Remove Administrative Shares on a Win2K System

Windows 2000 has administrative shares (i.e., shares that provide remote access directly to any C drive or logical, physical drive on your system) by default. The administrative shares are those shares that you can use \computername_or_IPaddressC$ to access. To manually disable the shares, right-click My Computer, select Map Network Drive, select the drive letter (i.e., C, D, or E), and enter

\_or_$

Select Do not share this folder. Unfortunately, when you restart the system the shares will automatically recreate. This feature creates a security risk because anyone who knows the machine's IP address can try to use \IPaddressC$ , \IPaddressD$, or \IPaddressE$ to access the shares.

To remove administrative shares without letting Win2K recreate them every time you reboot the system, you need to edit the registry. Start regedit and go to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters subkey. From the Edit menu, select New, DWORD Value to create the new values AutoShareServer and AutoShareWks; set each value's data to 0 (i.e., false). Next, go to each drive, right-click, and select Sharing. Then, select Do not share this folder.

To test the registry entries you added, restart your system and go to your physical or logical drive's Sharing option. Check whether C$, D$, or E$ appears (they shouldn't). To further ensure that the administrative shares are disabled, try to access \IPaddressC$, \IPaddressD$, or \IPaddressE$.

—Phuoc Trong Ha
[email protected]