How to Read this Output from 'Net Share' (Win Command Line)

  • Thread starter Thread starter WWGD
  • Start date Start date
  • Tags Tags
    Line Output
Click For Summary

Discussion Overview

The discussion revolves around interpreting the output of the 'Net Share' command in the Windows Command Line, particularly focusing on the meaning of shared resources and the implications of certain shares being visible or hidden. Participants explore the nature of default shares, remote IPC, and security considerations related to network access.

Discussion Character

  • Technical explanation
  • Conceptual clarification
  • Debate/contested

Main Points Raised

  • Some participants note that the $ sign indicates that the resources are shared, with Windows system shares conventionally ending with a $.
  • There is a suggestion that C$ and D$ are default shares, while IPC$ and ADMIN$ are categorized as remote shares.
  • One participant expresses uncertainty about the implications of having these shares and questions how to read the output effectively.
  • Another participant mentions that enabling TCP/IP for an instance could lead to remote access and asks how to check if it has been accessed remotely.
  • Concerns are raised about a high number of logins, with speculation that they may be due to other processes or programs.
  • There is a discussion about the limitations of monitoring access at the OS level without specific logging setups, and questions about firewall settings and port management are raised.
  • A participant clarifies that the $ sign indicates a hidden share, which can be accessed if known, but will not appear in a standard browse.

Areas of Agreement / Disagreement

Participants generally agree on the basic interpretation of the $ sign indicating shared resources, but there are differing views on the implications of these shares and how to monitor access. The discussion remains unresolved regarding the best methods for tracking remote access and the security implications of the shares listed.

Contextual Notes

Participants mention the need for specific logging to monitor access and discuss firewall settings, but do not reach a consensus on the best practices for security or monitoring.

WWGD
Science Advisor
Homework Helper
Messages
7,785
Reaction score
13,059
Hi,
I was experimenting , after doing some reading, with 'Net Share' in my Windows 10 Command Line, on my PC, which I'm not using as a server, i.e., I'm not running ( nor do I have installed) Windows Server nor other server software.
The output was:

Share name Resource Remark

-------------------------------------------------------------------------------
C$ C:\ Default share
D$ D:\ Default share
IPC$ Remote IPC
ADMIN$ C:\WINDOWS Remote Admin
SQLServer2017Media
C:\SQLServer2017Media
The command completed successfully.

My limited research tells me the $ sign means the resourcees are being shared. Now, AFAIK, C,D drivs are shared by default ( Though not too clear on what that means/implies ). But IPC, ADMIN are not shared by default. But Remote IPC, Remote Admin are not.

Just how do I read this output?
 
Last edited:
Computer science news on Phys.org
It's always a good idea to post command line output in code tags thusly (this is my output which as you can see is similar to yours):
Code: 
C:\Users\pbuk>net share

Share name   Resource                        Remark

-------------------------------------------------------------------------------
C$           C:\                             Default share
E$           E:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\WINDOWS                      Remote Admin
The command completed successfully.
WWGD said:
I'm not running ( nor do I have installed) Windows Server nor other server software.
Well you do seem to be running MS SQL Server.

WWGD said:
My limited research tells me the $ sign means the resources are being shared.
Well the fact that they are listed under "Share Name" tells you that, but yes, Windows system shares are by convention terminated with a $.

WWGD said:
Just how do I read this output?
Don't worry about it. As long as you have not messed about with your firewall settings or permissions you'll be OK.
 
  • Like
Likes   Reactions: WWGD
pbuk said:
It's always a good idea to post command line output in code tags thusly (this is my output which as you can see is similar to yours):
Code: 
C:\Users\pbuk>net share

Share name   Resource                        Remark

-------------------------------------------------------------------------------
C$           C:\                             Default share
E$           E:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\WINDOWS                      Remote Admin
The command completed successfully.

Well you do seem to be running MS SQL Server.Well the fact that they are listed under "Share Name" tells you that, but yes, Windows system shares are by convention terminated with a $.Don't worry about it. As long as you have not messed about with your firewall settings or permissions you'll be OK.
Thanks for the editing and the reminder. I had enabled TCP/IP for an instance. I just disabled it. Is there a way of seeing if it has been accessed remotely?
EDIT: I have an absurdly-high number of logins today: some 2500. I'm sure this is done by other processes/programs, but it seems too much in my admittedly limited understanding of this topic.
 
WWGD said:
Thanks for the editing and the reminder. I had enabled TCP/IP for an instance. I just disabled it. Is there a way of seeing if it has been accessed remotely?
Probably not at the OS level unless you set up some specific logging. Are you running a firewall with logging? What port(s) did you open and what was listening on them? Was your router forwarding any WAN traffic to these ports?
 
  • Like
Likes   Reactions: WWGD
pbuk said:
Probably not at the OS level unless you set up some specific logging. Are you running a firewall with logging? What port(s) did you open and what was listening on them? Was your router forwarding any WAN traffic to these ports?
I've only enabled apps in my 'allowed' list through the firewall. Other than that, some internal ports and none suspicious; all from sites I've logged on to. Thanks.
 
  • Like
Likes   Reactions: pbuk
Thanks for your help, pbuk.
 
pbuk said:
Well the fact that they are listed under "Share Name" tells you that, but yes, Windows system shares are by convention terminated with a $.

Share names do not need to have a $ sign on them. The $ at the end of the share indicates a hidden share so if you browse the machine remotely you will not see it come up but can still access it if you know it exists. You can create shares using the $ at the end if you want them to be hidden also.
 
  • Like
Likes   Reactions: WWGD

Similar threads

Upgrading Win 7 32 bit to Win 10 64 bit
  • · Replies 37 ·
2
Replies
37
Views
7K
Mysqld command does not start the MySQL Server
  • · Replies 12 ·
Replies
12
Views
11K
How should I distribute space among different partitions in Ubuntu?
  • · Replies 38 ·
2
Replies
38
Views
5K
What is the best Unix like OS for mathematical computation?
  • · Replies 2 ·
Replies
2
Views
7K
Bluetooth malfunctioning in Ubuntu 20.04 laptop
  • · Replies 15 ·
Replies
15
Views
6K
Understanding DRAM Refresh Operations
  • · Replies 14 ·
Replies
14
Views
5K
COMPLETELY unacceptable (rant) - Win XP reboot behaviour
  • · Replies 7 ·
Replies
7
Views
3K
C - getting filenames from stdin/stdout for use in getopt
  • · Replies 3 ·
Replies
3
Views
5K
Is it time to give up trying to deploy an ASP.NET project
  • · Replies 4 ·
Replies
4
Views
5K
My C program has turned into a monster
  • · Replies 9 ·
Replies
9
Views
2K