December 2005 Reader Challenge

November 2005 Reader Challenge Winners

Congratulations to the winners of our November 2005 Reader Challenge. We had a deluge of correct answers--one of the largest responses I’ve seen in many years. As a result, this month only, we’re awarding three prizes instead of two. Many of the responses contained interesting comments about how much fun it is for “old timers” to use their knowledge of DOS commands. I was amazed at how many respondents told me they still use the SUBST command on workstations. Apparently a lot of old applications that have hard-coded drive locations are still in use (some assuming the presence of NetWare), and the SUBST command is the easiest way to accommodate them.

First prize, a copy of "Windows XP Annoyances for Geeks Second Edition," goes to Mark Hutchinson of New York. Second prize, a copy of "Windows Server 2003 Network Administration" goes to Joe Sperber of California. Third prize, a copy of "Windows Server Cookbook," goes to Norman Vance of Texas. All books are from O’Reilly & Associates Publishing.

December 2005 Reader Challenge

Solve this month's Windows Client challenge, and you might win a prize! Email your solution (don't use an attachment) to [email protected] by December 21, 2005. You MUST include your full name, and street mailing address (without that information, we can't send you a prize if you win, so your answer is eliminated, even if it’s correct). I choose winners at random from the pool of correct entries. I’m a sucker for humor and originality, and a cleverly written correct answer gets an extra chance. Because I receive so many entries each month, I can't reply to respondents, and I never respond to a request for a receipt. Look for the solutions to this month's problem on December 22, 2005.

The Challenge:

I received the following email message from a Windows Client UPDATE reader: Dear Columnist, somebody deleted the administrative shares from some of our servers, and we're getting errors such as users being told they can’t log on, or network path was not found. I entered the administrative share again using the Sharing tab of the Properties dialog box, but it doesn’t cure the problem, and when I reboot the shares are missing again. How do I get these deleted administrative shares back?

Can you answer his question?

The Answers

You get rid of the malware, which is the only reason that administrative shares disappear permanently. If a user deletes an administrative share, Windows should create the share automatically during startup, unless some malicious code interferes with that process.

One clue is the presence of the registry item AutoShareServer in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters registry key.

That registry item doesn't exist by default (it’s not needed because Windows automatically creates administrative shares during startup), and its presence is usually a sign that malware has tampered with your registry. If the value is zero (0), it instructs Windows not to create those administrative shares, which can cause numerous network communication problems. In fact, without administrative shares, a number of configuration functions (using Microsoft Management Console--MMC snap-ins) stop working. You can change the value to 1, but the malware will almost certainly change it back to 0 during startup.

Remove the affected computer from the network, scan the entire network for viruses, and find the security hole that allowed this malware into your network. Move to stronger passwords and take any other steps necessary to stop outsiders from invading your network.

TAGS: Windows 8
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.