This post isn't exactly just a Configuration Manager fix for Client Push, however it will help anyone who is trying to connect to an administrative share on a Windows Vista or Windows 7 machine that is having problems with "Access Denied" messages even though you know 100% for a fact that the account you're using is the right one.
User Account Control Remote Restrictions
Starting with Vista, User Account Control introduced some remote restrictions of administrative accounts. You can click the previous link if you want to read up on it. Suffice it to say, to disable these remote UAC restrictions of accounts that are in the local administrators group, do the following:
- Click Start, click Run, type regedit, and then press ENTER.
- Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Policies\System - If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
- On the Edit menu, point to New, and then click DWORD Value.
- Type LocalAccountTokenFilterPolicy, and then press ENTER.
- Right-click LocalAccountTokenFilterPolicy, and then click Modify.
- In the Value data box, type 1, and then click OK.
- Exit Registry Editor.
- Click Start, Click Control Panel
- Click View by Small Icons
- Click HomeGroup
- Click Leave HomeGroup
- Click Start
- Click Control Panel
- Click Category and select Small Icons
- Click Windows Firewall
- Click Allow a Program or feature through Windows Firewall
- Find File and Printer Sharing and enable Home/Work and Public network
By following the above tips, you should now be able to access any administrative shares that you have proper credentials for, and should also get client push working for some machines in which you are getting access denied or invalid network path messages and/or Failed to get token for current process (5) messages in the ccm.log.