Disabling the Hidden Administrative Shares

By  

I mentioned in my previous post that you can add $ to a share name to hide the share, and that it was a good idea to also modify the share name to something not easily guessable by some snoop. Note, however, that Windows Vista sets up certain hidden shares for administrative purposes, including one for drive C: (C$) and any other hard disk partitions you have on your system. Windows Vista also sets up the following hidden shares:

Share Shared Path Purpose
ADMIN$ %SystemRoot% Remote administration
IPC$ N/A Remote interprocess communication
print$ %SystemRoot%\System32\spool\drivers Access to printer drivers

To see these shares, select Start, All Programs, Accessories, Command Prompt to open a command prompt session, type net share, and press Enter. You see a listing similar to this:

Share name   Resource                        Remark
-----------------------------------------------------------
C$           C:\                             Default share
D$           D:\                             Default share
ADMIN$       C:\WINDOWS                      Remote Admin
IPC$                                         Remote IPC
print$       C:\System32\spool\drivers       Printer Drivers
Public       C:\Users\Public                 

So although the C$, D$, and ADMIN$ shares are otherwise hidden, they're well known, and they represent a small security risk should an intruder get access to your network.

To close this hole, you can force Windows Vista to disable these shares. Here are the steps to follow:

  1. Click Start, type regedit in the Search box, and then click regedit.exe in the search results. The User Account Control dialog box appears.
  2. Enter your UAC credentials to continue. Windows Vista opens the Registry Editor.
  3. CAUTION
    Remember that the Registry contains many important settings that are crucial for the proper functioning of Vista and your programs. Therefore, when you are working with the Registry Editor, don't make changes to any settings other than the ones I describe in this post.

  4. Open the HKEY_LOCAL_MACHINE branch.
  5. Open the SYSTEM branch.
  6. Open the CurrentControlSet branch.
  7. Open the Services branch.
  8. Open the LanmanServer branch.
  9. Select the Parameters branch.
  10. Select Edit, New, DWORD (32-bit) Value. Vista adds a new value to the Parameters key.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question