Hidden shares

w^rl0rd

Why are shares like Admin$ and C$ created and shared by default in Computer Management? Is this a security breach?

Find more posts tagged with

SAVE $250 on Your Microsoft Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Microsoft Boot Camps

Comments

pmann

They are created by default, but you can only connect to a hidden share from an account with admin privilege.

It is possible to disable hidden shares, but deleting them is a problem since they are recreated on restart.

w^rl0rd

What are they for?

pmann

Theres one at the root of each hard drive (so C$, D$, E$, F$ etc.), these are to allow admin access.

There is a share to the system root (ADMIN$), which is the location of the C:\winnt folder for instance.

Theres another called IPC, Im not sure what that one is for, but I believe its a container for processes set off by applications which are being run over the network.

Admins will create additional hidden shares (by adding the $) for the custom setup of that system. On my system for instance I have some hidden shares which I use as holding areas for program updates, that I can then access across the whole site/network.

ajsie

pmann wrote:

They are created by default, but you can only connect to a hidden share from an account with admin privilege..

exactly what do you mean by that?

i have tried getting access to the hidden shares with my admin privilige, my account is an administrator account = peter. password = lubeck.

i typed:

net use \\<ip>\c$ /u:<domain>\peter lubeck

but returned a error code 1385 if i remember right.

does anybody know how i can be able to get access?