Enable Admin Shares (C$) on Windows 7

Enable File and Print Sharing

The first step to enable administrative shares (ie, C$ and even Admin$ and IPC$) is to make sure you have File and Print sharing enabled. While you’re at it, I recommend turning on Network Discovery also

  1. Click the Windows button (formerly the Start button).
  2. Type “advanced shar” into the search text box (that’s all you need).
  3. Click the link to “Manage advanced sharing settings” (aka “Change advanced sharing settings”).
  4. In the window that opens, expand the “Home or Work” profile and browse to the “Network discovery” section.
  5. Click the link to “Turn on network discovery (Figure 1).
  6. Browse to the “File and printer sharing” section.
  7. Click the link to “Turn on file and printer sharing (Figure 1).
  8. Click Save Changes.

Note that this will only enable file and printer sharing for your home network. If you connect your computer to a public or “unknown” network, your shares will still remain disabled. It is not recommended, but If you want to change this, follow the above procedure for the “Public” profile.


Figure 1

Step 2: LocalAccountTokenFilterPolicy

The next step is to go into the registry and give local users the ability to access remote administrative shares. BE CAREFUL–you can destroy our system by editing the registry.

  1. Click the Windows button and in the Search box, type “regedit”. If you get a User Access Control warning, click Yes.
  2. The Registry Editor will open. Expand the items until you get to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System (Figure 3).
  3. Click Edit from the top menu then New and then DWORD.
  4. Type in LocalAccountTokenFilterPolicy for the name of the DWORD. Hit ENTER.
  5. Double click the new entry and enter “1” for the value. Click OK.
  6. Close the Registry Editor and reboot your computer.
IMAGE:Regedit create LocalAccountTokenFilterPolicy

Regedit create LocalAccountTokenFilterPolicy

What’s going on here?

You might be familiar with UAC (User Account Control)

IMAGE:UAC example

UAC example (for regedit in this case)

This is new for Windows Vista and Windows 7. It is Microsoft’s attempt at security. The idea is that before programs can do dangerous things, or access sensitive areas, the OS will prompt the user for an additional OK. If the user expects this, they can click YES, if it comes out of the blue, they can click NO. For example, if some program is running in the background without the user’s knowledge, and tries to change a sensitive area, this UAC prompt will come out of the blue, and the user can then click NO, protecting his computer.

Clicking YES to the UAC prompt enables what’s called as “elevated privilege”. Ie the process now has more privilege to access and change sensitive areas.

Well, when logging in from a remote PC, like you do when you’re trying to access a network admin share, even if you provide username and password to an administrator account, you do NOT get elevated privilege and there is no UAC prompt.

The LocalAccountTokenFilterPolicy turns this off. The values of 0 and 1 dont make any sense, so i provide mnemonics to help remember below.

Value  Description Mnemonic
0 This value builds a filtered token. This is the default value. The administrator credentials are removed. zero-no privileges
1 This value builds an elevated token. 1-privileges on

Active Directory

It’s not admin shares exactly, but you can create (non-admin) shares via GPO (Group Policy Object) in an Active Directory environment.

Briefly, in GPO -> Preferences -> Windows Settings -> Network Shares create new network shares. On the remote computer.


Leave a Reply

Your email address will not be published. Required fields are marked *