Administrative share
Administrative shares are hidden
Administrative shares are a collection of automatically shared resources including the following:[1]
- Disk volumes: Every disk volume on the system is shared as an administrative share. The name of these shares consists of the drive letters of shared volume plus a dollar sign ($). For example, a system that has volumes
C
,D
andE
has three administrative shares named C$, D$ and E$. (NetBIOS is not case sensitive.) - OS folder: The folder in which Windows is installed is shared as
admin$
- Fax cache: The folder in which faxed pages and cover pages are cached is shared as
fax$
- named pipes and is not part of the file system, is shared as
ipc$
- Printers folder: This virtual folder, which contains objects that represent installed printers is shared as
print$
- Domain controller shares: Windows Server family of operating system creates two domain controller-specific shares called
sysvol
andnetlogon
which do not have dollar signs ($) appended to their names.[2]
Characteristics
Administrative shares have the following characteristics:
- Hidden: The "$" appended to the end of the share name means that it is a hidden share. Windows will not list such shares among those it defines in typical queries by remote clients to obtain the list of shares. One needs to know the name of an administrative share in order to access it.[1] Not every hidden share is an administrative share; in other words, ordinary hidden shares may be created at user's discretion.[1]
- Automatically created: Administrative shares are created by Windows, not a network administrator. If deleted, they will be automatically recreated.[2]
Administrative shares are not created by
Management
The administrative shares can be deleted just as any other network share, only to be recreated automatically at the next reboot.[1] It is, however, possible to disable administrative shares.[2]
Disabling administrative shares is not without caveats.
Restrictions
By default, Windows Vista and later use User Account Control (UAC) to enforce security. One of UAC's features denies administrative rights to a user who accesses network shares on the local computer over a network, unless the accessing user is registered on a Windows domain or using the built in Administrator account. If not in a Windows domain it is possible to allow administrative share access to all accounts with administrative permissions by adding the LocalAccountTokenFilterPolicy value to the registry.
See also
- Server Message Block (SMB) – the infrastructure responsible for file and printer sharing in Windows
- Distributed File System (DFS) – another infrastructure that makes file sharing possible
- My Network Places – Windows graphical user interface for accessing network shares
- Network Access Protection (NAP) – a Microsoft network security technology
- security vulnerabilities, administrative negligence and
admin$
share to breach a computer over a network and propagate itself
References
- ^ a b c "How to remove administrative shares in Windows Server 2008". Support. Microsoft. 29 October 2012. Retrieved 22 July 2013.
- ^ "Overview of problems that may occur when administrative shares are missing". Support. Microsoft. 29 March 2012. Retrieved 22 July 2013.
- ISBN 9781449390655.
- ISBN 9780596527624.
- ^ "Microsoft Security Advisory (906574): Clarification of Simple File Sharing and ForceGuest". Security TechCenter. Microsoft. 23 August 2005. Retrieved 22 July 2013.
- ^ "How to use the Simple File Sharing feature to share files in Windows XP". Support. Microsoft. 6 March 2013. Retrieved 22 July 2013.