Can't access the ADMIN$ using a local user account
If you are attempting to access (either with PDQ Inventory or PDQ Deploy) a Windows 7, Windows Vista or Server 2008 computer you may get the" Access Denied - Failed to connect to ADMIN$ share" error , even when supplying the appropriate local user credentials that have Administrator access. If the target computer is not a member of a Windows 2003 or later Domain then this is most likely because the target system has Remote UAC enabled. Remote UAC prevents local administrative accounts from accessing ADMIN$. (more appropriately Remote UAC prevents local accounts from running in an elevated mode when connecting from the network) If you need to be able to access the ADMIN$ using a local account then you will need to disable Remote UAC. You can accomplish this by editing the registry.
Assuming you have all your other ducks in a row (Firewall exceptions, appropriate credentials of local administrative user, etc) then you just need to add a quick entry in the registry of the target computer. In the registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System. Create a DWORD value called LocalAccountTokenFilterPolicy and assign it a value of 1.
A reboot will be necessary. See image.
* By default, when local credentials are used to access a Windows Vista (or later) system that is a member of a Windows Domain this problem does not exist. Your Windows domain may still disable Remote UAC.
** By default Remote administrative access is denied to local accounts when a Windows Vista (or later OS) is NOT a member of a Windows 2003 or later domain.
Further reading:
posted on 2013-01-04 20:50 Richard.FreeBSD 阅读(637) 评论(0) 编辑 收藏 举报
