So I‘ve been running Windows 7 RTM for a while now, and really liking it. There are a few “gotcha’s”, and the $admin share is one of them. Out of the box, Windows 7 (and Windows Vista) disabled File and Printer sharing, as well as the $admin share. Normally, in the home environment, the $admin share is not needed, but in the corporate world, it’s used quite regularly, especially with tools like psexec, IntelliAdmin tools, and certain software deployments.
This is how to enable the $admin share in Windows 7:
First, Folder and Printer Sharing must be enabled. Open the Control Panel, and select Network and Internet. Then click on Network and Sharing Center.
Look to the left side of the Network and Sharing Center, and click on Change advanced sharing settings.
In the new window, you can change each network’s sharing settings (Home, Public, and Work/Domain). Expand the profile you want to modify, and click on “File and Printer Sharing”
Save your changes.
Next (I know, I wish it was just that easy…) you have to add a registry key. Open Regedit, navigate to HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System – create a new DWORD:
LocalAccountTokenFilterPolicy with the Value of 1
Reboot. You can now access the $admin share remotely.
Related posts:
Microsoft DPM
MicrosoftExchange
Nerd with a .45
PowerShell
Although this procedure works for allowing admin shares, it is not secure. Admin shares are supposed to allow access to administrators of the domain or local machine. This configuration as explained here allows everyone and anyone to access the shares.
@Perry
I couldn’t agree more. I only posted because someone asked me how to enable it. This should only be done if absolutely needed, and not on a large scale for sure!
wat are you on about perry this does not enable admin shares for non-admin accounts. it is therefore not the security risk that you imply either.
If you are logged in as an Administrator on machine 1 and try to access machine 2 through admin shares it allows access even if the UserName and password don’t match. The proper operation is only if you are logged in as an administrator with the same credentials should access be allowed otherwise you should be chalenged with a credential dialog. This does not occur thus it is a security problem. Does anyone have a solution so Admin shares work properly?
Pingback: Ku pamięci: Włączenie udziałów administracyjnych w Windows 7 – notepad of Karol Stilger
@Perry you are still incorrect. The LocalAccountTokenFilterPolicy setting is only disabling user account control for remote connections. With that policy set to 1, remote users will still be prompted for credentials and will only have administrative rights if the credentials provided have local administrative rights on the computer. Normal users will not automatically be granted admin rights and the only way you will not be prompted for credentials is if you are logged in as an account that has the exact same username and password on a remote machine.
http://support.microsoft.com/kb/951016
Thanks for the post. I was missing the last step with adding DWORD: LocalAccountTokenFilterPolicy
Chris is correct. This is indeed secure. In fact, the admin$ and c$ shares used to be enabled by default up through Windows XP, including Windows NT, Server 2000, and 2003.
Everything working correctly in Windows 7 Ultimate SP1. This has solved me a lot of work in achieving PSExec to work.
Thanks a lot for this post, friend.