Windows Server 2003 – Importance of Default Windows Shares

defaultsnetwork-shareSecuritywindows-server-2003

I have to set up some shares on a windows server (2003), but I really don't like those default shares (C$, ADMIN$, IPC$).

I seem to remember that you shouldn't remove those shares, but when the sharing service is disabled they don't work anyway, so why should I leave them when the service is enabled? Can I remove them without risking a reboot?

I always thought of them as a liability, so please correct me if I'm wrong.

Best Answer

Per this article from the Microsoft Knowledge Base:

  • DriveLetter$: This is a shared root partition or volume. Shared root partitions and volumes are displayed as the drive letter name appended with the dollar sign ($). For example, when drive letters C and D are shared, they are displayed as C$ and D$.
  • ADMIN$: This is a resource that is used during remote administration of a computer.
  • IPC$: This is a resource that shares the named pipes that you must have for communication between programs. This resource cannot be deleted.
  • NETLOGON: This is a resource that is used on domain controllers.
  • SYSVOL: This is a resource that is used on domain controllers.
  • PRINT$: This is a resource that is used during the remote administration of printers.
  • FAX$: This is a shared folder on a server that is used by fax clients during fax transmission. Note NETLOGON and SYSVOL are not hidden shares. Instead, these are special administrative shares

You can remove these shares live as per Roy's answer.

Note: Windows will automatically create the admin shares after a reboot. To prevent this behavior, use regedit to find the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters

Create the following 2 DWORD registry values:

AutoShareServer 0
AutoShareWks 0
Related Topic