sábado, 17 de enero de 2015

Windows 8 Administrative Shares: 'Access is Denied'

SQL Server

http://www.computerperformance.co.uk/win8/windows8-administrative-shares.htm



Windows 8 Administrative Shares: 'Access is Denied'Windows 8 Access is Denied Administrative Shares

For security reasons the built-in admin$ family of hidden shares has been disabled in Windows 8.

Windows 8 Administrative Shares


Windows 8 Administrative Shares Access Denied

The situation: you try to connect to a network machine via a hidden share such as c$ or admin$ (\\MachineName\c$), and receive an error messages:
  • Access is denied.
  • The specified username is invalid.
  • You may not have permission to use this network share.

Solutions for Access is Denied to Administrative Shares

  1. One solution may be to accept the situation and abandon your attempt to connect via C$.  You could try remote desktop instead.  I say this not because the challenge is too difficult, but because the default is the securest configuration for remote user account control (UAC).  Once you enable these hidden admin$ shares then your machine can be attacked by hackers.  Indeed, that is why Microsoft removed this capability, even though it was popular with XP and Windows 98 users.
  2. If you really must find a solution to the Windows 8 'Access is denied' message then try leaving the Homegroup.
  3. If that does not work then Launch Regedit and adjust Remote User Account Control (UAC) settings.

Use Regedit to Create LocalAccountTokenFilterPolicy Value

Type Regedit in the Search dialog box, best right-click the executable and 'Run as administrator'.
Once Regedit launches navigate to this path:

HKLM\SOFTWARE\Microsoft\Windows
  CurrentVersion\Policies\System (See screenshot below)
LocalAccountTokenFilterPolicy Access Denied
Once you are at this folder in the registry:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Create LocalAccountTokenFilterPolicy

The text book says create a new DWORD value called LocalAccountTokenFilterPolicy
What I did was create a QWORD (64-bit) called LocalAccountTokenFilterPolicy, that worked for me when the DWORD would not allow access to my 64-bit machine.

In either case, set the value to numeric 1 (meaning on), remember to click OK.

Mostly, the LocalAccountTokenFilterPolicy value gets created before you have a chance to set the data value; no problem, just double-click and modify the data from 0 to 1.