Remove Windows' Administrative (Hidden) Shares.

When I first started trying to get Microsoft certifications (I'm still working on them), I was overwhelmed with the amount of material and the number of questions raised for which there seemed to be no answers.  One of the subjects, for which there were no answers, was raised by the fact that, as a default, Microsoft shares each of your hard drives (yes, the whole thing) as an "administrative" (hidden) share, meaning that the C: drive is shared out as C$.  This wasn't news.  Every tech since Windows 2000 has known about these.

What this means to you, as a user, is that if you check to see if C: is shared, in the Graphical User Interface, it will tell you that it is not, hence the "hidden" nature of these shares.  The problem is that every technician, administrator, hacker, enthusiast, etc. knows about these "hidden" shares.  So where's the "hidden" part really?  It's only hidden to the unsuspecting user who thinks that he or she is protected by their software firewall and antivirus, and that Windows' resources are protected by their password, assuming they actually implemented any passwords. 

Nothing could be further from the truth (there will be a lot more on this later).

One of the things I can help the average home user out with, with minimal effort, is how they can get their Windows 7 Home Edition to not share their hard drives' contents with the entire world. (Incidentally, not one of the computer instructors knew, or at least would impart the information, about how to eliminate these shares automatically, on boot before anyone gets around to logging in, which is where it really matters.  When a user logs in, the Startup programs could include this script, but it would have to be defined for every user, individually.)

If you have access to Active Directory, you probably already know how to execute scripts.  If you have Windows 7 Home Edition, you don't have access to Active Directory but there is a way.  I embedded instructions into this batch (.bat) or command (.com) script (below).  So, if you use Notepad (not Wordpad) to create a .bat or .cmd file, inserting the script below (read it and amend it first), you'll be able to buy yourselves a modicum of privacy.

Note: While it is included in the instructions, it's important enough to say again: "Make sure you have another user set up as an administrator before you implement this file, unmodified, or you may lock yourself out of your system" (as if there weren't an abundance of ways to get you into your own system without a password...).

Happy Holidays!



rem ******************************************
rem ******************************************
rem ******************************************
rem Implement this in Start, All Programs,
rem   Accessories, System Tools, Task
rem   Scheduler, triggered to run on startup
rem   delayed for at least 2 minutes; on
rem   logon (of any user), delayed for at
rem   least 2 minutes, and on system idle for
rem   a duration of "Indefinitely".  On the
rem   General tab of the scheduled task,
rem   select to "Run whether user is logged
rem   or not" and select "Run with highes
rem   priviliges"
rem
rem   This works with XP and Windows 7.
rem   Vista...not so much.
rem
rem   You may have to run this program
rem   manually with Vista, on logon.
rem   In Vista, Start, All Programs,
rem   Accessories, right click
rem   "Command Prompt" and select "Run As
rem   Administrator".  Navigate to where the
rem   batch (.bat) or command (.cmd) file is.
rem   Then execute the batch or command file.
rem
rem ******************************************
rem ******************************************
rem ******************************************



rem ******************************************
rem ******************************************
rem ******************************************
rem
rem Disable administrator and user account
rem
rem Note: if you execute these statements,
rem you had better have at least one other
rem administrator account defined or you will
rem lose control of your system....
rem
rem ******************************************
rem ******************************************
rem ******************************************

net user:administrator /active:no
net user:guest /active:no



rem ******************************************
rem ******************************************
rem ******************************************
rem
rem Disable common shares
rem
rem Note: Name your shares something peculiar
rem to your environment other than these,
rem because every hacker on Earth knows about
rem these shares.
rem
rem Note: The command "Net Share" will
rem produce different results than clicking
rem on the "Share" tab for a volume than
rem clicking on the "Share..", "Sharing",
rem or "Advanced Share" tabs in the Graphical
rem User Interface (GUI), if the share is
rem hidden (a so-called "admin" share).
rem
rem ******************************************
rem ******************************************
rem ******************************************

rem ******************************************
rem **     Disable Admin (hidden) shares   
rem ******************************************

net share users /delete
net share users$ /delete
net share admin$ /delete
net share a$ /delete
net share b$ /delete
net share c$ /delete
net share d$ /delete
net share e$ /delete
net share f$ /delete
net share g$ /delete
net share h$ /delete
net share i$ /delete
net share j$ /delete
net share k$ /delete
net share l$ /delete
net share m$ /delete
net share n$ /delete
net share o$ /delete
net share p$ /delete
net share q$ /delete
net share r$ /delete
net share s$ /delete
net share t$ /delete
net share u$ /delete
net share v$ /delete
net share w$ /delete
net share x$ /delete
net share y$ /delete
net share z$ /delete

rem ******************************************
rem **  Disable shares enabled in the GUI  
rem ******************************************

net share a /delete
net share b /delete
net share c /delete
net share d /delete
net share e /delete
net share f /delete
net share g /delete
net share h /delete
net share i /delete
net share j /delete
net share k /delete
net share l /delete
net share m /delete
net share n /delete
net share o /delete
net share p /delete
net share q /delete
net share r /delete
net share s /delete
net share t /delete
net share u /delete
net share v /delete
net share w /delete
net share x /delete
net share y /delete
net share z /delete



rem ******************************************
rem ******************************************
rem ******************************************
rem
rem               net stop srv
rem
rem net stop srv would stop all of the shares
rem by itself.  This is not recommended
rem because if the command "net share" is
rem executed, the Operating system will ask
rem if it can start the server service,
rem which would re-enable all the default
rem shares, even if you had previously
rem disabled them.
rem
rem Enabling this command line (above) will
rem inhibit ALL of the shares, which will
rem mean that users will not be able to get
rem to ANY share, even the ones you want
rem them to access.
rem
rem Moreover, they won't be able to get to
rem these shares to get previous versions of
rem files saved by shadow copy.  However, if
rem you do not let this above command execute,
rem and give your shares names unique to your
rem environment and enable shadow copy on the
rem volumes, the users will be able to
rem retrieve previous versions of files from
rem those shares.
rem
rem ******************************************
rem ******************************************
rem ******************************************


rem ******************************************
rem ******************************************
rem ******************************************
rem You can disable Windows' Remote Desktop
rem and Remote Support from the Control Panel,
rem System, Remote tab BUT that doesn't stop
rem the Terminal Services services.  Unless
rem you're actually running Terminal Services,
rem Citrix, etc. you don't need or want this
rem service running so that other 3rd Party
rem programs can avail themselves of it to
rem take over your computer remotely.
rem
rem ******************************************
rem ******************************************
rem ******************************************

net stop termservice



Pause

Posted by John Dodrill at 12/26/2011 10:15 PM
Categories: uncategorized
Tags: Windows' Administrative (Hidden) Shares. Windows' Administrative Shares. Windows' Hidden Shares. Hidden Shares. Hidden Shares remove hidden shares remove administrative shares automatically remove hidden shares hidden shares shares batch file .bat file .cmd file command file
Previous Post
Next Post

 

What did you think of this article?




Trackbacks
Trackback specific URL for this post
  • No trackbacks exist for this post.
Comments
  • No comments exist for this post.
Leave a comment

Submitted comments are subject to moderation before being displayed.

 Name (required)

 Email (will not be published) (required)

 Website

Your comment is 0 characters limited to 3000 characters.