Search This Blog

2010-06-16

Windows Default Administrative Shares

Many of you may not know that by default Windows has something called "Administrative Shares". They are enabled as soon as you install windows (except for Windows Vista and 7 home) and if you are able to authenticate as a member of local Administrators group you will have access to every drive on the system.

This can present a security issue for some as they are not very useful and open up a fairly big hole if someone ever was able to authenticate. If you are inclined to remove these the method is fairly simple and you can write a batch script if you wish using the following commands:

NET SHARE C$ /delete
NET SHARE D$ /delete
NET SHARE admin$ /delete


Other methods of prevention are removing the administrators from the security tab of the drive, disable file and printer sharing (think public network). Or encrypt the filesystem :P

No comments:

Post a Comment