Remove Administrative Shares

by Tony Bradley [Published on 20 Jan. 2005 / Last Updated on 20 Jan. 2005]

Windows creates hidden Administrative Shares at the root of each drive and to the system root folder to allow administrators to remotely access the data. If a server or workstation will not be administered remotely or has no need for the Administrative Shares though, they should be removed so that they don't provide a potential attack vector for a hacker or malware to enter the system.

If users need to access a data folder on a remote machine that folder is "shared" out so that is possible. Even if the folder is called "C:\Data\Users" the share can be named something that makes sense like "User Data" and permissions can be assigned to users or groups to determine whether they are allowed to access or modify the data.

However, on Windows systems there are also hidden administrative shares that are created by default. They are intended for use by the Administrators group to be able to remotely access data. They won't show up in Network Neighborhood or be openly available to any users. To see the hidden shares on the system you can go into the Computer Management console and click on Shared Folders, then Shares. You can remove the shares from this console as well by right-clicking on them and selecting Stop Sharing, however when the system is rebooted these shares will automatically be recreated.

If the system does not need to be accessed or administered remotely you can permanently remove the hidden administrative shares by editing the registry. Go to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters

To remove the hidden shares add a DWORD entry called AutoShareWks and set the DWORD value to 0. If you later need to restore access to the hidden shares you can simply delete the AutoShareWks DWORD entry and reboot the computer and the shares will automatically be recreated.

Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security (http://netsecurity.about.com), providing a broad range of information security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security (http://www.tonybradley.com).

Featured Links