GEN:SID 1:532
Message NETBIOS SMB ADMIN$ share access
Summary This event is generated when an attempt is made to access an administrative share on a Windows machine.
Impact Serious. Possible administrator access on the victim machine.
Detailed Information This rule  generates an event when the hidden Netbios share Admin$, which is the Winnt directory, is accessed via SMB.

This is a poor security practice or an indication that a machine is being accessed remotely.
Affected Systems Windows 9x
    Windows 2000
    Windows XP
Attack Scenarios  
Ease of Attack Simple
Corrective Action Use a packet filtering firewall to disallow Netbios access from the unprotected network.
Additional References