Business News Daily receives compensation from some of the companies listed on this page. Advertising Disclosure


Using Windows 10 Administrative Shares

By Adam Bertram, Business News Daily Contributor

The administrative shares that have been part of Windows for a long time have been a staple for remote file management for IT pros. Administrative file shares are the hidden shares on a Windows computer with a name that ends with a dollar sign. By default, these shares share out the contents of every drive on a system and also include shares like admin$ and IPC$ to perform various administrative functions. In Windows 10, these administrative shares still exist but require an extra step in order to work properly. Let's go over how to setup these administrative shares in Windows 10.

First, in domain environments, the administrative Windows 10 shares work as they always have. You simply provide a domain user account with permission to connect to the remote machine and it works. However, an issue arises when you have two Windows 10 computers in a workgroup. While in a workgroup, when you attempt to connect to an administrative share on a Windows 10 computer you will be prompted for a username and password as expected but you will receive a misleading Access Denied error message.

This is related to User Account Control (UAC) and requires a registry modification in order to work properly. By default, UAC remotely restricts these shares from being accessed. In order to successfully connect to an administrative share, you'll need to disable this feature. To do this, you'll need to create (or modify) a registry DWORD value called LocalAccountTokenFilterPolicy and set it to a value of 1. 

To do this, either log onto the console of the remote machine locally, via remote desktop or some other remote console application. Then, type in regedit in the search bar, which will bring up the registry editor.

Once in the registry editor, drill down to the path HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem. Then, right click on the System, click on New and then choose DWORD (32-bit) Value.

From here, you are given the option to name the new registry value. Give it a name of exactly LocalAccountTokenFilterPolicy and hit Enter.

Once you've created the registry key, it will have a value of 0; this needs to be a 1. To change it to a 1, double click on the registry value and put a 1 in for Value data.

This will create the registry value and should be all you need to connect to the administrative share successfully. This method should open up all administrative shares which consist of the C$, any additional drive shares, admin$ and IPC$.

When this step is complete, attempt to connect to an administrative share again. You should again be prompted for a username and password. Once given the appropriate credentials, you should now be presented with a file system listing of everything in the location that the share represents.