how to allow a user without administration privileges to read the share C$

If you must then why not just share the drive again with a different name and allow the user the necessary share and NTFS permissions (note you can share drive/folder multiple times with different names and different sets of share permissions)

have the user access it like this:



Start > Run


type in:   \\Servername or IP Address\C$

well

there is a program called GFI Network Server Monitor, that can monitor my network servers. it need a user name and pass install on remote server to access the information like disk size, running batches,... when i set the user with administration privileges the program doing fine but if i set it as power user or normal user the disk related checks not work.


so i need the user any thing else than administrator, and i need exactly C$

The C$, ADMIN$, IPC$ etc shares are called administrative shares, and are only accessible by accounts with administrator privileges. To my knowledge you can't alter the permissions for admin shares. Why don't you just use an (even a temporary) admin account for the scan?

To mitigate the risks involved, make sure the account has local admin privileges on the target server but only minimal privileges anywhere else. You could for example remove it from the Domain Users group and add it to the Domain Guests group, unless guest accounts have explicitly been denied access on the server.

dear the checking program should keep monitor on the servers, so it should be permanent user account.

on other hand i cant set a share folder coz it will be useless to my monitor program

To reiterate:

1. Create a domain user account, let's say "gfiscanner" and assign it a strong password (upper and lower case, numbers, special characters, min. 15 characters)
2. Add the user to Domain Guests and remove it from Domain Users
3. Add the user to the local Administrators group on the target servers.

This makes sure the account has admin access to the target computers but minimal access anywhere else.

but i didn't have a domain, and i am not allowed to create a domain or add this server to a domain.

Ok well that changes things. You need to create identical user acconts on each monitored server with the same password, and add the users to the local Administrators group on each server.

in this case it will has administrative privileges!

You cannot access the administrative shares without administrative privileges.

Sorry, but you describe the water after long conversation as a water.!!!!
I know from beginning it is administrative share and accessible by administrators, what i look for is a new idea, way, or things may be i didn't know.

any way, thanks for helping. and i wait another solution.

thanks for your support,
but i hope to find another idea.