Windows - admin share: Porovnání verzí

Z Wiki Pavel
Skočit na navigaci Skočit na vyhledávání
m
m
 
Řádek 34: Řádek 34:
  
 
restart LanmanServer to recreate admin shares
 
restart LanmanServer to recreate admin shares
 +
 +
 +
[[Kategorie:Windows]]

Aktuální verze z 31. 10. 2022, 11:05

How to Disable/Enable Admin Shares on Windows 10 and 11?

Windows administrative shares are convenient for remote computer administration, but they carry additional security risks (At the very least, you shouldn’t use the same local administrator password on all computers. Use LAPS to make passwords unique). You can completely prevent Windows from creating these hidden admin shares.

The easiest way to remove the admin share is to right-click the share name in the Computer Management snap-in and select Stop sharing (or use the net share Admin$ /delete command). However, after restarting Windows, the Admin$ share will be recreated automatically.

stop sharing hidden admin shares on windows 10 and 11

In order to prevent Windows 10 from publishing administrative shares, you need to open the registry editor (regedit.exe), go to the registry key HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters and add a Dword parameter named AutoShareWks (for desktop versions of Windows) or AutoShareServer (for Windows Server) and the value 0. 

AutoShareWks - reg key to disable / enable default windows administrative shares

You can create this registry parameter manually, from the reg add command line tool, or through PowerShell: 

reg add HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /f /v AutoShareWks /t REG_DWORD /d 0

or

New-ItemProperty -Name AutoShareWks -Path HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters -Type DWORD -Value 0 You can deploy this registry parameter to all domain computers through a GPO.

Now, after a reboot, administrative shares will not be created. In this case, the tools for remote computer manage, including psexec, will stop working.

enable c$ admin share on Windows 10 and 11

If you want to enable admin shares on Windows, you need to change the parameter value to 1 or delete it: 

Set-ItemProperty -Name AutoShareWks -Path HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters -Value 1

How to enable c$ admin share on Windows 10 and 11 and Windows Server 2016

To have Windows recreate the hidden admin shares, simply restart the Server service with the command: 

Get-service LanmanServer | restart-service -verbose

restart LanmanServer to recreate admin shares

Citováno z „http://www.klapac.funsite.cz/mediawiki/index.php?title=Windows_-_admin_share&oldid=403