||This article has multiple issues. Please help improve it or discuss these issues on the talk page.
The administrative shares are the default network shares created by most Windows NT-based operating systems (NT/2000/XP/2003/Vista/Windows 7). These default shares share every hard drive partition in the system. These shares will allow anyone who can authenticate as any member of the local Administrators group access to the root directory of every hard drive on the system. They are not generally used or useful outside an enterprise environment, and are not accessible by default on home editions of XP, Vista or Windows 7.
Administrative shares are the term Microsoft defined for the collection of by-default automatically shared filesystem resources including the following:
- any drive letter + $ (only the local disk volumes, not any removable devices such as CD/DVD drives, USB flash drives)
- admin$ (which shares access to %SYSTEMROOT%, which is usually C:\WINDOWS or C:\WINNT)
The "$" appended to the end of the share name means that it's a hidden share. Windows will not list such shares among those it defines in typical queries by remote clients to obtain the list of shares. This means that one needs to know the name of an administrative share in order to access it.
It is commonly believed that any share that includes the final '$' character defines it as an administrative share. According to Microsoft's use of the term "administrative share", this is false. While any share (even non-administrative shares) can include a '$' character at the end of its name, only those by-default shares created by Windows containing the '$' suffix are considered administrative shares.
Generic UNC address for an administrative share:
This represents the administrative share for the "C" drive on the computer "MyComputer". This works just as well for any other local drive on the computer, e.g. \\MyComputer\d$, \\MyComputer\e$ (assuming those are local drives and not removable drives).
This represents the administrative share for the %SYSTEMROOT% object on the computer "MyComputer".
How to hide 
The administrative shares can be deleted by a user with Administrators membership but the administrative shares will be recreated automatically at the next reboot.
The following registry configuration change e.g. using Regedit can completely hide all administrative shares. If the setting is not present then you must create it.
Windows NT 4.0 Server, Windows 2000 Server, Windows Server 2003 
Hive: HKEY_LOCAL_MACHINE Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Name: AutoShareServer Data Type: REG_DWORD Value: 0
Windows NT 4.0 Workstation, Windows 2000 Professional, Windows XP, Windows 7
Hive: HKEY_LOCAL_MACHINE Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Name: AutoShareWks Data Type: REG_DWORD Value: 0
How to disable 
Microsoft does not detail any method to disable administrative shares. The command:
NET SHARE C$ /delete
can be executed in order to disable the root share in a networked computer. The problem is that after a reboot, the share will be automatically recreated.
A common workaround is to create a batch file with commands to disable all administrative shares (they can be viewed by running the "NET SHARE" command), and then scheduling the script to run at every system startup by using the Windows Task Scheduler.
Usually, the following commands, under a batch file, can successfully disable shares on a Windows XP or Windows Vista system:
NET SHARE C$ /delete
NET SHARE D$ /delete
NET SHARE admin$ /delete
How to enable in Windows Vista, Windows 7, and Windows 8 
By default, Windows Vista and newer versions of Windows prevent local accounts from accessing administrative shares through the network.
To enable administrative shares you have to make a registry change. Click on Start Menu and in the search box type ‘regedit’ and press ENTER. Add this registry item:
Hive: HKEY_LOCAL_MACHINE Key: Software\Microsoft\Windows\CurrentVersion\Policies\System Name: LocalAccountTokenFilterPolicy Data Type: REG_DWORD Value: 1
After rebooting, the hidden share is accessible from other computers. Note that this change removes Windows' restrictions on remote User Account Control.
You may be able to use 'net stop server' and then 'net start server' from an administrative command prompt instead of rebooting.
How to enable in Windows XP Service Pack 1, 2, and 3 
By default, Windows XP Service Pack 3 prevents access to the administrative shares through the network.
To enable administrative shares you have to:
- Open Explorer and select Tools -> Folder Options
- Select the View tab and scroll all the way down to the bottom of Advanced Settings
- Make sure that "Use simple file sharing (Recommended)" is not selected
This should work instantly without the need for reboot. Note: Windows XP Home editions do not have this option, so cannot show administrative shares.
Security and prevention 
Preventing access 
Disabling the Administrative shares mitigates many known security risks. For example, viruses such as Conficker Worm performs dictionary attacks on Administrative shares.
Alternative approaches to prevent remote browsing of the disk contents include:
- Remove "Administrators" from the Security tab of the drive in question. This will prevent any external local admin from accessing the drive yet still allow the local admin access
- disable File and Printer Sharing (or unbind the NetBT protocol)
- Stop and/or disable the Workstation service
- set IPSec block rules that prevent inbound connections on 445/tcp and 445/udp
- remove membership in the Administrators group for those users/groups you wish to block
- encrypt the files that must remain confidential using a file-based encryption technology (such as EFS or RMS) that requires access to per-user decryption keys to gain access to plaintext contents of the files
The DACLs on the administrative shares cannot be modified, even by the local Administrator account.
Beginning with Windows XP Home edition and later non-server editions of Windows, Windows implements the "ForceGuest" feature when the local Administrator account has a blank password. When a remote user authenticates to Windows XP (and later) as Administrator with a blank password (e.g. by mapping to one of the administrative shares), Windows will assign to their session a Guest access token, not an Administrator access token. This is arguably more secure against such remote attacks than assigning a weak or easily-guessed password to the local Administrator account.