Default administrative shares are present on every fresh installation of Windows Server 2008. Some of these shares can be potential security threat for your system. Here is how to get rid of them.
There are few common default shares, and here is description of their purpose:
•Drive Letter$: This is a shared root partition or volume. Shared root partitions and volumes are displayed as the drive letter name appended with the dollar sign ($). For example, when drive letters C and D are shared, they are displayed as C$ and D$.
•ADMIN$: This is a resource that is used during remote administration of a computer.
•IPC$: This is a resource that shares the named pipes that you must have for communication between programs. This resource cannot be deleted.
•NETLOGON: This is a resource that is used on domain controllers.
•SYSVOL: This is a resource that is used on domain controllers.
•PRINT$: This is a resource that is used during the remote administration of printers. •FAX$: This is a shared folder on a server that is used by fax clients during fax transmission.
I would like to remove these shares on my installation. Especially C$, D$ and ADMIN$
There is simple way to do this…
Start |Run | Regedit
Locate following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\
Create new DWORD Value (if it is not already present) named AutoShareServer and set value 0 (disable network shares)
After that run CMD and enter these commands:
net stop server
net start server
After that if you check your default shares list…
Only few essential shares are left on the list.