Disabling the Hidden Administrative Shares
I mentioned in my previous post that you can add $ to a share name to hide the share, and that it was a good idea to also modify the share name to something not easily guessable by some snoop. Note, however, that Windows Vista sets up certain hidden shares for administrative purposes, including one for drive C: (C$) and any other hard disk partitions you have on your system. Windows Vista also sets up the following hidden shares:
| Share | Shared Path | Purpose |
|---|---|---|
| ADMIN$ | %SystemRoot% | Remote administration |
| IPC$ | N/A | Remote interprocess communication |
| print$ | %SystemRoot%\System32\spool\drivers | Access to printer drivers |
To see these shares, select Start, All Programs, Accessories, Command Prompt to open a command prompt session, type net share, and press Enter. You see a listing similar to this:
Share name Resource Remark ----------------------------------------------------------- C$ C:\ Default share D$ D:\ Default share ADMIN$ C:\WINDOWS Remote Admin IPC$ Remote IPC print$ C:\System32\spool\drivers Printer Drivers Public C:\Users\Public
So although the C$, D$, and ADMIN$ shares are otherwise hidden, they're well known, and they represent a small security risk should an intruder get access to your network.
To close this hole, you can force Windows Vista to disable these shares. Here are the steps to follow:
- Click Start, type regedit in the Search box, and then click
regedit.exe in the search results. The User Account Control dialog box appears. - Enter your UAC credentials to continue. Windows Vista opens the Registry Editor.
- Open the HKEY_LOCAL_MACHINE branch.
- Open the SYSTEM branch.
- Open the CurrentControlSet branch.
- Open the Services branch.
- Open the LanmanServer branch.
- Select the Parameters branch.
- Select Edit, New, DWORD (32-bit) Value. Vista adds a new value to the Parameters key.
- Type AutoShareWks and press Enter. (You can leave this setting with its default value of 0.)
- Restart Windows Vista to put the new setting into effect.
Remember that the Registry contains many important settings that are crucial for the proper functioning of Vista and your programs. Therefore, when you are working with the Registry Editor, don't make changes to any settings other than the ones I describe in this post.
Once again, select Start, All Programs, Accessories, Command Prompt to open a command prompt session, type net share, and press Enter. The output now looks like this:
Share name Resource Remark ----------------------------------------------------------- IPC$ Remote IPC print$ C:\System32\spool\drivers Printer Drivers Public C:\Users\Public
Bear in mind that some programs expect the administrative shares to be present, so disabling those shares may cause those programs to fail or generate error messages. If that happens, enable the shares by opening the Registry Editor and either deleting the AutoShareWks setting or changing its value to 1.
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
I really liked this article,
I really liked this article, especially the simplicity in conveying complex information, which is useful to know.