Therefore, when you are working with the Registry Editor, don't make changes to any settings other than the ones I describe in this post.
Once again, select Start, All Programs, Accessories, Command Prompt to open a command prompt session, type net share, and press Enter. The output now looks like this:
Share name Resource Remark ----------------------------------------------------------- IPC$ Remote IPC print$ C:\System32\spool\drivers Printer Drivers Public C:\Users\Public
Bear in mind that some programs expect the administrative shares to be present, so disabling those shares may cause those programs to fail or generate error messages. If that happens, enable the shares by opening the Registry Editor and either deleting the AutoShareWks setting or changing its value to 1.
