Win10 UAC remote restrictions

I was having trouble reaching the c$ and admin$ shares on a remote Win10 standalone machine(not a member of a domain)

It turns out that Microsoft per default activates some UAC remote restriction on standalone installations. This feature can be adjusted through registry, thus enabling the admin shares for standalone administrative purposes. This is not something new, it has been a default value ever since UAC was introduced. However I haven’t seen it because I mostly work in AD domains.

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

The reg_dword might not exist, but after creating it the exporer.exe process needs to be restarted, and case is closed 🙂

More articles

AD retention period

Check AD retention tombstone value: Import-Module ActiveDirectory $ADForestconfigurationNamingContext = (Get-ADRootDSE).configurationNamingContext $DirectoryServicesConfigPartition = Get-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,$ADForestconfigurationNamingContext” -Partition $ADForestconfigurationNamingContext -Properties *

Read More »