Description of the IPC$ share

The IPC$ is a hidden share maintained by the Server service (Disabling the service will remove the share). The IPC$ share is used for Inter Proces Communication by using RPC (Remote Procedure Call), allowing the client to send different commands to the server:

  • List all shares
  • List all users
  • List files within a share
  • Stop/Start services

Certain commands can be accessed anonymously through a NULL session depending on the configuration of the server. If the command cannot be called anonymously, then the client has to authenticate. Access is granted if the client can provide proper credentials (username and password), that matches an account on the server. If not able to do this, then the user at the client machine will get an error like:

*IPC$, The domain password you supplied is not correct

You must supply a password to make this connection:

Incorrect password or unknown username for:*

Note it is possible to access the IPC$ share of a server by using a different credentials, than those used when logging on the client machine. (Even if needing to use a domain-user to access a server from outside the domain).

net use q: \\\c$ [password] /user:[domain\]username

Note to block access to Remote Procedure Call (RPC), then one should ensure that the firewall blocks the following network ports: - TCP Port 135 - RPC Endpoint Mapper

  • UDP Port 137 - Netbios
  • UDP Port 138 - Netbios
  • TCP Port 139 - Netbios
  • TCP and UDP Port 445 - Named Pipes

Note Windows 95/98/Me doesn’t support logon with different credentials. Therefore one have to make sure the userid and password on the Win9x machine matches one of the accounts on the WinNT machine. This can be done by using one of the following options:

Note if sure that the account is properly setup then one can configure an audit to see what account name is used to login to the machine.

More Info MS KB101150
More Info MS KB139592
More Info MS KB162325
More Info MS KB258717
More Info MS KB262916