Administrative share explained

Administrative shares are hidden network shares created by the Windows NT family of operating systems that allow system administrators to have remote access to every disk volume on a network-connected system. These shares may not be permanently deleted but may be disabled. Administrative shares cannot be accessed by users without administrative privileges.

Share names

Administrative shares are a collection of automatically shared resources including the following:

Characteristics

Administrative shares have the following characteristics:

  1. Hidden: The "$" appended to the end of the share name means that it is a hidden share. Windows will not list such shares among those it defines in typical queries by remote clients to obtain the list of shares. One needs to know the name of an administrative share in order to access it. Not every hidden share is an administrative share; in other words, ordinary hidden shares may be created at user's discretion.
  2. Automatically created: Administrative shares are created by Windows, not a network administrator. If deleted, they will be automatically recreated.

Administrative shares are not created by Windows XP Home Edition.

Management

The administrative shares can be deleted just as any other network share, only to be recreated automatically at the next reboot.[1] It is, however, possible to disable administrative shares.[2]

Disabling administrative shares is not without caveats.[3] Previous Versions for local files, a feature of Windows Vista and Windows 7, requires administrative shares to operate.[4] [5]

Restrictions

Windows XP implements "simple file sharing" (also known as "ForceGuest"), a feature that can be enabled on computers that are not part of a Windows domain.[6] When enabled, it authenticates all incoming access requests to network shares as "Guest", a user account with very limited access rights in Windows. This effectively disables access to administrative shares.[7]

By default, Windows Vista and later use User Account Control (UAC) to enforce security. One of UAC's features denies administrative rights to a user who accesses network shares on the local computer over a network, unless the accessing user is registered on a Windows domain or using the built in Administrator account. If not in a Windows domain it is possible to allow administrative share access to all accounts with administrative permissions by adding the LocalAccountTokenFilterPolicy value to the registry.

See also

Notes and References

  1. Web site: How to create and delete hidden or administrative shares on client computers. 5 July 2006. Support. Microsoft. usurped. https://web.archive.org/web/20120201162539/http://support.microsoft.com/kb/314984/en-us. 1 February 2012.
  2. Web site: How to remove administrative shares in Windows Server 2008. Support. Microsoft. 22 July 2013. 29 October 2012.
  3. Web site: Overview of problems that may occur when administrative shares are missing. Support. Microsoft. 22 July 2013. 29 March 2012.
  4. Book: Karp, David A.. Windows 7 Annoyances Tips, Secrets, and Solutions.. 2010. O'Reilly Media. Sebastopol. 9781449390655. 607. 1st.
  5. Book: Karp, David A.. Windows Vista annoyances. 2008. O'Reilly. Sebastopol, CA. 9780596527624. 507. 1st. registration.
  6. Web site: Microsoft Security Advisory (906574): Clarification of Simple File Sharing and ForceGuest. Security TechCenter. Microsoft. 22 July 2013. 23 August 2005.
  7. Web site: How to use the Simple File Sharing feature to share files in Windows XP. Support. Microsoft. 22 July 2013. 6 March 2013.