Administrative share

Administrative shares are a collection of automatically shared resources including the following:{{Cite web|url=https://woshub.com/enable-remote-access-to-admin-shares-in-workgroup/|date=2024-03-15|title=Managing Administrative Shares (Admin$, IPC$, C$) on Windows|website=Windows OS Hub|url-status=live|archive-url=https://web.archive.org/web/20210222074504if_/http://woshub.com/enable-remote-access-to-admin-shares-in-workgroup/|archive-date=2021-02-22|access-date=2025-03-07|df=mdy-all}}

• Disk volumes: Every disk volume on the system with a drive letter assignment has a corresponding administrative share named as the drive letter with an appended dollar sign ($). For example, a system that has volumes C:, D: and E: has three corresponding administrative shares named {{Code|C$}}, {{Code|D$}} and {{Code|E$}}. (NetBIOS is not case sensitive.)
• OS folder: The folder in which Windows is installed is shared as {{Code|ADMIN$}}.
• Fax cache: The folder in which faxed transmissions and their cover pages are cached is shared as {{Code|FAX$}}.
• IPC shares: This area, used for inter-process communication via named pipes, is shared as {{Code|IPC$}} and is not part of the file system.
• Printers folder: This virtual folder, which contains objects that represent installed printers is shared as {{Code|PRINT$}}.
• Domain controller shares: The Windows Server family of operating systems creates two domain controller-specific shares called {{Code|SYSVOL}} and {{Code|NETLOGON}} which do not have dollar signs ($) appended to their names.{{Cite web|last1=Liang|first1=Han|last2=Xu|first2=Simonx|date=2025-01-15|title=How to remove administrative shares in Windows|url=https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/remove-administrative-shares|website=Microsoft Learn|publisher=Microsoft|publication-place=Redmond, Washington|access-date=2025-03-07|url-status=live|archive-url=https://web.archive.org/web/20241207152244if_/https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/remove-administrative-shares|archive-date=2024-12-07|df=mdy-all}}

Administrative shares have the following characteristics:

1. They are hidden. The "$" appended to the end of the share name means that it is a hidden share. Windows will not enumerate them among those it defines in response to typical queries by remote clients to obtain the list of shares. One needs to know the name of an administrative share in order to access it. Not every hidden share is an administrative share nor is the reverse true; in other words, ordinary hidden shares may be created at the user's discretion.
2. They are automatically created by Windows, not a network administrator, and if deleted they will be automatically re-created.

Administrative shares are not created by Windows XP Home Edition.

Administrative shares can be deleted in the same manner as any other network share, however they will be recreated automatically during the next boot cycle. To prevent access to them permanently, it is necessary to disable, rather than delete them.

Disabling administrative shares is not without caveats, though.{{Cite web|last1=Liang|first1=Han|last2=Xu|first2=Simonx|last3=Ainapure|first3=Kaushik|last4=Li|first4=Anna|date=2025-01-15|title=Overview of problems that may occur when administrative shares are missing|url=https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/problems-administrative-shares-missing|website=Microsoft Learn|publisher=Microsoft|publication-place=Redmond, Washington|access-date=2025-03-07|url-status=live|archive-url=https://web.archive.org/web/20220930224740if_/https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/problems-administrative-shares-missing|archive-date=2022-09-30|df=mdy-all}} Previous Versions for local files, a feature of Windows Vista and Windows 7 before being rebranded as File History in Windows 8 and beyond, requires administrative shares in order to function properly.{{Cite book|last=Karp|first=David A.|title=Windows 7 Annoyances: Tips, Secrets, and Solutions|date=2010-06-08|publisher=O'Reilly Media|publication-place=Sebastopol, California|isbn=978-0-596-15762-3|page=607|edition=1st}}{{Cite book|last=Karp|first=David A.|title=Windows Vista Annoyances: Tips, Secrets, and Hacks for the Cranky Consumer|date=2008-01-22|publisher=O'Reilly Media|publication-place=Sebastopol, California|isbn=978-0-596-52762-4|page=507|edition=1st|url-access=registration|url=https://archive.org/details/windowsvistaanno00karp/page/507}}

Windows XP implements "simple file sharing" (also known as "ForceGuest"), a feature that can be enabled on computers that are not part of a Windows domain.{{Cite web|last1=Qinglin|first1=Gao|last2=Dressman|first2=Matthew|date=2022-10-14|title=Microsoft Security Advisory 906574: Clarification of Simple File Sharing and ForceGuest|url=https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2005/906574|work=Microsoft Learn|publisher=Microsoft|publication-place=Redmond, Washington|url-status=live|archive-url=https://web.archive.org/web/20240725134835if_/https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2005/906574|archive-date=2024-07-25|access-date=2025-03-07|df=mdy-all}} When enabled, it authenticates all incoming access requests to network shares as "Guest", a user account with very limited access rights in Windows. This effectively disables access to administrative shares.{{Cite book|last=Karp|first=David A.|date=2006-04-18|title=Fixing Windows XP Annoyances: How to Fix the Most Annoying Things About the Windows OS|edition=1st|page=55|url=https://flylib.com/books/en/1.439.1.55/1/|publisher=O'Reilly Media|publication-place=Sebastopol, California|url-status=live|archive-url=https://web.archive.org/web/20250307150932if_/https://flylib.com/books/en/1.439.1.55/1/|archive-date=2025-03-07|isbn=978-0-596-10053-7|access-date=2025-03-07|df=mdy-all}}

By default, Windows Vista and later use User Account Control (UAC) to enforce security. One of UAC's features denies administrative rights to a user who accesses network shares on the local computer over a network, unless the accessing user is registered on a Windows domain or using the built in Administrator account. If not in a Windows domain it is possible to allow administrative share access to all accounts with administrative permissions by adding the LocalAccountTokenFilterPolicy value to the registry.{{Cite web|last1=Liang|first1=Han|last2=Xu|first2=Simonx|last3=Straessner|first3=C.|date=2025-01-15|title=Error when you try to access an administrative share on a Windows-based computer from another Windows-based computer that's a member of a workgroup: Logon unsuccessful: Windows is unable to log you on|url=https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/cannot-logon-access-administrative-share|website=Microsoft Learn|publisher=Microsoft|publication-place=Redmond, Washington|url-status=live|archive-url=https://web.archive.org/web/20220920224938if_/https://learn.microsoft.com/en-US/troubleshoot/windows-client/networking/cannot-logon-access-administrative-share|archive-date=2022-09-20|access-date=2025-03-07|df=mdy-all}}

• Server Message Block (SMB) – the infrastructure responsible for file and printer sharing in Windows
• Distributed File System (DFS) – another infrastructure that makes file sharing possible
• My Network Places – Windows graphical user interface for accessing network shares
• Network Access Protection (NAP) – a Microsoft network security technology
• Conficker – an infamous malware that exploited a combination of weak passwords, security vulnerabilities, administrative negligence and {{Code|ADMIN$}} share to breach a computer over a network and propagate itself

{{Reflist}}

Category:Data security

Category:Microsoft server technology

Category:Windows communication and services