I know you can change the reg. values for defualt admin shares to disable C$ D$ ADMIN$ IPC$ ETC. I also know that it will effect things such as SMS. I figure that it will also kill patchmangement systems such as Shavliks, HFNETCHKPRO. However it seems as if every security guide recommends this and all external auditors recommend this as well. I need to know what others think. Disable, or leave enabled, and why? The answer here will come in the form of the why. Thank you.