Don't Bother Deleting C$

by Mitch Tulloch [Published on 15 Feb. 2006 / Last Updated on 15 Feb. 2006]

Why deleting the C$ share is not a good idea.

Some admins like to delete the C$ share, the automatic hidden share of the system volume. This share is generally needed for remote administration and access is restricted to administators, but since it's potentially an open door into their systems some admins would rather it were closed.

Unfortunately, deleting C$ is one of those security ideas that *sounds* like a great idea but really isn't so great after all. That's because the share will be automatically re-created whenever your server restarts, or when you stop and start the Server service. You can get around this by creating a logon script that will delete the share (see here for info) but consider how deleting this share will affect your ability to remotely administer your servers before you start closing supposed security "holes" like this. Remember, the more secure a system is made, the less managable (and less usable) it becomes. There comes a point in the tradeoff when it just doesn't make sense performing certain lockdown steps because the result is that your server becomes a pain to manage.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links