AndreyT
Member
I have two machines in LAN. One is a file server called `FILES`, which runs Windows 10 Pro. Another is a workstation called `MAIN`, which runs Windows 11 Pro.
Both machines have two user accounts registered on them: `Admin` (member of `Administrators`) and `Alice` (member of `Users`). All accounts use identical passwords on both machines. The `FILES` machine exposes a number of regular network shares, which are accessible by members of `Users` group.
Alice is logged into the `MAIN` machine as `Alice`. Alice can immediately see and access all shares of `FILES`. Everything works perfectly. Alice does not have to enter any passwords for accessing these shares, they are just accessible right away (I presume they are accessed using `Alice` credentials).
Now, Alice on `MAIN` would like to occasionally access full drives through administrative shares on `FILES` machine (i.e. \\FILES\`C$`, `\\FILES\D$` and so on). To facilitate that the well-known change was made: a `LocalAccountTokenFilterPolicy = 1` was added to HKLM in `FILES` registry.
However, when Alice tries to access `\\FILES\C$` from `MAIN`, Windows 11 immediately displays an extra dialog asking for access credentials. Since this is about an administrative share, Alice specifies `Admin` as username and the corresponding password. However, such attempts to always fail with an error message
The message kinda makes sense, since Alice is already connected to `FILES` as `Alice`, so a "parallel" attempt to connect as `Admin` goes against the restrictions mentioned in the error message.
So, the question is: can Alice somehow still access the administrative shares on `FILES`? Is there a workaround (besides simply going to `FILES` and creating regular shares for all drives)? Make `Alice` a member of `Administrators` on `FILES`?
P.S. If Alice logs out of `Alice` account on `MAIN` and re-logs in as `Admin` on `MAIN`, then all administrative shares on `FILES` immediately become accessible without any issues or additional dialogs.
Both machines have two user accounts registered on them: `Admin` (member of `Administrators`) and `Alice` (member of `Users`). All accounts use identical passwords on both machines. The `FILES` machine exposes a number of regular network shares, which are accessible by members of `Users` group.
Alice is logged into the `MAIN` machine as `Alice`. Alice can immediately see and access all shares of `FILES`. Everything works perfectly. Alice does not have to enter any passwords for accessing these shares, they are just accessible right away (I presume they are accessed using `Alice` credentials).
Now, Alice on `MAIN` would like to occasionally access full drives through administrative shares on `FILES` machine (i.e. \\FILES\`C$`, `\\FILES\D$` and so on). To facilitate that the well-known change was made: a `LocalAccountTokenFilterPolicy = 1` was added to HKLM in `FILES` registry.
However, when Alice tries to access `\\FILES\C$` from `MAIN`, Windows 11 immediately displays an extra dialog asking for access credentials. Since this is about an administrative share, Alice specifies `Admin` as username and the corresponding password. However, such attempts to always fail with an error message
The message kinda makes sense, since Alice is already connected to `FILES` as `Alice`, so a "parallel" attempt to connect as `Admin` goes against the restrictions mentioned in the error message.
So, the question is: can Alice somehow still access the administrative shares on `FILES`? Is there a workaround (besides simply going to `FILES` and creating regular shares for all drives)? Make `Alice` a member of `Administrators` on `FILES`?
P.S. If Alice logs out of `Alice` account on `MAIN` and re-logs in as `Admin` on `MAIN`, then all administrative shares on `FILES` immediately become accessible without any issues or additional dialogs.
Last edited:
My Computer
System One
-
- OS
- Windows 11 Pro
- Computer type
- PC/Desktop
- CPU
- Intel(R) Core(TM) i7-5930K CPU @ 3.50GHz
- Motherboard
- EVGA X99 Micro
- Graphics Card(s)
- NVIDIA GeForce GTX 970
