What Are Administrative Shares & How to Disable Them in Windows?

Saikat Basu

Administrative Shares are created by the Windows operating system when more than one computer is connected in a network. Administrators and computer support technicians need to access other networked computers and manage their services.

Administrative shares are created to allow this remote access for operations like backups or configuring print settings. These are hidden shares of a logical hard disk. They are different from the usual shared folders/directories as they remain invisible and can only be accessed with admin rights on a machine.

You can recognize an administrative share when a drive letter or folder name has a ‘$’ sign attached at the end. E.g. Drive C is shared as ‘C$’. The operating system creates hidden “administrative shares” for all logical drives with a dollar appended in the end (C$;D$…). It also creates the admin$ hidden share for default system root or Windows directory as ADMIN$. Other common administrative shares are IPC$, PRINT$, and FAX$ shares.

You can see your shared folders by going to Start >Run > type fsmgmt.msc >Shared Folders

Administrative Share

The drives may be hidden and though only someone with an admin account can access them, it doesn’t remove the danger of an intrusion. For home users, this feature may not be that useful and hence disabling it is a better option to provide an extra layer of security from online intruders and malware attacks.

You can disable them temporarily by right-clicking on a shared folder and selecting – Stop Sharing.

Stop Administrative Share

Disabling or deleting the administrative shares is not a permanent solution as they get recreated by default on reboot. To disable permanently so they will not be recreated on the next reboot, you have to fall back on a registry hack. Backup your registry (always a wise precaution) and follow the steps mentioned in this article.

Disabling administrative shares in older versions of Windows makes sense because though the files may not show up on the network, they can be easily accessed by browsing to \\hostname\c$ from a remote machine. Windows Vista and Windows 7 have tightened it up by disabling it by default. You need to make a registry change in these operating systems in order to enable it for use across a network.

Also See
#security#How-to/Guides

Join the newsletter