Removing Administrative Shares from Windows Servers

Article ID: 72274

Article Type: Best Practices

Last Modified:

On Windows servers, hidden administrative shares are created automatically so that administrators, programs, and services can use these shares to access and manage these resources. Administrative shares pose a security vulnerability and must be disabled on the Servers/MediaAgents hosting the shares. These shares should not be used in Commvault software and should be removed immediately if they are used in existing configurations. Administrative shares can be used to setup the following features in Commvault software:

Typically, a dollar ($) is used to denote the shared partition or volume. For example: \\MyServer\E$\. If your existing setup is configured to use an administrative share, remove the share, and reconfigure the path as follows:

  1. Create the share as a dedicated share using specific user credentials with read/write access to the share. For more information, see File sharing over a network in Windows on the Microsoft support site.
  2. Modify the existing configuration and reconfigure the path with the dedicated share. For more information, see the following topics:
    1. Reconfiguring Mount Paths that Use Administrative Share
    2. Configuring a Local Drive or Network Share as the Export Destination for Disaster Recovery (DR) Backups
  3. Disable administrative shares on the server as described Microsoft article on How to remove administrative shares on the Microsoft documentation site.
  4. Restart the MediaAgent for the configuration to take effect.

**IMPORTANT: **Do not use Administrative shares for subsequent configurations in your environment.

1 Commvault Way, Tinton Falls, NJ 07724 Sitemap | Legal Notices | Trademarks | Privacy Policy
Copyright © 2022 Commvault | All Rights Reserved.