I started my day with some exciting stuff. Since the time I started working on Windows 7 computers, I always failed to access remote computer’s(windows 7) administrative shares(for example: c$) using computer’s local admin account(this used to work in windows XP as the local admin name and password are same across all systems). I didn’t pay much attention to it as I got domain admin privileges which anyways working. But these days with the increase in my testing efforts on windows 7 computers, the need to access remote shares with local administrator got increased. I don’t want to put domain admin every time as it is a high level account and moreover I need to put in the credentials every time I access a new computer which is waste of efforts.
Well, I got this problem resolved by little registry tweak. Steps follows….
- Go to Start -> RUN
- Type: REGEDIT
- Navigate to “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem”
- Create a new DWORD key with name “LocalAccountTokenFilterPolicy” and value “1”
- Restart your computer.
This solved the problem and I am able to access the shares of the computers where I made above change.
Well, the registry key fixed the problem but I am curious about the reasons behind this design. I did some research on this topic and understood that, it is a “Security Measure” for UAC(User Access Contorl) enable systems. The whole purpose of enabling UAC is to make administrators work with non-elevated environment to defend the attacks. As part of UAC implementation, the ability for local administrators to elevate their rights from remote computers is disabled by default and can be enabled on optional basis using aforementioned procedure.
More details can be grabbed from: http://support.microsoft.com/kb/951016
Hope this information helps you.