How to Read this Output from 'Net Share' (Win Command Line)

  • Thread starter Thread starter WWGD
  • Start date Start date
  • Tags Tags
    Line Output
Click For Summary
SUMMARY

The discussion focuses on interpreting the output of the 'Net Share' command in Windows 10 Command Line. The output reveals default shares such as C$, D$, IPC$, and ADMIN$, with the '$' sign indicating hidden shares. Users are advised that these shares are typically safe unless firewall settings or permissions have been altered. Additionally, the conversation touches on monitoring remote access and the implications of enabling TCP/IP for SQL Server instances.

PREREQUISITES
  • Understanding of Windows 10 Command Line operations
  • Familiarity with network sharing concepts in Windows
  • Basic knowledge of SQL Server configuration and TCP/IP settings
  • Awareness of firewall settings and logging mechanisms
NEXT STEPS
  • Research how to configure and interpret Windows Firewall logging
  • Learn about SQL Server security best practices and remote access monitoring
  • Explore the implications of hidden shares and how to create them
  • Investigate tools for monitoring network traffic and access logs
USEFUL FOR

This discussion is beneficial for system administrators, network engineers, and anyone managing Windows environments, particularly those dealing with SQL Server and network sharing configurations.

WWGD
Science Advisor
Homework Helper
Messages
7,777
Reaction score
13,013
Hi,
I was experimenting , after doing some reading, with 'Net Share' in my Windows 10 Command Line, on my PC, which I'm not using as a server, i.e., I'm not running ( nor do I have installed) Windows Server nor other server software.
The output was:

Share name Resource Remark

-------------------------------------------------------------------------------
C$ C:\ Default share
D$ D:\ Default share
IPC$ Remote IPC
ADMIN$ C:\WINDOWS Remote Admin
SQLServer2017Media
C:\SQLServer2017Media
The command completed successfully.

My limited research tells me the $ sign means the resourcees are being shared. Now, AFAIK, C,D drivs are shared by default ( Though not too clear on what that means/implies ). But IPC, ADMIN are not shared by default. But Remote IPC, Remote Admin are not.

Just how do I read this output?
 
Last edited:
Computer science news on Phys.org
It's always a good idea to post command line output in code tags thusly (this is my output which as you can see is similar to yours):
Code: 
C:\Users\pbuk>net share

Share name   Resource                        Remark

-------------------------------------------------------------------------------
C$           C:\                             Default share
E$           E:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\WINDOWS                      Remote Admin
The command completed successfully.
WWGD said:
I'm not running ( nor do I have installed) Windows Server nor other server software.
Well you do seem to be running MS SQL Server.

WWGD said:
My limited research tells me the $ sign means the resources are being shared.
Well the fact that they are listed under "Share Name" tells you that, but yes, Windows system shares are by convention terminated with a $.

WWGD said:
Just how do I read this output?
Don't worry about it. As long as you have not messed about with your firewall settings or permissions you'll be OK.
 
  • Like
Likes   Reactions: WWGD
pbuk said:
It's always a good idea to post command line output in code tags thusly (this is my output which as you can see is similar to yours):
Code: 
C:\Users\pbuk>net share

Share name   Resource                        Remark

-------------------------------------------------------------------------------
C$           C:\                             Default share
E$           E:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\WINDOWS                      Remote Admin
The command completed successfully.

Well you do seem to be running MS SQL Server.Well the fact that they are listed under "Share Name" tells you that, but yes, Windows system shares are by convention terminated with a $.Don't worry about it. As long as you have not messed about with your firewall settings or permissions you'll be OK.
Thanks for the editing and the reminder. I had enabled TCP/IP for an instance. I just disabled it. Is there a way of seeing if it has been accessed remotely?
EDIT: I have an absurdly-high number of logins today: some 2500. I'm sure this is done by other processes/programs, but it seems too much in my admittedly limited understanding of this topic.
 
WWGD said:
Thanks for the editing and the reminder. I had enabled TCP/IP for an instance. I just disabled it. Is there a way of seeing if it has been accessed remotely?
Probably not at the OS level unless you set up some specific logging. Are you running a firewall with logging? What port(s) did you open and what was listening on them? Was your router forwarding any WAN traffic to these ports?
 
  • Like
Likes   Reactions: WWGD
pbuk said:
Probably not at the OS level unless you set up some specific logging. Are you running a firewall with logging? What port(s) did you open and what was listening on them? Was your router forwarding any WAN traffic to these ports?
I've only enabled apps in my 'allowed' list through the firewall. Other than that, some internal ports and none suspicious; all from sites I've logged on to. Thanks.
 
  • Like
Likes   Reactions: pbuk
Thanks for your help, pbuk.
 
pbuk said:
Well the fact that they are listed under "Share Name" tells you that, but yes, Windows system shares are by convention terminated with a $.

Share names do not need to have a $ sign on them. The $ at the end of the share indicates a hidden share so if you browse the machine remotely you will not see it come up but can still access it if you know it exists. You can create shares using the $ at the end if you want them to be hidden also.
 
  • Like
Likes   Reactions: WWGD

Similar threads

Upgrading Win 7 32 bit to Win 10 64 bit
  • · Replies 37 ·
2
Replies
37
Views
7K
Mysqld command does not start the MySQL Server
  • · Replies 12 ·
Replies
12
Views
11K
How should I distribute space among different partitions in Ubuntu?
  • · Replies 38 ·
2
Replies
38
Views
5K
What is the best Unix like OS for mathematical computation?
  • · Replies 2 ·
Replies
2
Views
7K
Bluetooth malfunctioning in Ubuntu 20.04 laptop
  • · Replies 15 ·
Replies
15
Views
6K
Understanding DRAM Refresh Operations
  • · Replies 14 ·
Replies
14
Views
5K
COMPLETELY unacceptable (rant) - Win XP reboot behaviour
  • · Replies 7 ·
Replies
7
Views
3K
C - getting filenames from stdin/stdout for use in getopt
  • · Replies 3 ·
Replies
3
Views
5K
Is it time to give up trying to deploy an ASP.NET project
  • · Replies 4 ·
Replies
4
Views
5K
My C program has turned into a monster
  • · Replies 9 ·
Replies
9
Views
2K