How to Remove Shares C$ ADMIN$ ect.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi:

How can I remove shares (C$, ADMIN$) ?
I remove them manually, but when I reboot they come back.
I do not want them to come back, unless i specifically want to share them.

I am running Windows Vista Ultimate Retail.

Thanks.
 
How can I remove shares (C$, ADMIN$) ?
I remove them manually, but when I reboot they come back.
I do not want them to come back, unless i specifically want to share them.
Click to expand...

Why do you want to remove them? Unless you are in a domain they are unusable.

If you want to, remove it run this from an elevated command prompt
reg add HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters /v
AutoShareWks /t REG_DWORD /d 0
 
Jesper said:
Why do you want to remove them? Unless you are in a domain they are unusable.
Click to expand...

:
------ Give me one good explanation as to why I shouldnt remove them??
If a PC with default shares are active, and you put this PC on the internet
without a firewall, dont you think this would be a major security breach for
the PC????

Ofcourse it would.

Jesper said:
If you want to, remove it run this from an elevated command prompt
reg add HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters /v
AutoShareWks /t REG_DWORD /d 0
Click to expand...

:
Oh I see the registry entries are still the same as 2000Server...thats ok,
id rather go into regedit instead of using the command line to execute
registry modifications. Thanks.
 
Hello Dominick,

If you work with the ADMINISTRATOR without a password, than it can be unsecure.

Best regards

Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
 
Dominick said:
:
------ Give me one good explanation as to why I shouldnt remove them??
If a PC with default shares are active, and you put this PC on the
internet
without a firewall, dont you think this would be a major security breach
for
the PC????

Ofcourse it would.
Click to expand...

Surely, but not because of the shares. As Jesper notes, they're not really
usuable in the scenario you mention above.

We can either deal in facts and talk about the way things work or we can run
around like bad B-Movie characters screaming "OMG Teh SHARES... WHY WON'T
THE TOWNSFOLK LISTEN TO ME!!!!!"?
 
If you work with the ADMINISTRATOR without a password, than it can be
unsecure.

Logon from the network with a blank password has been disabled since Windows
XP, so no. On the contrary, you would probably be MORE secure with a blank
password than with one of the very weak ones ("password" "1234" "letmein"
"1111") that too many people use.


Give me one good reason to remove them. What SPECIFIC threat are you trying
to mitigate by removing them?

No it would not. First, the shares are only accessible by a properly
authenticated administrator. If I have administrative access to your machine,
but you have turned these shares off, it is a matter of 10 lines of code to
turn them back on again, or turn on something else that I would rather use.
Removing these shares in no way restricts a remote, malicious, administrator
from accessing your system.

Second, why are you talking about a non-firewalled system at all? Vista has
a built-in firewall, that is on by default, that blocks access to these
shares, by default. In addition, there are multiple other layers of
protection against compromise via the administrative shares. Sure, if you
turn off the firewall, enable the ability to log on without a password,
remove the password from the built-in administrator account, enable that
account, turn off user account control, AND (not or) hook the system up to
the Internet, then yes, you have put yourself at risk. Are you planning on
doing that? If so, can I have your IP address?

Third, on a non-domain joined Windows Vista system you get a restricted
token when logging on remotely with an administrative account defined in the
local SAM. That means that you will fail the access check for the
administrative shares because your token has the Administrators SID set for
deny only. In other words, on a non-domain joined Windows Vista system, these
shares are inaccessible from the network already, for a number of reasons. On
a domain-joined Vista system they are accessible from the network when the
machine is in the domain or private firewall profiles, but only for someone
using a domain account that is in the local admins group.

Finally, you have yet to describe a risk with leaving these shares on. So
has everyone else, who have never built an operating system and yet, for
twelve years have been telling people to modify core functionality in the
operating system. Nobody has yet been able to present a solid case where this
presents a real threat that outweighs the potential risk of modifying how the
OS works. You do not know what software needs these shares. There is an
unknown risk inherent in disabling them. That unknown risk is to be pitted
against the undefined security risk involved in leaving them on. In the
absence of any information pointing one way or the other in this debate, why
should we do anything at all? Why should we modify how our operating system
works if there is no reason to do so?
 
Back
Top