Prevent the creation of the administrator shares

1 April 2002 by Snakefoot | Comment » | Trackback Off
By default the drive letters are shared (C$, D$, ADMIN$ etc.) as hidden shares for Administrator access. Even if you delete the shares manually they will be recreated at next bootup.

To remove these shares for good add the following DWORD registry values:

NT Server:

[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters]
AutoShareServer=0

NT Workstation:

[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters]
AutoShareWks=0

Note that the IPC$ share will not be removed by setting these registry values.

Note that it will only stop Windows from creating the shares at startup, one have to delete the admin shares one self, but only once after changing the above registry keys. Besides using the standard interface for removing the shares, one can also find and delete the shares by editing the registry database at this location:

[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Shares]

More Info MS KB Q125996

Note the administrative shares are required by Microsoft Operations Manager (MOM) and Microsoft Systems Management Server (SMS), and have to be enabled on the client machines for them to function properly.

More Info MS KB Q245117
More Info MS KB Q288164 (Replaces Q318751)
More Info MS KB Q314984
More Info MS KB Q318755
More Info MS KB Q816113
More Info MS KB Q816524
More Info MS KB Q842715 (Description of side-effects)
Tags:
Category:

Updated: 23 September 2007

Leave a comment


You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>