how do i remove the admin share, C$

[OutHouse]

can anybody tell me how to remove the admin hidden share c$?

 

[TonyRic]

You cannot remove it, however you can restrict access to it...

 

[OutHouse]

ok how would i restrict acces from another sys admin from gettin on my hard drive?

 

[TonyRic]

By setting an explicit access rights to that person with NO ACCESS as the rights...

You will need to set the NTFS level security and click on ADD and add the users domain ID and save it, then go back in and double click on the users id in the list and set the permissions to "Special" and remove ALL check boxes and that will remove ALL access to the c$ share for that user... I had to do it here at work until my NT Administrator did enough crap that I could fire him...

 

[hardmankam]

can you add a new share, say named drivec$ and then remove the old share c$

of course, you will have to change the permission on drivec$ from everyone to whatever you need to.

 

[TonyRic]

you CAN NOT remove the default admin shares...

 

[TonyRic]

you CAN NOT remove the default admin shares...

 

[ddiccico]

the c$ share is not the same as a folder shared through file and print sharing. if you're worried about someone connecting to your machine over the network disable file and print sharing in the local area connection.

 

[mrnoctem]

You CAN remove the default shares. Use regedit to navigate to this key in your registry - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\. Add a new DWORD value named AutoShareWks with a value of 0. Reboot and there won't be any administrative shares on your PC. Note that this is for NT Workstation or 2000 Pro only. For the server versions of NT or 2K, the value is AutoShareServer.

Hope this helps 🙂

 

[MGMorden]

Correct me if I'm wrong but won't removing File and Printer sharing all together essentially unshare the drive?

 

[OutHouse]

Thanks mrnoctem

that registry hack worked

ddiccico, This is for a NT 4.0 Workstation

 

[evergreen96]

mrnoctem,

Is there a way to rename the c$ to something else like drivec$... using the registry hack?

 

[juiio]

If you go to services and disable the Server and the Computer Browser services, you'll remove the admin share.

 

[OutHouse]

if you remove the server service, what else would that affect besides the admin shares?

 

[mrnoctem]

If you remove the Server service, it will essentially disable file and print sharing. An extra unwanted side-effect of disabling the Server service is that it will also disable the Computer Browser service because it is dependent on the Server service.

evergreen96 - I don't think it's possible to rename admin shares.

 

[Motorheader]

I have run into people that wanted to do something similar to what you are inquiring about - the next thing I'm getting is a call as to why they can't access their PC because the login won't work. They essentially made the drive inaccessible because they removed the default share for that drive.

Be careful with what you are trying to do. You have been warned 😉

Good time to check your backups and ERD.

 

[OutHouse]

I do not want to get rid of the default share. All i want to do is remove the hidden admin share. I still have special folders that are accessiable to specific people.

The Registry hack that was provide a few post ago works just fine. The C$ and D$ are now gone. The purpose of me wanting to do this is to keep the junior sys admins out of my drives.

 

[evergreen96]

Is there a way you can audit if anyone maps to your drive.. I already turn it on but I only get mgs that the domain I didn' see this in the event viewer? All I see is Previeged use.

 

[Motorheader]

I understand that much and I am glad it worked - I was more alluding to what I have seen "sysadmin wannabes" do when tinkering "innocently" with shares and rights in NT. 😀