Removing Hidden System Shares

هذه المقالة متوفرة أيضا باللغة العربية، اقرأها هنا.


Contents of this article:

  • Contents
  • Introduction
  • The Net Command (net.exe)
  • Starting Net Command
  • Listing Current Shares
  • Sharing a Resource
  • Removing a Share
  • Net Command Help


Although, Windows helps you managing system shares via a great deal of tools and applications, it creates hidden shares for all your disk drives after you install a new fresh copy of Windows that are hidden and not accessible via these tools.

What does “hidden” means? It means that these shares are neither shown to the user nor marked with the sharing mark in Windows Explorer. Plus, they are not accessible via common tools like Computer Management MMC snap-in. Instead, you can control those shares only via command-line instructions. These shares are also hidden from other computers in the network. However, other users can access your computer via these shares using very simple instructions.

Why keeping these shares are considered very dangerous? Imagine what if some user in the network accesses your disk drives by writing a simple line like \C$ (to access the C: drive) in the Run utility (in the Start menu.) At least, he can steal your personal information and data and expose them to danger.

The Net Command (net.exe)

Windows comes with a very nice utility, Net Command (net.exe,) that is used for many purposes. We are not going to cover all uses of Net Command since it requires plenty of articles not one! Instead, we are going to talk about only one use of the Net Command; it is the Sharing Manager.

Starting the Net Command

Unfortunately, Net Command utility does not include a GUI (Graphical User Interface.) Thus, we will have to use the Command Prompt when working with Net Command (net.exe).

Follow these steps to start Command Prompt:

  1. Open the Start Menu
  2. Choose Run
  3. Type “cmd” in Run dialog box
  4. Click OK button

Listing Current Shares

After running the Command Prompt, you can type this command to list the current system shares:

net share

The previous command should display something like that:

Share name   Resource                        Remark

d$           d:                             Default share
e$           e:                             Default share
f$           f:                             Default share
IPC$                                         Remote IPC
print$       C:Windowssystem32spooldrivers
                                             Printer Drivers
C$           C:                             Default share
Programs     D:Programs
The command completed successfully.

The display is divided into three columns, Share Name, Resource, and Remark. Share Name displays the name of the share that is visible to the user. Every share has a unique name and you can control a share only using that name. Resource column shows the path of the share. Remark shows some comments -which you can set manually- about the share.

The previous results from my machine show that all my drives, C, D, E, and F, are currently shared as hidden. They are named, c$, d$, e$, and f$ respectively. That’s the default naming convention used by Windows for hidden disk shares. In addition, the results show that I have shared the D:Programs directory.

Sharing a Resource

To share a new resource (e.g. directory,) you can use the following line:

net share =

Replace with the name of the new share and with the resource path. Again, share name should be unique or the operation would fail.

The following line shares the D:Products directory as the name Products (you may change the path to any other path exist in your machine):

net share Products=D:Products

Now, D:Products is shared successfully. Notice that it’s a normal share, not hidden.

Consider the following line:

net share "Hot Songs"="D:My Songs" /REMARK:"My Favorite Songs"

The previous line shares “D:My Songs” as the name “Hot Songs” (as it would appear in Windows Explorer.) In addition, it sets a remark “My Favorite Songs” that would be shown when you list the shared resources as we did in the previous section.

Note that, you can control share ACLs (Access Control Lists) using switches like /GRANT. See the last section.

Removing a Share

Now, it is the time for removing shares that we don’t need it. The following line removes the hidden share of C drive. Notice that we are referring to the share by its name.

net share C$ /d

The following line is the same:

net share c$ /delete

The following line removes the “Hot Songs” share that we have shared in the previous section:

net share "hot songs" /d

Notice that share name is case-insensitive.

Net Command Help

If you want to discover other features of Net Command or you want to display a command help, just add the /? switch to the end of the command. Consider the following line:

net share /?

It shows the help of the sharing command of the Net Command:

The syntax of this command is:

 sharename=drive:path [/GRANT:user,[READ | CHANGE | FULL]]
                      [/USERS:number | /UNLIMITED]
                      [/CACHE:Manual | Documents| Programs | None ]
 sharename [/USERS:number | /UNLIMITED]
           [/CACHE:Manual | Documents | Programs | None]
 {sharename | devicename | drive:path} /DELETE

Cool, ain’t it?

