By default Windows automatically makes the following shares
ADMIN$
IPC$
NETLOGON
SYSVOL
PRINT$
FAX$
DRIVELETTER$
These are administrative shares and are they to help with the remote admin / function of a server. Normally only admins can access these. But sometimes if you are trying to meet a security compliancy you will need to disable these on workstations and some server.
You can do this by changing the following reg key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareServer
To 0 (Zero) and if its not there you will need to make a REG_DWORD and set it to 0 (Zero)
Remove administrative shares - Windows Server | Microsoft Docs
Ideally I would leave them be; as they do come in handy and the client / server should have firewalls configured to limit risk.
No comments:
Post a Comment