Disabling Hidden Shares in Windows 10 (& Windows Vista, Windows 7, and Windows 8.1)

A simple post confirming that the same registry key works in Windows 10.
Based largely off of this ITworld write-up by Paul McFedries.

As is commonly known, a “$” in a Windows share name makes it “hidden”. This does not mean it is any more secure; it only obscures the name. That said, Microsoft, by default, enables hidden shares for “Administrative” purposes, including one for the system drive, C: (C$), and any other hard disk partitions you have on your system. Windows Vista+ also sets up the following hidden shares:

Share Shared Path Purpose
ADMIN$ %SystemRoot% Remote administration
IPC$ N/A Remote interprocess communication
print$ %SystemRoot%\System32\spool\drivers Access to printer drivers

Open an elevated Command Prompt and type “net share” and press Enter. You see a listing similar to this:

Share name   Resource                        Remark
-----------------------------------------------------------
C$           C:\                             Default share
D$           D:\                             Default share
ADMIN$       C:\WINDOWS                      Remote Admin
IPC$                                         Remote IPC
print$       C:\System32\spool\drivers       Printer Drivers
Public       C:\Users\Public                 

So although the C$, D$, and ADMIN$ shares are otherwise hidden, they’re well known, and they represent a small security risk should an intruder get access to your network. To close this hole, you can force Windows Vista to disable these shares. Here are the steps to follow:

    1. Click Start, type “regedit” in the Search box, and then click regedit.exe in the search results. The User Account Control dialog box appears.
    2. Say “Yes” to the UAC prompt and the Registry Editor should open.

CAUTION – BE CAREFUL WITH YOUR REGISTRY – ONLY CHANGE 

  1. Open the HKEY_LOCAL_MACHINE branch.
  2. Open the SYSTEM branch.
  3. Open the CurrentControlSet branch.
  4. Open the Services branch.
  5. Open the LanmanServer branch.
  6. Select the Parameters branch.
  7. Select Edit, New, “DWORD (32-bit) Value”
  8. Type “AutoShareWks” and press Enter. (Leave the default value of 0.)
    AutoShareWks
  9. Reboot or restart the “server” service using a Command Prompt: “net stop server” then “net start server”.

Once again, open an elevated Command Prompt and type “net share” and press Enter. The output should now looks like this:

Share name   Resource                        Remark
-----------------------------------------------------------
IPC$                                         Remote IPC
print$       C:\System32\spool\drivers       Printer Drivers
Public       C:\Users\Public                 

FYI – Its possible certain applications require the hidden shares.  To disable or rollback to “default” simply remove the “AutoShareWks” Registry Key or change the value to “1”.

2 thoughts on “Disabling Hidden Shares in Windows 10 (& Windows Vista, Windows 7, and Windows 8.1)”

  1. Hi, many thanks for the tip. How would this look on a single/sole computer? (Have had some undesired visits by remote-control).
    Using Win 8.1 64-bit

    1. Your firewall (typically your router) prevents internet traffic from accessing your local PCs. Disabling hidden shares is typically for PCs in a domain (corporate) environment where you want to prevent easy Domain Admin access to your individual PC. WARNING: Domain Admins can easily bypass and change this setting but it requires the change to be more targeted to your PC.
      In a typical home setting, it prevents Computer A from being access by Computer B by using a local Administrator account on Computer A.

Leave a Reply

Your email address will not be published. Required fields are marked *