MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)ID: oval:org.secpod.oval:def:14592 | Date: (C)2013-08-13 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
This entry appears as MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments) in the SCE. By default, when Windows networking is active on a server, Windows will create hidden administrative shares.
Vulnerability:
Because these built-in administrative shared folders are well-known and present on most Windows computers, malicious users often target them for brute force attacks such as guessing passwords as well as other types of attacks. In Windows Vista, these shared folders are configured by default not to be accessible remotely.
Countermeasure:
Do not configure the AutoShareWks entry except on highly secure computers, where it should be configured to a value of 1 (enabled).
Potential impact:
If you delete these shared folders, you could cause problems for administrators and programs or services that rely on these shares.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters!AutoShareWks
Platform: |
Microsoft Windows 7 |