July 02, 2008, 5:54 AM — I mentioned in my previous post that you can add $ to a share name to hide the share, and that it was a good idea to also modify the share name to something not easily guessable by some snoop. Note, however, that Windows Vista sets up certain hidden shares for administrative purposes, including one for drive C: (C$) and any other hard disk partitions you have on your system. Windows Vista also sets up the following hidden shares:
|IPC$||N/A||Remote interprocess communication|
|print$||%SystemRoot%\System32\spool\drivers||Access to printer drivers|
To see these shares, select Start, All Programs, Accessories, Command Prompt to open a command prompt session, type net share, and press Enter. You see a listing similar to this:
Share name Resource Remark ----------------------------------------------------------- C$ C:\ Default share D$ D:\ Default share ADMIN$ C:\WINDOWS Remote Admin IPC$ Remote IPC print$ C:\System32\spool\drivers Printer Drivers Public C:\Users\Public
So although the C$, D$, and ADMIN$ shares are otherwise hidden, they're well known, and they represent a small security risk should an intruder get access to your network.
To close this hole, you can force Windows Vista to disable these shares. Here are the steps to follow:
- Click Start, type regedit in the Search box, and then click
regedit.exe in the search results. The User Account Control dialog box appears.
- Enter your UAC credentials to continue. Windows Vista opens the Registry Editor.
- Open the HKEY_LOCAL_MACHINE branch.
- Open the SYSTEM branch.
- Open the CurrentControlSet branch.
- Open the Services branch.
- Open the LanmanServer branch.
- Select the Parameters branch.
- Select Edit, New, DWORD (32-bit) Value. Vista adds a new value to the Parameters key.