By default all Microsoft Windows NT based operating systems possess
hidden administrative shares options, allowing the administrator of a
machine to access the machine via the network.
Here is a list of the default administrative shares, accessible only to administrator:
* C $: To access to a partition or root directory. Other partitions are also accessible via their letter, followed by the character "$";
* ADMIN $: To access to% systemroot%, to manage a machine on the network.
* IPC $: Allowing the communication network between processes.
* PRINT $: Remote access to printers.
To view and manage the administrative shares of the computer, simply go to Control Panel / Administrative Tools / Computer Management / Shared Folders / Shares. Another alternative is to right-click on the My Computer icon on desktop and select Manage.
For some security constraints, it may be necessary to remove access to administrative shares C $ and ADMIN $.
To do this, open regedit in "run" box.
Go to:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters
Create a new DWORD value named AutoShareWks and set it to 0.
Activation and deactivation of the administrative shares are done by modifying this value.
Modifications made will still be persistent even after restarting your PC.
Administrative shares can be temporarily disabled without touching the registry by typing in an MS-DOS window:
In this case, the shares will be reactivated at the next reboot.
Here is a list of the default administrative shares, accessible only to administrator:
* C $: To access to a partition or root directory. Other partitions are also accessible via their letter, followed by the character "$";
* ADMIN $: To access to% systemroot%, to manage a machine on the network.
* IPC $: Allowing the communication network between processes.
* PRINT $: Remote access to printers.
To view and manage the administrative shares of the computer, simply go to Control Panel / Administrative Tools / Computer Management / Shared Folders / Shares. Another alternative is to right-click on the My Computer icon on desktop and select Manage.
For some security constraints, it may be necessary to remove access to administrative shares C $ and ADMIN $.
To do this, open regedit in "run" box.
Go to:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters
Create a new DWORD value named AutoShareWks and set it to 0.
Activation and deactivation of the administrative shares are done by modifying this value.
Modifications made will still be persistent even after restarting your PC.
Administrative shares can be temporarily disabled without touching the registry by typing in an MS-DOS window:
net share c $ / delete net share admin $ / delete net share IPC $ / delete
In this case, the shares will be reactivated at the next reboot.
No comments:
Post a Comment