How to Read this Output from 'Net Share' (Win Command Line)

  • Thread starter Thread starter WWGD
  • Start date Start date
  • Tags Tags
    Line Output
AI Thread Summary
The discussion revolves around the use of the 'Net Share' command in Windows 10, which reveals shared resources on a PC. The output indicates several default shares, including C$ and D$, which are standard hidden shares for the C and D drives, respectively. IPC$ is used for remote inter-process communication, while ADMIN$ provides remote access to the Windows directory. The presence of the $ sign denotes hidden shares, meaning they won't appear in a standard browsing session but can be accessed if known.Concerns were raised about potential remote access, particularly after enabling TCP/IP for an instance of SQL Server, which led to an unusually high number of logins. It was noted that without specific logging set up at the OS level, it may be difficult to track remote access. Recommendations included checking firewall settings and ensuring no unnecessary ports are open or being forwarded by the router. The conversation emphasizes the importance of understanding network shares and security settings to maintain system integrity.
WWGD
Science Advisor
Homework Helper
Messages
7,679
Reaction score
12,434
Hi,
I was experimenting , after doing some reading, with 'Net Share' in my Windows 10 Command Line, on my PC, which I'm not using as a server, i.e., I'm not running ( nor do I have installed) Windows Server nor other server software.
The output was:

Share name Resource Remark

-------------------------------------------------------------------------------
C$ C:\ Default share
D$ D:\ Default share
IPC$ Remote IPC
ADMIN$ C:\WINDOWS Remote Admin
SQLServer2017Media
C:\SQLServer2017Media
The command completed successfully.

My limited research tells me the $ sign means the resourcees are being shared. Now, AFAIK, C,D drivs are shared by default ( Though not too clear on what that means/implies ). But IPC, ADMIN are not shared by default. But Remote IPC, Remote Admin are not.

Just how do I read this output?
 
Last edited:
Computer science news on Phys.org
It's always a good idea to post command line output in code tags thusly (this is my output which as you can see is similar to yours):
Code: 
C:\Users\pbuk>net share

Share name   Resource                        Remark

-------------------------------------------------------------------------------
C$           C:\                             Default share
E$           E:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\WINDOWS                      Remote Admin
The command completed successfully.
WWGD said:
I'm not running ( nor do I have installed) Windows Server nor other server software.
Well you do seem to be running MS SQL Server.

WWGD said:
My limited research tells me the $ sign means the resources are being shared.
Well the fact that they are listed under "Share Name" tells you that, but yes, Windows system shares are by convention terminated with a $.

WWGD said:
Just how do I read this output?
Don't worry about it. As long as you have not messed about with your firewall settings or permissions you'll be OK.
 
  • Like
Likes WWGD
pbuk said:
It's always a good idea to post command line output in code tags thusly (this is my output which as you can see is similar to yours):
Code: 
C:\Users\pbuk>net share

Share name   Resource                        Remark

-------------------------------------------------------------------------------
C$           C:\                             Default share
E$           E:\                             Default share
IPC$                                         Remote IPC
ADMIN$       C:\WINDOWS                      Remote Admin
The command completed successfully.

Well you do seem to be running MS SQL Server.Well the fact that they are listed under "Share Name" tells you that, but yes, Windows system shares are by convention terminated with a $.Don't worry about it. As long as you have not messed about with your firewall settings or permissions you'll be OK.
Thanks for the editing and the reminder. I had enabled TCP/IP for an instance. I just disabled it. Is there a way of seeing if it has been accessed remotely?
EDIT: I have an absurdly-high number of logins today: some 2500. I'm sure this is done by other processes/programs, but it seems too much in my admittedly limited understanding of this topic.
 
WWGD said:
Thanks for the editing and the reminder. I had enabled TCP/IP for an instance. I just disabled it. Is there a way of seeing if it has been accessed remotely?
Probably not at the OS level unless you set up some specific logging. Are you running a firewall with logging? What port(s) did you open and what was listening on them? Was your router forwarding any WAN traffic to these ports?
 
  • Like
Likes WWGD
pbuk said:
Probably not at the OS level unless you set up some specific logging. Are you running a firewall with logging? What port(s) did you open and what was listening on them? Was your router forwarding any WAN traffic to these ports?
I've only enabled apps in my 'allowed' list through the firewall. Other than that, some internal ports and none suspicious; all from sites I've logged on to. Thanks.
 
  • Like
Likes pbuk
Thanks for your help, pbuk.
 
pbuk said:
Well the fact that they are listed under "Share Name" tells you that, but yes, Windows system shares are by convention terminated with a $.

Share names do not need to have a $ sign on them. The $ at the end of the share indicates a hidden share so if you browse the machine remotely you will not see it come up but can still access it if you know it exists. You can create shares using the $ at the end if you want them to be hidden also.
 
  • Like
Likes WWGD

Similar threads

Upgrading Win 7 32 bit to Win 10 64 bit
Replies
37
Views
6K
Mysqld command does not start the MySQL Server
Replies
12
Views
11K
How should I distribute space among different partitions in Ubuntu?
Replies
38
Views
4K
What is the best Unix like OS for mathematical computation?
Replies
2
Views
7K
Bluetooth malfunctioning in Ubuntu 20.04 laptop
Replies
15
Views
6K
COMPLETELY unacceptable (rant) - Win XP reboot behaviour
Replies
7
Views
3K
C - getting filenames from stdin/stdout for use in getopt
Replies
3
Views
5K
Understanding DRAM Refresh Operations
Replies
14
Views
5K
Is it time to give up trying to deploy an ASP.NET project
Replies
4
Views
5K
My C program has turned into a monster
Replies
9
Views
2K

Hot Threads

Recent Insights

Back
Top