Hack 27 Disable Default Shares

Stop sharing all your files with the world.

By default, Windows enables sharing for each logical disk on your system (C$ for the C drive) in addition to another share called ADMIN$ for the %SystemRoot% directory (e.g., C:\WINNT). Although this is accessible only to Administrators, it is wise to disable these shares (if at all possible) since they still present a potential security hole.

To disable these shares, open the Registry by running regedit.exe and then find the HKey_Local_Machine\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters key.

If you're using Windows 2000 workstation, add an AutoShareWks DWORD key with the value of 0 (as shown in Figure 2-5) by clicking Edit New DWORD Value. For Windows 2000 Server, add an AutoShareServer key with a value of 0. When you're done editing the Registry, restart Windows for the change to take effect.

Figure 2-5. Adding an AutoShareWks registry key

After Windows has finished loading, you can verify that the default shares no longer exist by running net share:

C:\>net share Share name   Resource                    Remark ---------------------------------------------------------------------------- IPC$         Remote IPC                  The command completed successfully.

Before doing this, you should be sure that disabling these shares will not negatively affect your environment. Lack of these shares can cause some system management software such as HFNetChk [Hack #21] or System Management Server to not work. This is because software like this depends on remote access to the default administrative shares in order to access the contents of the systems disks.