I have come across a problem that I wasn’t able to connect to default $Admin shares on a computer running Windows 10 remotely from the account being a member of the Local Administrators group. At the same time, I could access them without any troubles using built-in local Administrator account (by default, it is disabled).
Here is what the problem looks like in detail. I’m trying to get a remote access to the built-in administrative shares on a computer running Windows 10 and being a member of a workgroup (with the firewall turned off) as follows:
In the authorization window, I specify the name and password of the account being a member of the Local Administrators group on Windows 10, and get the access error (Access is denied). At the same time, I can access all network shares and shared printers on Windows 10. Also, I can access administrative resources from the Administrator account. If this computer is included in Active Directory domain, the access to the administrative shares from domain accounts with administrative privileges is not blocked.
The matter is in another aspect of security policy that appeared in the UAC – so called Remote UAC (user account control for remote connections) that filters tokens of local and Microsoft accounts and blocks remote access to such accounts. When accessing with the domain accounts, this restriction is not applied.
You can disable Remote UAC by creating the LocalAccountTokenFilterPolicy parameter in the registry
- Open the Registry Editor (regedit.exe)
- Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
- Create a new DWORD (32-bit) parameter with the name LocalAccountTokenFilterPolicy
- Specify the LocalAccountTokenFilterPolicy parameter value equal to 1
- Restart your computer to apply the changes
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "LocalAccountTokenFilterPolicy" /t REG_DWORD /d 1 /f
After the restart, try to remotely open the administrative share C$ on the computer running Windows 10.
So, we have considered how to allow the remote access to hidden administrative shares for all local administrators of a computer running Windows 10 using LocalAccountTokenFilterPolicy key. This guide is also applicable to Windows 8.x, 7 and Vista.