Administrative shares are hidden network shares created by Windows NT family of operating systems that allow system administrators to have remote access to every disk volume on a network-connected system. These shares may not be permanently deleted but may be disabled. Administrative shares cannot be accessed by users without administrative privileges. Windows XP and later further curtail the use of these shares.
Administrative shares are a collection of automatically shared resources including the following:
- Disk volumes: Every disk volume on the system is shared as an administrative share. The name of these shares consists of the drive letters of shared volume plus a dollar sign ($). For example, a system that has volumes
Ehas three administrative shares named C$, D$ or E$. (NetBIOS is not case sensitive.)
- OS folder: The folder in which Windows is installed is shared as
- Fax cache: The folder in which faxed pages and cover pages are cached is shared as
- IPC shares: This area, which is used for inter-process communication via named pipes and is not part of the file system, is shared as
- Printers folder: This virtual folder, which contains object that represent installed printers is shared as
- Domain controller shares: Windows Server family of operating system creates two domain controller-specific shares called
netlogonwhich do not have dollar signs ($) appended to their names.
Administrative shares have the following characteristics:
- Hidden: The "$" appended to the end of the share name means that it is a hidden share. Windows will not list such shares among those it defines in typical queries by remote clients to obtain the list of shares. One needs to know the name of an administrative share in order to access it. Not every hidden share is administrative share; in other words, ordinary hidden shares may be created at user's discretion.
- Automatically created: Administrative shares are created by Windows, not a network administrator. If deleted, they will be automatically recreated.
Windows XP implements "simple file sharing" (also known as "ForceGuest"), a feature that can be enabled on computers that are not part of a Windows domain. When enabled, it authenticates all incoming access requests to network shares as "Guest", a user account with very limited access rights in Windows. This effectively disables access to administrative shares.
By default, Windows Vista and later use User Account Control (UAC) to enforce security. One of UAC features denies administrative rights to user who access network shares on the local computer over a network, unless the accessing user is registered on a Windows domain or using the built in Administrator account. It is possible to disable UAC remote restrictions.
- Server Message Block (SMB) – the infrastructure responsible for file and printer sharing in Windows
- Distributed File System (DFS) – another infrastructure that makes file sharing possible
- My Network Places – Windows graphical user interface for accessing network shares
- Network Access Protection (NAP) – a Microsoft network security technology
- Conficker – an infamous malware that exploited a combination of weak passwords, security vulnerabilities, administrative negligence and
admin$share to breach a computer over a network and propagate itself
- "How to remove administrative shares in Windows Server 2008". Support. Microsoft. 29 October 2012. Retrieved 22 July 2013.
- "Overview of problems that may occur when administrative shares are missing". Support. Microsoft. 29 March 2012. Retrieved 22 July 2013.
- Karp, David A. (2010). Windows 7 Annoyances Tips, Secrets, and Solutions. (1st ed. ed.). Sebastopol: O'Reilly Media. p. 607. ISBN 9781449390655.
- Karp, David A. (2008). Windows Vista annoyances (1st ed. ed.). Sebastopol, CA: O'Reilly. p. 507. ISBN 9780596527624.
- "Microsoft Security Advisory (906574): Clarification of Simple File Sharing and ForceGuest". Security TechCenter. Microsoft. 23 August 2005. Retrieved 22 July 2013.
- "How to use the Simple File Sharing feature to share files in Windows XP". Support. Microsoft. 6 March 2013. Retrieved 22 July 2013.
- "Description of User Account Control and remote restrictions in Windows Vista". Support. Microsoft. 23 September 2011. Retrieved 22 July 2013.
- John, Kenary. "Exchange and Windows Servers". Retrieved 27 February 2015.