Don’t trust us Administrators
By default, Windows NT creates so-called administrative shares that are accessible to domain administrators and allows them to remotely retrieve all the files on a computer. And these shares are re-created each time the system reboots.
To access administrative shares, type \computer\c$ in the Run box, where computer is the name of the remote computer, c is the partition you want to access, and the dollar sign ($) indicates that the shares are hidden. All shares on the computer–administrative and other–can be viewed by typing net share in the Command Prompt. If there’s only one partition, four default shares will be visible: IPC$, C$, PRINT$, and ADMIN$.
Administrative shares are useful for administrators but can also pose a security risk. Unless they’re needed, consider disabling them by performing this registry edit:
1. Open the Registry Editor (Regedit.exe or Regedt32.exe).
2. Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Paramaters.
3. Set both AutoShareServer and AutoShareWks values to 0. If these values don’t exist, create them by clicking Add Value from the Edit menu and use REG_DWORD as the type.
4. Close the Registry Editor.
To reenable the shares, simply change the two values back to 1.
