Prevent the creation of the administrator shares

By default the drive letters are shared (C$, D$, ADMIN$ etc.) as hidden shares for Administrator access. Even if you delete the shares manually they will be recreated at next bootup.

To remove these shares for good add the following DWORD registry values:

NT Server:

[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters]
AutoShareServer=0

NT Workstation:

[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Parameters]
AutoShareWks=0

Note that the IPC$ share will not be removed by setting these registry values.

Note that it will only stop Windows from creating the shares at startup, one have to delete the admin shares one self, but only once after changing the above registry keys. Besides using the standard interface for removing the shares, one can also find and delete the shares by editing the registry database at this location:

[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \LanmanServer \Shares]

More Info MS KB125996

Note the administrative shares are required by Microsoft Operations Manager (MOM) and Microsoft Systems Management Server (SMS), and have to be enabled on the client machines for them to function properly.

More Info MS KB245117
More Info MS KB288164 (Replaces MS KB318751)
More Info MS KB314984
More Info MS KB318755
More Info MS KB816113
More Info MS KB816524
More Info MS KB842715 (Description of side-effects)

Updated: 23 September 2007

Leave a Reply

Your email address will not be published. Required fields are marked *