: Shares on a system provide network access. To prevent exposing sensitive information, where shares are necessary, permissions must be reconfigured to give the minimum access to those accounts that require it.
: If only system-created shares such as "ADMIN$", "C$", and "IPC$" exist on the system, this is NA.
(System-created shares will display a message that it has been shared for administrative purposes when "Properties" is selected.)
Run "Computer Management".
Navigate to System Tools >> Shared Folders >> Shares.
Right click any non-system-created shares.
Select the "Share Permissions" tab.
If the file shares have not been reconfigured to restrict permissions to the specific groups or accounts that require access, this is a finding.
Select the "Security" tab.
If the NTFS permissions have not been reconfigured to restrict permissions to the specific groups or accounts that require access, this is a finding.
Fix Text: If a non-system-created share is required on a system, configure the share and NTFS permissions to limit access to the specific groups or accounts that require it.
Remove any unnecessary non-system-created shares.