How to disable administrative share in NT/W2K/XP/2003

Every Windows NT/W2K/XP/2003 machine automatically creates a share for each drive on the system. These shares are hidden, but available with full control to domain administrators. The drive letter, followed by the $ sign is the name, and it is shared from the root. When trying to attain a highly secure network, you may wish to address this potential security issue by disabling these shares, or at least restricting their permissions to specific users or services.

An example of default administrative share in XP

show the current share folder - net view
show other computer share folder - net view \\ip

You can remove the default share by using the command net share sharename /del to delete particular share folder. However, this method will allow the default share re-created when the computer restart. Therefore, we need to do something to the system registry. First, please backup your system registry before we change it. (Start > Run > regedit )

For Servers

For NT 4.0/W2K/Windows Server 2003s, the change is:

Hive: HKEY_LOCAL_MACHINE Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Name: AutoShareServer
Data Type: REG_DWORD
Value: 0

Idiot proof note: If you can't find the value in the registry under the exact location (i.e. it does not exist) - please right click in the right pane of the window and create it.

Note: A reboot is necessary for this to take effect.

For Workstations

For NT 4.0 Workstation/W2K Pro/XP Pro, the change is:

Hive: HKEY_LOCAL_MACHINE Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Name: AutoShareWks Data
Type: REG_DWORD
Value: 0

A double idiot proof note: If you can't find the value in the registry under the exact location (i.e. it does not exist) - please right click in the right pane of the window and create it.

Note: Again, a reboot is necessary for this to take effect. If you want the administrative shares to be re-created, you can change the value back to 1.



Credits to Daniel Petri