Administrative share

From HandWiki
Short description: Shared resources that allow for access to a computer's volumes

Administrative shares are hidden network shares created by the Windows NT family of operating systems that allow system administrators to have remote access to every disk volume on a network-connected system. These shares may not be permanently deleted but may be disabled. Administrative shares cannot be accessed by users without administrative privileges.

Share names

Administrative shares are a collection of automatically shared resources including the following:[1]

  • Disk volumes: Every disk volume on the system is shared as an administrative share. The name of these shares consists of the drive letters of shared volume plus a dollar sign ($). For example, a system that has volumes C, D and E has three administrative shares named C$, D$ and E$. (NetBIOS is not case sensitive.)
  • OS folder: The folder in which Windows is installed is shared as admin$
  • Fax cache: The folder in which faxed pages and cover pages are cached is shared as fax$
  • IPC shares: This area, which is used for inter-process communication via named pipes and is not part of the file system, is shared as ipc$
  • Printers folder: This virtual folder, which contains objects that represent installed printers is shared as print$
  • Domain controller shares: Windows Server family of operating system creates two domain controller-specific shares called sysvol and netlogon which do not have dollar signs ($) appended to their names.[2]

Characteristics

Administrative shares have the following characteristics:

  1. Hidden: The "$" appended to the end of the share name means that it is a hidden share. Windows will not list such shares among those it defines in typical queries by remote clients to obtain the list of shares. One needs to know the name of an administrative share in order to access it.[1] Not every hidden share is an administrative share; in other words, ordinary hidden shares may be created at user's discretion.[1]
  2. Automatically created: Administrative shares are created by Windows, not a network administrator. If deleted, they will be automatically recreated.[2]

Administrative shares are not created by Windows XP Home Edition.[1]

Management

The administrative shares can be deleted just as any other network share, only to be recreated automatically at the next reboot.[1] It is, however, possible to disable administrative shares.[2]

Disabling administrative shares is not without caveats.[3] Previous Versions for local files, a feature of Windows Vista and Windows 7, requires administrative shares to operate.[4][5]

Restrictions

Windows XP implements "simple file sharing" (also known as "ForceGuest"), a feature that can be enabled on computers that are not part of a Windows domain.[6] When enabled, it authenticates all incoming access requests to network shares as "Guest", a user account with very limited access rights in Windows. This effectively disables access to administrative shares.[7]

By default, Windows Vista and later use User Account Control (UAC) to enforce security. One of UAC's features denies administrative rights to a user who accesses network shares on the local computer over a network, unless the accessing user is registered on a Windows domain or using the built in Administrator account. If not in a Windows domain it is possible to allow administrative share access to all accounts with administrative permissions by adding the LocalAccountTokenFilterPolicy value to the registry.

See also

  • Server Message Block (SMB) – the infrastructure responsible for file and printer sharing in Windows
  • Distributed File System (DFS) – another infrastructure that makes file sharing possible
  • My Network Places – Windows graphical user interface for accessing network shares
  • Network Access Protection (NAP) – a Microsoft network security technology
  • Conficker – an infamous malware that exploited a combination of weak passwords, security vulnerabilities, administrative negligence and admin$ share to breach a computer over a network and propagate itself

References

  1. 1.0 1.1 1.2 1.3 1.4 "How to create and delete hidden or administrative shares on client computers". Support. Microsoft. 5 July 2006. http://support.microsoft.com/kb/314984/en-us. 
  2. 2.0 2.1 2.2 "How to remove administrative shares in Windows Server 2008". Support. Microsoft. 29 October 2012. http://support.microsoft.com/kb/954422/en-us. Retrieved 22 July 2013. 
  3. "Overview of problems that may occur when administrative shares are missing". Support. Microsoft. 29 March 2012. http://support.microsoft.com/kb/842715/en-us. Retrieved 22 July 2013. 
  4. Karp, David A. (2010). Windows 7 Annoyances Tips, Secrets, and Solutions. (1st ed.). Sebastopol: O'Reilly Media. p. 607. ISBN 9781449390655. 
  5. Karp, David A. (2008). Windows Vista annoyances (1st ed.). Sebastopol, CA: O'Reilly. p. 507. ISBN 9780596527624. https://archive.org/details/windowsvistaanno00karp/page/507. 
  6. "Microsoft Security Advisory (906574): Clarification of Simple File Sharing and ForceGuest". Security TechCenter. Microsoft. 23 August 2005. https://technet.microsoft.com/en-us/security/advisory/906574. Retrieved 22 July 2013. 
  7. "How to use the Simple File Sharing feature to share files in Windows XP". Support. Microsoft. 6 March 2013. http://support.microsoft.com/kb/304040/en-us. Retrieved 22 July 2013. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Administrative_share&oldid=3001777"