Several Methods to disable IPC $

Some old friends asked this question. I will post an article.

Definition of IPC $: IPC $ is a resource that shares "named pipes" and is important for inter-program communication. Used to remotely manage computers and view shared resources of computers.
IPC $: Using IPC $, we can establish an empty connection with the target host (without the user name and password), and use this empty connection, the user list on the target host is displayed.

However, others will use this function to find our user list and use dictionary tools to attack our host.

Method 1:

If you want to disable the default share of % DriveLetter % $, you can

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanmanServerParameters New name: AutoShareServer Type: REG_DWORD Value: 0

　　
If you want to disable the default share of Admin $, you can

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesLanmanServerParameters New name: autoscaling wks Type: REG_DWORD Value: 0

Method 2:

Create a delshare. bat file under drive C.
The content is as follows:

Net share c $/del Net share d $/del Net share admin $/del Net share ipc $/del

All your drive letters are listed here. Similar format!

Modify the registry:

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "Delshare" = "c: \ delshare. bat

Appendix:
IPC $ Common commands:

Net share ipc $ (Open IPC $)

Net share ipc $/del (delete IPC $)

Net share c = c: (default share of the drive c of the other party is enabled)

Net start telnet (enable the peer telnet Service)

Net user username/add (add user)

Net localgroup administrators username (improves user permissions)

Note that the preceding commands can be completed only in the SHELL of the other party !~ It is not enough to establish an IPC $ connection !~ Commands that can be used to obtain the permission of the other Party through IPC $ !~