Home > Powershell > Deleting Default Shares Using Powershell – Part 2

Deleting Default Shares Using Powershell – Part 2

Having removed the default administrative shares in Part 1 has provided a minimal increase in my security confidence index for the time being but knowing all to well that when the machine is rebooted the shares will return once again takes me back to where I started.    This means that we must take it one step further and edit the registry to permanately remove them going forward. 

One of the neat things about Powershell is that it creates a set of PSDrives that allow the browsing of different data types using the same set of commands as though they were directories.  The PSDrives  on my machine are the following:

Get-PSDrive | Format-Table  -Auto

The psdrives displayed will have a corresponding Provider that exposes it’s data store and can be viewed using Get-PSProvider. 

Get-PSProvider | Format-Table  -Auto

Since Powershell includes a set of cmdlets that are designed to manage items in a data store we can enter a PSDrive using Set-Location, and display it’s contents using Get-ChildItem.   The HKLM registry hive is what needs to be edited, specifically HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters so let’s move into that key.   What you will notice is that  the “directories” (in this case Keys) are condensed, something specific to the Registry provider.

In order to see the actual data types in the Parameters key, “Get-ItemProperty . “must be used.  The dot represents the current directory.  I’ve also highlighted the DWORD value that needs to be created if it doesn’t exist and if so, then it’s value must be set to zero (0). 

Get-ItemProperty .

Below is the final script.   It’s simple and a rough cut, something I will fine tune in the next post.

Categories: Powershell
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: