none
Setting Permissions for Administrative Shares - From Windows Server 2008 R2 to Windows 7

    Question

  • Hi,

    I have a corporate Inventory application installed on Windows Server 2008 R2 and I need to deploy some Agents to Windows 7 Desktops.

    This app requires having access to C$ and Admin$ in the Desktops, from the Server. Also the agent is installed in C:\Windows\ from a BAT Script but can be installed in C:\ or Program Files too. The agent also comes with a Service related with the processes being executed when the agent is running.

    Usually I can deploy the agents from the server using Local (Desktop) or Domain Admin Account, but this time our AD Admin told me he can't provide that kind of access. It has to be a non-Admin account. When I ask him what is the right permission / mapping I should have to request to Security team in order to install the agents, he doesn't know! (It seems is not a legit AD Admin ¬¬)

    In Windows 2003 I used to mitigate that scenario by requesting Power Users to our AD Admin, but that permission is not able in Windows 2008. What kind of permissions do I need to request in the Windows Server 2008 R2 account, for viewing Admin Shares in the Desktops and installing the agent remotely? Also I understand User Access Control (UAC) plays some role here (I don't know if I have to request disabling UAC in the Desktops for installing the agent, for instance)

    Best regards,

    Alejandro


    • Edited by ACANON Thursday, January 30, 2014 8:48 PM
    • Moved by Amy Wang_Moderator Friday, January 31, 2014 8:46 AM File Service related From Windows Server General Forum
    Thursday, January 30, 2014 2:50 PM

All replies

  • Hi,

    Based on my tests on Windows Server 2008 machines, I can only use Domain Admin account to access admin$ file on a domain controller.

    After I input the admin share’s path, I was asked to input credentials to connect to the DC, if I input a domain user’s credentials, then a logon unsuccessful error message appears, even after I granted read permission on the C drive of the DC.

    Best Regards,

    Amy Wang

    Friday, January 31, 2014 10:33 AM
  • Hi,

    Do you need further assistance on this issue?

    We can locate the admin share via computer management tool, it is under System Tools/Share Folders/Shares.

    When we click on the Properties of this share, a prompt window saying “This has been shared for administrative purposes. The share permissions and file security cannot be set” pops up.

    Therefore this share’s permissions can’t be modified.

    Best Regards,

    Amy

    Wednesday, February 05, 2014 9:06 AM