Welcome to your comments and feedbacks.

Does cleaning Prefetch offers more performance?

هذه المقالة متوفرة أيضا باللغة العربية، اقرأها هنا.

It has been always said that when you clean the folder %windir%Prefetch you give your system and applications more performance.

Actually, thats one of the fables around Windows. Each time you start your computer and each time you open a program that you commonly use, Windows keeps track of information required to start the computer or that application and saves theses information in small files (called Prefetch entries) in the Prefetch folder to use it later to help speed up the computer start process or the application start time.

Thus, cleaning the Prefetch folder doesnt improve performance at all. Instead, it slows it down. It makes Windows uses longer time to start, and makes your favorite programs take longer time opening. An analysis did by TuneUp Systems results in a noticeable slowdown during Windows boot-up time and all applications that are commonly used took significantly longer to start after cleaning Prefetch.

Obviously, you do not need to deal with Prefetch entries manually, Windows handles them all. Actually, Windows Vista (and future systems that support UAC) helps protecting the Prefetch folder by using UAC (User Access Control, read more here) to prevent unauthorized access to this folder.

Advanced Control of UAC

Here in this lesson we’ll learn some useful techniques for controlling the UAC (User Access Control.)

What is User Access Control?

User Access Control (UAC) is a feature of Windows that can help prevent unauthorized changes to your computer. UAC does this by asking you for permission or an administrator password before performing actions that could potentially affect your computer’s operation or that change settings that affect other users.

By default, Administrator users do not have administrative privileges. Every Windows process has two security tokens associated with it, one with normal user privileges and one with admin privileges. With applications that require administrative privileges, the user can elevate the application to run with Administrator rights. And that process called Elevation.

User can elevate an application either by clicking “Run as Administrator” from the context menu of the application icon, or by editing the Compatibility tab in the properties of the application file.
Also, while an application running, it can ask the user to provide administrative permission to complete a specific operation (a good example is switching to the All Users mode in Task Manager.)

Compatibility Options

Compatibility Options

Disabling or enabling UAC

You can disable or enable the UAC simply from the Control Panel from the User Accounts configuration.

Enabling-Disabling UAC

Enabling/Disabling UAC

By clicking the “Turn UAC on or off” option you can disable or enable the UAC.

Advanced Control of UAC

You can control every aspect of UAC using the Local Security Policy MMC snap-in. You can open this snap in from Administrative Tools in the Control Panel.

After opening Local Security Policy utility, step down to the Local Policies then to the Security Options node.

From the right you can find a list of security policies that you can take control of.

Advanced UAC

Local Security Policy - Advanced UAC

We are interested on the nine policies that are applied to the UAC, and these policies are:

Admin Approval Mode for the Built-in Administrator account

This policy specifies whether to enable Admin Approval Mode for the built-in Administrator account or not.

Admin Approval Mode means requiring the user via the UAC messages to approve administrative operations. In other words, it means enabling the elevation process.

This policy is disabled by default.

Behavior of the elevation prompt for administrators in Admin Approval Mode

This policy defines the behavior for the administrators while in Admin Approval Mode (while the previous policy is enabled.)

You can set this policy to one of three options:

  • Prompt for consent (default):
    Ask the user to provide the permission by clicking either Allow button (sometimes Continue) or Cancel button.
  • Prompt for credentials:
    Ask the user to enter his password.
  • Elevate without prompting:
    Grant the permission without asking the user.
Prompt for Consent Message

Prompt for Consent Message

Prompt for Credentials Message

Prompt for Credentials Message

Behavior of the elevation prompt for standard users

This policy defines the behavior for standard users (non-Administrator users) while elevation.

This policy can have one of two options:

  • Prompt for credentials (the default for home editions):
    Asking the user to provide administrator username and password.
  • Automatically deny elevation requests (the default for enterprise editions):
    Do not ask the user and automatically deny the elevation request.

