Skip to main content

 

Admin shares available to non-administrative users over loopback address

 Scenario.

A non-administrative user starts Excel on a RemoteApp host. They open the "file open" window and in file name type \\127.0.0.1\c$. They are presented with the c:\ drive of the system. The same is true of c$ d$ admin$ etc...

The same user typing \\127.0.0.1\c$ in the address\location bar of open file window is told that this has been restricted by their system administrator.

The same user attempting to access the admin shares from another machine is prompted for credentials.

"This behavior occurs because the administrative share's default share permission was changed in Windows Server 2008, which allows the active logon account to access the administrative shares.

Resolution :

The administrative share's default share permission is controlled by the registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity\SrvsvcShareAdminConnect.

To configure Windows Server 2008 to behave the same as Windows Server 2003, we can export the registry value above from Window Server 2003, and import it to Windows Server 2008. Please Note: We need to restart the server for the change to take effect."

I have tested this fix on my W2K8 R2 SP1 machine and i can confirm that non-administrative users started getting the prompt for user name & password.

For those wanting to achieve the same behavior, you can find the registry binary data you need to import below.


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity]
"SrvsvcShareAdminConnect"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,\
  14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,\
  00,00,05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,\
  00,05,20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,27,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
  00,00,00,05,12,00,00,00

Comments

Popular posts from this blog

System Volume Information is taking more space

On one of the servers (running Windows Server 2012 R2) I faced a problem with the lack of free space on a system drive. I have cleared all resource-consuming locations ( WinSxS , TEMP directories, user profiles,  outdated updates , etc.), but it didn’t have any evident effect. At last, I have found that a large part of a system disk has been occupied by  System Volume Information  folder. Let’s consider why we need System Volume Information folder in Windows systems, what is stored in it and how to clean up it. Note . The instructions given in this article are applicable to other Windows versions as well:   Windows 10, Windows 7, Windows 8, Windows 2008 R2, Windows 2012 / 2012 R2. System Volume Information  folder is in the root of each disk. System data related to system recovery and Shadow Copy Service are stored in it. By default it is hidden and only the SYSTEM has access to it. Even the administrator cannot open it and look through the contents of th...

ESM Log size is full - How to clear

                                            ESM log Size is full ---- How to Clear If your getting the below error in event viewer you can follow the below steps and solve it. Generally when we open Dell open manage console, suddenly we see that Hardware log status is showing critical and event logs are filling saying ESM log is full... We need to clear the ESM logs regularly before it reaches 100%. However please follow the below command and procedure before clearing the logs. Open Dell Manage console, go to logs tab. Then select ESM logs, you will see an export option. Export the logs and save it on local drive for future use. Now open command prompt and Runas administrator. Type omconfig system esmlog action=clear Done, ...

The system cannot log you on due to the following error: The RPC server is unavailable

IF your login to windows 2003 and your getting the below error then do the below steps and you can login to the PC. login to any server in the same subnet. open CMD in elevated permission open registry editor go to File---------->connect to network registry type the effected server name and open it go to the below location and create a new DWORD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server Create a new key selecting Dword and name it as IgnoreRegUserConfigErrors now double click it and give a value as 1. after that do the RDP and it will work.