Windows XP computers create hidden administrative shares that administrators
and operating system services can use to manage the computer environment on
the network. By default, administrative shares such as ADMIN$ are enabled by
the system. Any share that is created by the system (such as C$), can be
disabled, but it is then re-enabled by the system after you stop and restart
the Server service or restart your computer. Shares that are created by users
can be disabled, and they are not recreated after you restart your computer.
Administrative Shares:
- Root partitions or volumes
- The system root folder
- The FAX$ share
- The IPC$ share
- The NETLOGON share
- The PRINT$ share
Root partitions and volumes are shared as the drive letter name appended with
the $ sign. For example, drive letters C and D are shared as C$ and D$.
The system root folder (%SYSTEMROOT%) is shared as ADMIN$. This administrative
share provides administrators with easy access to the system root folder
hierarchy over the network.
The FAX$ share is used by fax clients in the process of sending a fax. This
shared folder caches files and accesses cover pages that are stored on a file
server.
The IPC$ share is used with temporary connections between clients and servers
by using named pipes for communications among network programs. It is primarily
used for remote administration of network servers.
The NETLOGON share is used by the Netlogon service to process log on requests.
The PRINT$ share is used for the remote administration of printers.
By default, if you delete the C$, D$, etc.. Administrative shares, they will be
recreated when you reboot. To disable this feature, edit:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\
AutoShareServer=0 to disable it for a server.
AutoShareWks=0 to disable it for a workstation.
If the entries are not present, Add Value of type REG_DWORD. The Range is 0
(disable) or 1 (enable - the default).