Admin shares available to non-administrative users over loopback address
Scenario.
A non-administrative user starts Excel on a RemoteApp host. They open the "file open" window and in file name type \\127.0.0.1\c$. They are presented with the c:\ drive of the system. The same is true of c$ d$ admin$ etc...
The same user typing \\127.0.0.1\c$ in the address\location bar of open file window is told that this has been restricted by their system administrator.
The same user attempting to access the admin shares from another machine is prompted for credentials.
"This behavior occurs because the administrative share's default share permission was changed in Windows Server 2008, which allows the active logon account to access the administrative shares.
Resolution :
The administrative share's default share permission is controlled by the registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity\SrvsvcShareAdminConnect.
To configure Windows Server 2008 to behave the same as Windows Server 2003, we can export the registry value above from Window Server 2003, and import it to Windows Server 2008. Please Note: We need to restart the server for the change to take effect."
I have tested this fix on my W2K8 R2 SP1 machine and i can confirm that non-administrative users started getting the prompt for user name & password.
For those wanting to achieve the same behavior, you can find the registry binary data you need to import below.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\DefaultSecurity] "SrvsvcShareAdminConnect"=hex:01,00,04,80,64,00,00,00,70,00,00,00,00,00,00,00,\ 14,00,00,00,02,00,50,00,03,00,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,20,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,\ 00,05,20,00,00,00,25,02,00,00,00,00,18,00,03,00,0f,00,01,02,00,00,00,00,00,\ 05,20,00,00,00,27,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\ 00,00,00,05,12,00,00,00
Comments