Windows - admin share: Porovnání verzí
m |
m |
||
Řádek 34: | Řádek 34: | ||
restart LanmanServer to recreate admin shares | restart LanmanServer to recreate admin shares | ||
+ | |||
+ | |||
+ | [[Kategorie:Windows]] |
Aktuální verze z 31. 10. 2022, 11:05
Windows administrative shares are convenient for remote computer administration, but they carry additional security risks (At the very least, you shouldn’t use the same local administrator password on all computers. Use LAPS to make passwords unique). You can completely prevent Windows from creating these hidden admin shares.
The easiest way to remove the admin share is to right-click the share name in the Computer Management snap-in and select Stop sharing (or use the net share Admin$ /delete command). However, after restarting Windows, the Admin$ share will be recreated automatically.
In order to prevent Windows 10 from publishing administrative shares, you need to open the registry editor (regedit.exe), go to the registry key HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters and add a Dword parameter named AutoShareWks (for desktop versions of Windows) or AutoShareServer (for Windows Server) and the value 0.
AutoShareWks - reg key to disable / enable default windows administrative shares
You can create this registry parameter manually, from the reg add command line tool, or through PowerShell:
reg add HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /f /v AutoShareWks /t REG_DWORD /d 0
or
New-ItemProperty -Name AutoShareWks -Path HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters -Type DWORD -Value 0 You can deploy this registry parameter to all domain computers through a GPO.
Now, after a reboot, administrative shares will not be created. In this case, the tools for remote computer manage, including psexec, will stop working.
If you want to enable admin shares on Windows, you need to change the parameter value to 1 or delete it:
Set-ItemProperty -Name AutoShareWks -Path HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters -Value 1
To have Windows recreate the hidden admin shares, simply restart the Server service with the command:
Get-service LanmanServer | restart-service -verbose
restart LanmanServer to recreate admin shares