Is there a way to disable 2000/XP client administrative shares using a Group Policy?

Posted on 2004-11-19
Last Modified: 2009-11-10
Is there a way to disable 2000/XP client administrative shares using a Group Policy?
Question by:ShakeKing
    LVL 5

    Accepted Solution

    On the Domain Controller open and edit with notepad


    Add the following value to this section

    [Register Registry Values]


    AutoShareServer = Prevent Administrative Shares from being created

    After you have modified the Sceregvl.inf file to include your custom registry settings, the changes need to be registered by running the following command:

    C:\>regsvr32 scecli.dll

    to register the new policy.

    Now open the Group Policy Editor for the policy you want to add the setting to.

    Start Menu>Settings>Control Panel>Administrative Tools>Active Directory Users and Computers MMC,

    Right-click the domain and choose Properties,

    Choose the Group Policy tab,

    Select the policy you want to work with,

    Press the Edit button,

    Group Policy Editor opens.

    Expand the tree

    Computer Configuration>Windows Settings>Security Settings>Local Policies>Security Options

    In the policy list in the right pane look for "Prevent Administrative Shares from being created"

    (this is the setting we created in sceregvl.inf)

    Double-click to bring up its properties,

    Tick "Define this policy setting"

    Select "Enabled"

    Press OK

    Close Group Policy Editor.

    To force the policy out immediately from the Domain Controller

    C:\>secedit /refreshpolicy machine_policy /enforce

    On an XP workstation


    Check your client's registry at


    LVL 9

    Expert Comment

    LVL 5

    Expert Comment

    binary, the articles linked to in that solution don't use the Group Policy they use local editing of the security policy in the local registry.

    Group Policy on the other hand allows you to force the setting out to every single workstation in your domain whether you have 5 or 50,000.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
    As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, ( because one time I did this and I essentially had a bricked …
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now