Just noticed a client image we have (not on domain) can access server shares c$ etc..
Seem to have less security that standard users on the domain..
Domain 2012, most server shares are on 2008 r2 boxes.
Clients Windows 7 Pro. Have the local admin account a member of the administrators group. The administrators group has admin, domain\domain admins\ and domain\localadminsgroup\ added.
An example server share doesn't have any of these groups added to c$ or the shares.