Administrative Shares

How to Use Registry Editor to Restore Administrative Shares

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry,


1. Start Registry Editor (Regedt32.exe).
2. Locate and click the following key in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareServer
3. Either change the value of the AutoShareServer key to 1 or delete the value.

NOTE: If the AutoShareServer key is set to 0, administrative shares (such as C$, D$, Admin$, and so on) cannot be created automatically.
4. Quit Registry Editor.


How to Use the Poledit Utility to Restore Administrative Shares

1. Click Start, click Run, type poledit in the Open box, and then click OK.
2. Click Open Registry on the File menu.
3. Double-click Local Computer.
4. Expand Windows NT Network, and then expand Sharing (Server).
5. Click to select the Create Hidden Drive Shares (Server) check box, and then click OK.
6. Click Save on the File menu.NOTE: To install Windows 2000 Administration Tools (including Poledit.exe) on a Windows 2000 Professional-based computer, open the I386 folder on the applicable Windows 2000 Server CD, double-click the Adminpak.msi file, and then follow the instructions that are displayed in the Windows 2000 Administration Tools Setup wizard.


A hidden share is identified by a dollar sign ($)
at the end of the share name. Hidden shares are not listed when you look through the shares on a computer or use the net view command. The versions of Windows that are listed in the "Applies to" section create hidden administrative shares that administrators, programs, and services can use to manage the computer environment on the network. By default, Windows can enable the following hidden administrative shares:

* Root partitions or volumes
* The system root folder
* The FAX$ share
* The IPC$ share
* The PRINT$ share

Root partitions and volumes are shared as the drive letter name appended with the $ sign. For example, drive letters C and D are shared as C$ and D$.

The system root folder (%SYSTEMROOT%) is shared as ADMIN$. This is your Windows folder, and the administrative share provides administrators easy access to the system root folder hierarchy over the network.

The FAX$ share is used by fax clients to send a fax. This shared folder caches files and accesses cover pages that are stored on a file server.

The IPC$ share is used with temporary connections between clients and servers by using named pipes for communication among network programs. It is primarily used for to remotely administer network servers.

The PRINT$ share is used to remotely administer printers.

Hidden administrative shares that are created by the computer (such as ADMIN$ and C$) can be deleted, but the computer re-creates them after you stop and restart the Server service or restart your computer. Hidden shares that are created by users can be deleted, and they are not re-created after you restart your computer. Microsoft Windows XP Home Edition does not create hidden administrative shares.


Create a hidden share
To create a hidden share, follow these steps:

1. In Control Panel, double-click Administrative Tools, and then double-click Computer Management.
2. Expand Shared Folders, right-click Shares, and then click New File Share.
3. In the Folder to share box, type the path of the folder that you want to share, or click Browse to locate the folder.
4. Type the share name that you want to use followed by a dollar sign, and then click Next.
5. To make the share accessible to administrators only, select the Administrators have full control; other users have no access check box, and then click Finish.
6. Click Yes to create another share, or click No to return to the Computer Management console.


Delete a hidden share
To delete a hidden share, follow these steps:

1. In Control Panel, double-click Administrative Tools, and then double-click Computer Management.
2. Expand Shared Folders, and then click Shares..
3. In the Shared Folder column, right-click the share that you want to delete, click Stop sharing, and then click OK.


Troubleshooting
Test the functionality of your programs and services after you disable the default administrative shares. Some Windows services depend on the existence of these shares. Additionally, some third-party programs may require that some of the administrative shares exist. For example, some backup programs may require these shares.


Delete the C$ Administrative Share

VBScript

strComputer = "."

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colShares = objWMIService.ExecQuery _
("Select * from Win32_Share Where Name = 'C$'")

For Each objShare in colShares
objShare.Delete
Next

Set colShares = objWMIService.ExecQuery _
("Select * from Win32_Share Where Name = 'C$'")

strComputer = "."

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colShares = objWMIService.ExecQuery _
("Select * from Win32_Share Where Name = 'C$'")

For Each objShare in colShares
objShare.Delete
Next

this is just a sample code