Security Basics mailing list archives

RE: XP admin shares

From: "Rick Darsey" <rdarsey () aims1 com>
Date: Mon, 9 Dec 2002 13:48:20 -0600

Here is what I found on NTFAQ.com


Q. How do I stop the default admin shares from being created?

A. This can be done through the registry.

Start the registry editor
Move to
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
If you are using Workstation create a value (Edit - Add Value) called
AutoShareWks (AutoShareServer for server) of type DWORD and press OK. It
will ask for a value, type the number 0.
Close the registry editor
Reboot
This can also be done using the policy editor. Start the policy editor
(poledit.exe), load the default computer profile, and expand the Windows NT
Network tree, then Sharing and set "Create hidden drive shares" to blank for
server/workstation.

There are a few other options though. The first is to use NTFS and set
protections on the files so people may be able to connect to the share, but
they will not be able to see anything. The second is to delete the shares
each time you logon, this can be done through explorer, but it would be
better to have a command file run each time with the lines
net share c$ /delete
and for all the other shares, however these shares are there for a reason so
your machine can be administered by the servers, so if you delete them
system managers may have something to say about it!


By default, if you turn off an Admin share on XP, it will be re-shared when
either the server service is stopped or restarted, or the computer is
rebooted, so the above RegHack is probably the solution.

Hope it helps

Rick Darsey
MCSE, MCSA, MCP, SCO ACE, SCO CUSA, Network +

-----Original Message-----
From: Leon Pholi [mailto:L.Pholi () secureinteractive com]
Sent: Sunday, December 08, 2002 6:28 PM
To: security-basics () securityfocus com
Subject: XP admin shares


Hi everyone,

Just a quick one, does anyone know how to stop the default administrative
file shares in Win XP (professional edition)? One would think this would be
a standard part of locking down a box, but can't find much on it for XP.

You can do it through Computer Management but they'll be re-enabled at
reboot, and the Win2k key of
HKLM\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoShareWks
doesn't seem to exist. Any ideas?

Thanks,
Leon

Current thread:

XP admin shares Leon Pholi (Dec 09)
- Re: XP admin shares Kilian CAVALOTTI (Dec 10)
- RE: XP admin shares securityfocus (Dec 10)
- RE: XP admin shares Rick Darsey (Dec 10)
- RE: XP admin shares Bill Martin (Dec 10)
- Re: XP admin shares flur (Dec 10)
- <Possible follow-ups>
- Fwd: FW: XP admin shares Louis Cypher (Dec 10)
- RE: XP admin shares Mike Cole (Dec 10)
- Re: XP admin shares ktyler (Dec 10)
- RE: XP admin shares Leon Pholi (Dec 10)
- RE: XP admin shares Anthony, Shayla (Dec 10)
- RE: XP admin shares Anthony, Shayla (Dec 10)
- Re: XP admin shares Jill Tovey (Dec 10)
- RE: XP admin shares Schuler, Jeff (Dec 11)

(Thread continues...)