1

I have a windows 2008 R2 server I'm trying to access remotely, specifically I'm trying to use the c$ admin share.

  • The server is on a domain
  • My user is in the server's local admin group
  • My user is a domain account

Trying to map the share in explorer didn't work, so tried net use and discovered something that confuses me. I was hoping someone might be able to explain it.

When I try to map the drive using net use from a normal command prompt (on my machine):

net use g: \\server\c$

I get system error 5 (access denied), which I find odd, given I'm an admin on the remote server.

But if I run cmd as administrator and use the same command, it correctly maps the share.

Why do I have to be running as an admin on my own computer to connect to the remote share? Is there a way to change this so that I can map the drive without having to elevate my local privileges?

Any help much appreciated.

MartinSGill
  • 204
  • 1
  • 3
  • 6

1 Answers1

0

the right click -> 'run as admin' feature is the windows equivalent of sudo (or as close as microsoft can make it) when you attempt to map a network drive, it needs to perform some admin tasks.

I've gotten around this by creating a batch script (or equiv) then in the properties of the file set it to automatically run as an administrator.

http://technet.microsoft.com/en-us/magazine/ff431742.aspx has some more details about how to do that.

Preflightsiren
  • 457
  • 2
  • 8
  • I'm afraid that doesn't actually answer my question. I know I can elevate my privileges to add the share. What I want to understand is why I have to. I can add other shares without elevating them and I don't see why I should have to do that for this share. – MartinSGill Dec 27 '11 at 16:43
  • its because the IPC$, ADMIN$ and C$ shares are determined by Microsoft to be an admin shares and therefore cannot be accessed by an unprivileged processes. http://en.wikipedia.org/wiki/Administrative_share At a technical level, the DACLS for the share cause this behaviour, they are built into the OS enforce some security mitigations, eg. forced guest access when the administrator account has a blank password. – Preflightsiren Dec 31 '11 at 00:18