You can refer to the following four methods:
A. One way is to delete both ipc $ and default share. But there will be again after the restart. You need to modify the registry.
1. First Delete the existing
Net share ipc $/del
Net share admin $/del
Net share c $/del
............ (Delete several items)
2. Do not create a null connection
First Run regedit and find the following primary key [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSA]
Change the key value of RestrictAnonymous (DWORD) to 00000001.
3. Disable auto-enable default share
For server, find the following primary key [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerPara
Meters] Change the key value of AutoShareServer (DWORD) to 00000000.
For pro, [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerParameters]
The key value of tow.wks (DWORD) is changed to 00000000.
B. Disable ipc $ and default shared dependencies (not recommended)
Net stop lanmanserver
You may be prompted whether the XXX service will be closed or not. Some secondary services depend on lanmanserver. Generally, Press y to continue.
C. The simplest way is to set a complex password to prevent the password from being lifted through ipc $. However, if you have other vulnerabilities, ipc $ will facilitate further intrusion.
D. You can install a firewall or filter ports.