Windows creates hidden Administrative Shares at the root of each drive and to the system root folder to allow administrators to remotely access the data. If a server or workstation will not be administered remotely or has no need for the Administrative Shares though, they should be removed so that they don't provide a potential attack vector for a hacker or malware to enter the system.
If the system does not need to be accessed or administered remotely you can permanently remove the hidden administrative shares by editing the registry. Go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
To remove the hidden shares add a DWORD entry called AutoShareWks and set the DWORD value to 0. If you later need to restore access to the hidden shares you can simply delete the AutoShareWks DWORD entry and reboot the computer and the shares will automatically be recreated.
No comments:
Post a Comment