<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:161; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman";} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt;} @page Section1 {size:612.0pt 792.0pt; margin:72.0pt 90.0pt 72.0pt 90.0pt; mso-header-margin:36.0pt; mso-footer-margin:36.0pt; mso-paper-source:0;} div.Section1 {page:Section1;} --> Hello everybody, Any advise on the following will be much appreciated. I have a customer who asks if there is a guidance or procedure to permanently disable the admin shares on Windows 7 in order to prevent the downdup virus spread. Thanks in advance Rgds, Nick.

Hi, We suggest customers do not disable Administrative Share. There will be several potential issues. Please read the following KB article. Overview of problems that may occur when administrative shares are missing The following steps helps you to disable it as a test. If there is any issue please enable it again. 1. Click Start, enter regedit in Start Search box. 2. Locate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters 3. Select Edit, New, DWORD (32-bit) Value. Name: AutoShareWks The default value is 0. 4. Restart Windows to put the new setting into effect.

<!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:161; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 159 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:161; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman";} a:link, span.MsoHyperlink {mso-style-noshow:yes; mso-style-priority:99; color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {mso-style-noshow:yes; mso-style-priority:99; color:purple; mso-themecolor:followedhyperlink; text-decoration:underline; text-underline:single;} span.EmailStyle16 {mso-style-type:personal; mso-style-noshow:yes; mso-style-unhide:no; mso-ansi-font-size:11.0pt; mso-bidi-font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-hansi-font-family:Calibri; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi; color:#1F497D; mso-themecolor:dark2; font-weight:normal; font-style:normal;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt;} @page Section1 {size:612.0pt 792.0pt; margin:72.0pt 90.0pt 72.0pt 90.0pt; mso-header-margin:36.0pt; mso-footer-margin:36.0pt; mso-paper-source:0;} div.Section1 {page:Section1;} --> I understand the impacts of disabling admin shares, but what cust. can do given that downdup virus (conficker) attacks on administrative shares? I have already advised him to perform the steps in KB article 962007 posted at http://support.microsoft.com/kb/962007/en-us Or disable automatic admin shares creation via group policy. What else he can do? Nick.

In the article, the recommended preventions are: Use strong administrator passwords that are unique for all computers.Do not log on to computers by using Domain Admin credentials or credentials that have access to all computers.Make sure all systems have the latest security updates applied.Disable the Autoplay features. For more information, see step 3 of the "Create a Group Policy object" section.Remove excessive rights to shares. This includes removing write permissions to the root of any share. Admin share is not mentioned. You just need to do the recommended suggestion. After doing that, although someone accesses any root on your computer, they do not have write permissions so no malware will be received.Arthur Xie - MSFT