Fix for Accessing Windows Vista and Windows 7 Administrative Shares (C$, Admin$, etc) – Client Push

This post isn’t exactly just a Configuration Manager fix for Client Push, however it will help anyone who is trying to connect to an administrative share on a Windows Vista or Windows 7 machine that is having problems with “Access Denied” messages even though you know 100% for a fact that the account you’re using is the right one.

User Account Control Remote Restrictions

Starting with Vista, User Account Control introduced some remote restrictions of administrative accounts. You can click the previous link if you want to read up on it. Suffice it to say, to disable these remote UAC restrictions of accounts that are in the local administrators group, do the following:

  1. Click Start, click Run, type regedit, and then press ENTER.
  2. Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
  3. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
    1. On the Edit menu, point to New, and then click DWORD Value.
    2. Type LocalAccountTokenFilterPolicy, and then press ENTER.
  4. Right-click LocalAccountTokenFilterPolicy, and then click Modify.
  5. In the Value data box, type 1, and then click OK.
  6. Exit Registry Editor.
If the machine you’re trying to manage happens to be apart of a HomeGroup (introduced in Windows 7) then you may run into some issues. To leave a HomeGroup:
  1. Click Start, Click Control Panel
  2. Click View by Small Icons
  3. Click HomeGroup
  4. Click Leave HomeGroup
Turn on File and Printer Sharing in the Windows Firewall
If you happen to have the Windows Firewall enabled, you’ll need to make sure File nd Printer Sharing is enabled in the firewall settings:
  1. Click Start 
  2. Click Control Panel
  3. Click Category and select Small Icons
  4. Click Windows Firewall
  5. Click Allow a Program or feature through Windows Firewall
  6. Find File and Printer Sharing and enable Home/Work and Public network

By following the above tips, you should now be able to access any administrative shares that you have proper credentials for, and should also get client push working for some machines in which you are getting access denied or invalid network path messages and/or Failed to get token for current process (5) messages in the ccm.log.

This entry was posted in sccm, Tips and Tricks, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *