Description of the IPC$ share

3 March 2003 by Snakefoot | Comment » | Trackback Off

The IPC$ is a hidden share maintained by the Server service (Disabling the service will remove the share). The IPC$ share is used for Inter Proces Communication by using RPC (Remote Procedure Call), allowing the client to send different commands to the server:

List all shares
List all users
List files within a share
Stop/Start services
...

Certain commands can be accessed anonymously through a NULL session depending on the configuration of the server. If the command cannot be called anonymously, then the client has to authenticate. Access is granted if the client can provide proper credentials (username and password), that matches an account on the server. If not able to do this, then the user at the client machine will get an error like:

IPC$, The domain password you supplied is not correct

You must supply a password to make this connection:

Incorrect password or unknown username for:

Note it is possible to access the IPC$ share of a server by using a different credentials, than those used when logging on the client machine. (Even if needing to use a domain-user to access a server from outside the domain).

net use q: \\10.0.0.2\c$ [password] /user:[domain\]username

Note Windows 95/98/Me doesn't support logon with different credentials. Therefore one have to make sure the userid and password on the Win9x machine matches one of the accounts on the WinNT machine. This can be done by using one of the following options:

Create an account on the WinNT machine which matches the username and password (If any) used on the Win9x machine.
- If the account already exist, then try to reenter the account password for the account (And check the password doesn't expire)
Create an account on the Win9x machine which matches the username and password of an account on the WinNT machine and then logon to Win9x with the new account.
Activate the guest account, though it is not recommended:
- How to enable Win9x filesharing in Windows 2000
- How to enable Win9x filesharing in Windows XP

Note if sure that the account is properly setup then one can configure an audit to see what account name is used to login to the machine.

More Info MS KB Q101150
More Info MS KB Q139592
More Info MS KB Q162325
More Info MS KB Q258717
More Info MS KB Q262916
1b06

Category:

Updated: 20 June 2008

Comments:

Comment by chris - 8 August 2008 @ 17:07 Reply

Is IPC$ a security issue? Is it possible to “spy” my computer from another on the local network?

Comment by Snakefoot - 13 August 2008 @ 19:05 Reply

chris wrote:
Is IPC$ a security issue?

IPC$ is a necessity for sharing files with other computers using the Microsoft Network.

But if connecting directly to the Internet without a properly configured firewall, then it becomes a security issue.

Smallvoid.com

Search

Recent Posts

Meta

Description of the IPC$ share

Tags:

Category:

Comments:

Leave a comment