Administrative shares are hidden network shares created by the Windows NT family of operating systems that allow system administrators to have remote access to every disk volume on a network-connected system. These shares may not be permanently deleted but may be disabled. Administrative shares cannot be accessed by users without administrative privileges.
Administrative shares have the following characteristics:
Administrative shares are not created by Windows XP Home Edition.[1]
The administrative shares can be deleted just as any other network share, only to be recreated automatically at the next reboot.[1] It is, however, possible to disable administrative shares.[2]
Disabling administrative shares is not without caveats.[3] Previous Versions for local files, a feature of Windows Vista and Windows 7, requires administrative shares to operate.[4][5]
Windows XP implements "simple file sharing" (also known as "ForceGuest"), a feature that can be enabled on computers that are not part of a Windows domain.[6] When enabled, it authenticates all incoming access requests to network shares as "Guest", a user account with very limited access rights in Windows. This effectively disables access to administrative shares.[7]
By default, Windows Vista and later use User Account Control (UAC) to enforce security. One of UAC's features denies administrative rights to a user who accesses network shares on the local computer over a network, unless the accessing user is registered on a Windows domain or using the built in Administrator account. If not in a Windows domain it is possible to allow administrative share access to all accounts with administrative permissions by adding the LocalAccountTokenFilterPolicy value to the registry.