Don't Bother Deleting C$

by Mitch Tulloch [Published on 15 Feb. 2006 / Last Updated on 15 Feb. 2006]

Why deleting the C$ share is not a good idea.

Some admins like to delete the C$ share, the automatic hidden share of the system volume. This share is generally needed for remote administration and access is restricted to administators, but since it's potentially an open door into their systems some admins would rather it were closed.

Unfortunately, deleting C$ is one of those security ideas that *sounds* like a great idea but really isn't so great after all. That's because the share will be automatically re-created whenever your server restarts, or when you stop and start the Server service. You can get around this by creating a logon script that will delete the share (see here for info) but consider how deleting this share will affect your ability to remotely administer your servers before you start closing supposed security "holes" like this. Remember, the more secure a system is made, the less managable (and less usable) it becomes. There comes a point in the tradeoff when it just doesn't make sense performing certain lockdown steps because the result is that your server becomes a pain to manage.

See Also

The Author — Mitch Tulloch

Mitch Tulloch is a well-known expert on Windows Server administration and cloud computing technologies. He has published over a thousand articles on information technology topics and has written, contributed to or been series editor for over 50 books.

Featured Links