Detect application installations and prompt for elevation

This policy defines whether to prompt for elevation for application installations or to allow them without asking.
By default, this policy is enabled for home editions, and disabled for enterprise editions.

Only elevate executables that are signed and validated

This policy defines whether to elevate only the applications from known vendors (like Microsoft of course), or prompting for elevation for all applications.

This policy is disabled by default.

Only elevate UIAccess applications that are installed in secure locations

If the application requests execution with the UIAccess integrity level, this policy defines whether to allow the application if it resides in secure locations (like Program Files), or not.

This policy is enabled by default.

Run all administrators in Admin Approval Mode

This policy defines the behavior of all UAC policies for the entire system.

If this policy is enabled, all administrators will run in Admin Approval Mode and you will be asked for elevation. Conversely, if this policy is disabled, then all administrators will be granted the permission by default.

This policy is enabled by default.

Switch to the secure desktop when prompting for elevation

This policy defines whether all elevation requests will go to the Secure Desktop or the Interactive Desktop.

Secure Desktop is the default option, and that means that you will not have the ability to interact with other applications until you allow or deny the elevation request. Interactive Desktop means that you have the ability to interact with other application while you are asked for the elevation.

Virtualizes file and registry write failures to per-user locations

This policy defines whether to use File and Registry Virtualization or not. File and Registry Virtualization means that application that are not running in administrator mode will redirected to a specific location if they try to write or read from/to a specific locations like the Program Files and Windows directories for the File Virtualization, and HKLM for the Registry Virtualization.

This policy is enabled by default.

Read about File and Registry Virtualization and see them in action.

Last word

For security reasons, it is recommended that you leave the UAC enabled and leave its default options. But, you must be very wise if you are going to change UAC options -or other security policies of course.-

Changing the Windows Logon Screensaver

هذه المقالة متوفرة أيضا باللغة العربية، اقرأها هنا.

When you start Windows, you may be represented with the welcome screen, which prompts you to enter your username and password. If you leave the machine inactive for a specific time, the Windows logon screen saver starts. That screen saver is the Blank screen saver (Logon.scr) represents a blank black screen.

You can control the Windows logon screen saver from the registry options in HKEY_USERS.DefaultControl PanelDesktop.

Registry Editor + Logon Screen Saver

Changing the screen saver options

To change the logon screen saver options follow the following steps:

  1. Open the Registry Editor from Start -> Run -> regedit.exe.
  2. Locate the logon options in the registry key HKEY_USERS.DefaultControl PanelDesktop.

There, we are interested in three values:

    For changing the current screen saver.
    Set this value to the path of the new screen saver (relative paths allowed.)
    Note that, most screen savers are located in %windir%System32 (the default path) folder and they have the extension “scr”.
    The default screen saver is the Blank screen saver (Logon.scr).
  • ScreenSaveTimeOut:
    For changing the time that you must wait for the screen saver to start.
    Set this value to the number of seconds to wait. For example, 60 for a minute.
    The default timeout is 600 seconds for 10 minutes.
  • ScreenSaveActive:
    For turning the screen saver on or off.
    To turn off the screen saver set this value to 0. Conversely, set it to 1 for turning it on.

Actually, these options and others on “HKEY_USERS.DefaultControl Panel” are the default options for new users. For example, setting the Desktop/FontSmoothing to 2 means sets the screen font smoothing to ClearType for every new user. And changing the screen saver options also, affects all the new users not the logon screen only.

To be honest, the HKEY_USERS hive contains the customizations for every user on the machine based on his SID (Security Identifiers). So, you can find users’ customizations in this registry hive. Also, you can find current user’s customizations in HKEY_CURRENT_USER hive.

Windows 7 Developer Guide

Build applications on a solid foundation; enable richer application experiences; and integrate the best of Windows and web services. The features and technologies of the Windows 7 operating system enable you to build the next generation of software applications. Download this guide to read descriptions of those features and see vivid screen shots from the pre-Beta version of Windows 7 released at PDC.

Windows 7 Developer Guide Download Page:……./ProjectReleases.aspx?ReleaseId=1702
Note: URLs are subject to change.
If you find a bad link please report it to us as soon as possible.