Technically, the presence of administrative shares (a.k.a. hidden shares) is for the administration of Windows in a domain environment.

However, they exist in every instance of:

• Windows 2000 Professional,
• Windows XP Professional
• Windows XP Media Center
• Windows Vista (not sure if home basic is affected, but all others are)

Unless they are explicitly disabled.

Detecting them can be frustrating for the un-initiated, so I will shed a little light on one easy method to find and another to disable them.

1. Open a command window. I use the shortcut keys WIN+R (the "windows" key + R) followed by the letters "CMD" in the "Run" dialog. Press Enter to continue
2. Carefully copy the following (omitting the quotation marks): "C:\WINDOWS\system32\rundll32.exe ntlanui.dll,ShareManage"

The following image should represent the dialog that will appear.

Yes, technically, all of the drives above are shared and can be browsed by any user who is an Administrator on the machine from the network.

There are a few sneaky methods that I will not explicitly detail which could allow others to see your sensitive information when these Default Shares are enabled (even if they are not an admin on your machine).

Your best bet against the loss of sensitive information is to disable these shares completely.

To do that, return to the command window and type "regedit"

Drill down to the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" branch and find the key "AutoShareWks" and set the value to "0".

If that key is not present, create a new "DWord" value and paste the string "AutoShareWks" into it, allowing the default value of zero (i.e. "false" vs a setting of 1 meaning "true".)

Now, reboot the PC.

Now, you will only have shares explicitly defined by yourself - and preferably hidden by using the $ sign at the end of new share names (i.e. \\Machine\Share <- Not hidden; \\Machine\Share$ <- Definitely hidden.)

Hope this helps, and thanks for reading!

E.