Administrative share

Administrative share

The Administrative Shares are the default network shares created by all Windows NT-based operating systems (NT/2000/XP/2003). These default shares share every hard drive partition in the system. These shares will allow anyone who can authenticate as any member of the local Administrators group access to the root directory of every hard drive on the system. They are not generally used or useful outside an enterprise environment.

hare names

Administrative shares are the term Microsoft defined for the collection of by-default automatically shared filesystem resources including the following:
* any drive letter + $ (only the local disk volumes, not any removable devices such as CD/DVD drives, USB drives)
* admin$ (which shares access to %SYSTEMROOT%, which is usually C:WINDOWS or C:WINNT)

The "$" appended to the end of the share name means that it's a hidden share. Windows will not list such shares among those it defines in typical queries by remote clients to obtain the list of shares. This means that one needs to know the name of an administrative share in order to access it.

It is commonly believed that any share that includes the final '$' character defines it as an administrative share. According to Microsoft's use of the term "administrative share", this is false. While any share (even non-administrative shares) can include a '$' character at the end of its name, only those by-default shares created by Windows containing the '$' suffix are considered administrative share.

Generic UNC Address for an Administrative Share:

"\NetworkComputerName(Drive letter)$"

For Example:

"\MyComputerc$"

This represents the administrative share for the "C" drive on the computer "MyComputer". This works just as well for any other local drive on the computer, e.g. "\MyComputerd$", "\MyComputere$" (assuming those are local drives and not removable drives).

"\MyComputerADMIN$"

This represents the administrative share for the %SYSTEMROOT% object on the computer "MyComputer".

How to disable

The administrative shares can be deleted by a user with Administrators membership but the administrative shares will be recreated automatically at the next reboot. The easiest way to prevent this is through a Registry configuration change e.g. using Regedit. If the setting is not present then you must create it. (Be careful editing the Registry: A simple mistake can cause serious malfunctions.)

ervers

Windows NT 4.0 Server, Windows 2000 Server, Windows Server 2003

Hive: HKEY_LOCAL_MACHINE Key: SYSTEMCurrentControlSetServicesLanManServerParameters Name: AutoShareServer Data Type: REG_DWORD Value: 0

Clients

Windows NT 4.0 Workstation, Windows 2000 Professional, Windows XP

Hive: HKEY_LOCAL_MACHINE Key: SYSTEMCurrentControlSetServicesLanManServerParameters Name: AutoShareWks Data Type: REG_DWORD Value: 0

ecurity and Prevention

Preventing Access

Disabling the Administrative shares does not mitigate any known security risks; it merely prevents users with Administrators membership from easily browsing the shared contents. This is due to the fact that anyone who has membership in the local Administrators group can either (a) re-enable the administrative shares or (b) create new shares (whether hidden using the "$" suffix or not). The act of disabling the administrative shares doesn't make it any harder for a technically astute administrator to gain remote access to the Windows filesystem.

Alternative approaches to prevent remote browsing of the disk contents include:
* disable File and Printer Sharing (or unbind the NetBT protocol)
* Stop and/or Disable the Workstation service
* set IPSec block rules that prevent inbound connections on 445/tcp and 445/udp
* remove membership in the Administrators group for those users/groups you wish to block
* encrypt the files that must remain confidential using a file-based encryption technology (such as EFS or RMS) that requires access to per-user decryption keys to gain access to plaintext contents of the files

ecurity of the Shares

Note: the DACLs on the administrative shares cannot be modified, even by the local .Administrator account.

Beginning with Windows XP Home edition and later non-server editions of Windows, Windows implements the "ForceGuest" feature when the local Administrator account has a blank password. When a remote user authenticates to Windows XP (and later) as Administrator with a blank password (e.g. by mapping to one of the administrative shares), Windows will assign to their session a Guest access token, not an Administrator access token. This is arguably "more" secure against such remote attacks than assigning a weak or easily-guessed password to the local Administrator account.


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Administrative geography of the United Kingdom — Administrative units of the United Kingdom …   Wikipedia

  • Administrative division — For administrative division in the sense of a company department, see: administration (business). World administrative divisions An administrative division, subnational entity, or country subdivision is a portion of a country or other political… …   Wikipedia

  • Administrative divisions of Ukraine — Ukraine This article is part of the series: Politics and government of Ukraine …   Wikipedia

  • Administrative law judge — An administrative law judge (ALJ) in the United States is an official who presides at an administrative trial type hearing to resolve a dispute between a government agency and someone affected by a decision of that agency. The ALJ is the initial… …   Wikipedia

  • Administrative divisions of the Republic of China — This article is part of a series on the Administrative divisions of the Republic of China (Taiwan) In effect 1st Provinces (省 shěng) (streamlined) …   Wikipedia

  • Administrative county — Infobox subdivision type name= Administrative county category= County territory= England and Wales and Ireland start date= flagicon|England flagicon|Wales 1889 start date1= start date2= flagicon|Ireland 1899 start date3= start date4= legislation… …   Wikipedia

  • Administrative divisions of Thailand — Thailand is divided into 75 provinces (จังหวัด, changwat) and the metropolitan municipality Bangkok (กรุงเทพมหานคร, Krung Thep Maha Nakhon). Bangkok was one province until 1972, making Thailand a 76 province country.Each of Thailand s 76… …   Wikipedia

  • Administrative divisions of Michigan — The state of Michigan is largely divided in the same way as many other U.S. states, but is distinct in its usage of charter townships. Michigan ranks 13th among the fifty states in terms of the number of local governmental entities. The state is… …   Wikipedia

  • Administrative divisions of Iraq — The main subdivision in Iraq is the 18 muhafazah, or Governorates. Before 1976 they were called liwas, or banner). [http://www.statoids.com/uiq.html] Under the constitution adopted in 2005, one or more governorates may elect to form a Region,… …   Wikipedia

  • IPC share — The Inter Process Communication (IPC) share or ipc$ is a network share on computers running Microsoft Windows. This share is used to facilitate communication between processes and computers, often to exchange authentication data between computers …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”