Administrative shares are hidden network shares created by the Windows NT family of operating systems that allow system administrators to have remote access to every disk volume on a network-connected system. These shares may not be permanently deleted but may be disabled. Administrative shares cannot be accessed by users without administrative privileges.
Administrative shares are a collection of automatically shared resources including the following: [1]
C
, D
and E
has three administrative shares named C$, D$ and E$. (
NetBIOS is not case sensitive.)admin$
fax$
ipc$
print$
sysvol
and netlogon
which do not have dollar signs ($) appended to their names.
[2]Administrative shares have the following characteristics:
Administrative shares are not created by Windows XP Home Edition. [1]
The administrative shares can be deleted just as any other network share, only to be recreated automatically at the next reboot. [1] It is, however, possible to disable administrative shares. [2]
Disabling administrative shares is not without caveats. [3] Previous Versions for local files, a feature of Windows Vista and Windows 7, requires administrative shares to operate. [4] [5]
Windows XP implements "simple file sharing" (also known as "ForceGuest"), a feature that can be enabled on computers that are not part of a Windows domain. [6] When enabled, it authenticates all incoming access requests to network shares as "Guest", a user account with very limited access rights in Windows. This effectively disables access to administrative shares. [7]
By default, Windows Vista and later use User Account Control (UAC) to enforce security. One of UAC's features denies administrative rights to a user who accesses network shares on the local computer over a network, unless the accessing user is registered on a Windows domain or using the built in Administrator account. If not in a Windows domain it is possible to allow administrative share access to all accounts with administrative permissions by adding the LocalAccountTokenFilterPolicy value to the registry.
admin$
share to breach a computer over a network and propagate itselfAdministrative shares are hidden network shares created by the Windows NT family of operating systems that allow system administrators to have remote access to every disk volume on a network-connected system. These shares may not be permanently deleted but may be disabled. Administrative shares cannot be accessed by users without administrative privileges.
Administrative shares are a collection of automatically shared resources including the following: [1]
C
, D
and E
has three administrative shares named C$, D$ and E$. (
NetBIOS is not case sensitive.)admin$
fax$
ipc$
print$
sysvol
and netlogon
which do not have dollar signs ($) appended to their names.
[2]Administrative shares have the following characteristics:
Administrative shares are not created by Windows XP Home Edition. [1]
The administrative shares can be deleted just as any other network share, only to be recreated automatically at the next reboot. [1] It is, however, possible to disable administrative shares. [2]
Disabling administrative shares is not without caveats. [3] Previous Versions for local files, a feature of Windows Vista and Windows 7, requires administrative shares to operate. [4] [5]
Windows XP implements "simple file sharing" (also known as "ForceGuest"), a feature that can be enabled on computers that are not part of a Windows domain. [6] When enabled, it authenticates all incoming access requests to network shares as "Guest", a user account with very limited access rights in Windows. This effectively disables access to administrative shares. [7]
By default, Windows Vista and later use User Account Control (UAC) to enforce security. One of UAC's features denies administrative rights to a user who accesses network shares on the local computer over a network, unless the accessing user is registered on a Windows domain or using the built in Administrator account. If not in a Windows domain it is possible to allow administrative share access to all accounts with administrative permissions by adding the LocalAccountTokenFilterPolicy value to the registry.
admin$
share to breach a computer over a network and propagate itself