How is permission granted to C$

What users are members of the local machine's Administrators group?

Only Administrator, and two domain groups are members of the Administrators group.  The users are not members of these two domain groups.

C$ is a Default Administrative Share.  The default permissions set to the share include Everyone and Local User Accounts with Read and Execute permissions.

http://www.jsifaq.com/SF/Tips/Tip.aspx?id=5055

-saige-

Check the properties of the C$ share itself by going to the properties of the C: drive and checking share permissions.

C$ and others are admin strings - only local and domain admins can access these - without putting in a username and password (if prompted by windows) (normally when you try to access the machine with no drive letter - i.e. \\<name of station> ).
Perhaps another share on C: has been added with these users included?

weareit:
    You say that the default permissions set to the share include Everyone and Local User Accounts with Read and Execute permissions.  How do you know that?  I didn't see that information in the link you posted.  Execute is not a share permission anyway...it is an NTFS permission.

Eagle6990:
    When I check the properties of the C$ share itself it says "This has been shared for administrative purposes.  The permissions cannot be set"

and235100:
    No shares have been added to the C: drive.  The remote users do not get prompted for a username when they access the C$ share.

Those domain groups, one of them isn't domain users is it?  I apologize in advance as  you said no users belong to the 2 groups assigned to the loacal admin group but this  is a tough one and I just discovered that I have the same problem.  In my case it's only on certain PC's - not all.

2PiFL:
    Domain Users is not a member of local Administrators on the computer.  The users that are able to do this are not members of either of the two domain groups that are members of the local Administrators group.  I found the below article from Microsoft which states "Administrative shares have default share permissions that restrict access to members of only a few security groups."  However, the article does not state what those "few security groups" are.

http://technet2.microsoft.com/windowsserver/en/library/e5026578-e891-4107-aa2e-9d180428055d1033.mspx?mfr=true

Probably domain admins, local administrators and schema/enterprise admins.
Can't find whether this is the only list - but I imagine it is.

Disable $ shares on a server:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareServer
Data Type: REG_DWORD
Value: 0

Disable $ shares on xp:
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareWks
Data Type: REG_DWORD
Value: 0

Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters
Name: AutoShareWks
Data Type: REG_DWORD
Value: 0

and235100:
    Good information, but these users are not members of any of those groups.  I don't want to disable the admin shares on the computers because I use them.  What I want to know is what allows these users the permission to access these shares?

Only if they are members of local or domain admins - other users don;t have access by default.

The users that can do this, can they do it from any machine?  If so, then they are getting admin rights from somewhere.  If not, the machine is giving them admin rights through a local group.

The users are not local adminstrators on either the remote or the local PC.  Yet they can still access C$, provided they have signed on locally to the computer at least one time.

A user logs onto Workstation A, logs off then on again they can access the c$ on any other computer?

2PiFL:
      No.  A user logs onto Workstation A, logs off, then they can access the c$ on Workstation A from any other computer.

Domain logon, local or both?

Our users log on with Domain accounts only.  They do not have local accounts.

OK, I'm just talking out loud here - nothing makes sense.  It's like there is a local policy (on every machine)  that assigns admin rights to anyone who logs in.  I say local because users only gain access to 1 PC at a time.  We can test this theory if you're willing.

I figured out my problem and as an added bonus, I know who did it.  Unfortunately, your situation isn't as simple.

Even though they can access the C$ share from a remote computer, they do not have Administrator rights because they still only have read access to the Windows folder.  They can create files where they have read/write NTFS permissions, but not where they only have read NTFS permission.

Point value increase.

How about enabling the following for the users you do not want to have access in the local policy (or domain policy if applicable)

Computer Config.\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny access to this computer from the network

Just add in the users you don't want to access the local disks.

and235100:
     Good idea, but not exactly what we want.  If we do this, it will prevent access to any other shared folders or printers.  

You are really in a situation where - unless you remove access to the shares - you will always get this issue.
Apologies - but there you go...

I finally found this article on Microsoft's website: http://support.microsoft.com/kb/100517 

It states that three groups have access to C$: Administrators, Backup Operators, and Server Operators.

I checked and Domain Users was a member of Backup Operators.  This doesn't fully explain why normal users only have access to C$ after logining in locally at least one time, but at least I can remove Domain Users from the group and this will revoke their access.

Glad that you found the resolution.
Ask a new, 0-point question here https://www.experts-exchange.com/Community_Support/General/ to close the question up - and you should get a points refund.