how to allow a user without administration privileges to read the share C$

dear,

i have windows 2000 server,
i need to allow a user to access the administrative share folder C$, D$, ... on this win2000 server

amy one can tell me the way to do that


thanx
eugie17Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian PiercePhotographerCommented:
If you must then why not just share the drive again with a different name and allow the user the necessary share and NTFS permissions (note you can share drive/folder multiple times with different names and different sets of share permissions)
0
cshepfamCommented:
have the user access it like this:



Start > Run


type in:   \\Servername or IP Address\C$
0
eugie17Author Commented:
well

there is a program called GFI Network Server Monitor, that can monitor my network servers. it need a user name and pass install on remote server to access the information like disk size, running batches,... when i set the user with administration privileges the program doing fine but if i set it as power user or normal user the disk related checks not work.


so i need the user any thing else than administrator, and i need exactly C$
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

CoccoBillCommented:
The C$, ADMIN$, IPC$ etc shares are called administrative shares, and are only accessible by accounts with administrator privileges. To my knowledge you can't alter the permissions for admin shares. Why don't you just use an (even a temporary) admin account for the scan?
0
CoccoBillCommented:
To mitigate the risks involved, make sure the account has local admin privileges on the target server but only minimal privileges anywhere else. You could for example remove it from the Domain Users group and add it to the Domain Guests group, unless guest accounts have explicitly been denied access on the server.
0
eugie17Author Commented:
dear the checking program should keep monitor on the servers, so it should be permanent user account.

on other hand i cant set a share folder coz it will be useless to my monitor program
0
CoccoBillCommented:
To reiterate:

1. Create a domain user account, let's say "gfiscanner" and assign it a strong password (upper and lower case, numbers, special characters, min. 15 characters)
2. Add the user to Domain Guests and remove it from Domain Users
3. Add the user to the local Administrators group on the target servers.

This makes sure the account has admin access to the target computers but minimal access anywhere else.
0
eugie17Author Commented:

but i didn't have a domain, and i am not allowed to create a domain or add this server to a domain.
0
CoccoBillCommented:
Ok well that changes things. You need to create identical user acconts on each monitored server with the same password, and add the users to the local Administrators group on each server.
0
eugie17Author Commented:

in this case it will has administrative privileges!
0
CoccoBillCommented:
You cannot access the administrative shares without administrative privileges.
0
eugie17Author Commented:

Sorry, but you describe the water after long conversation as a water.!!!!
I know from beginning it is administrative share and accessible by administrators, what i look for is a new idea, way, or things may be i didn't know.

any way, thanks for helping. and i wait another solution.
0
CoccoBillCommented:
1) the software needs access to admin shares
2) that access requires admin privileges

I really don't see any other way around it besides either granting admin privileges to the account or changing either the software or the OS you're using.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Brian PiercePhotographerCommented:
You cannot do what is undoable
To access the c$ drive you need administrative privilages.
If you are not able or prepared to just share the drive again with a different name, as I described in my first post, then you simply cannot do this.
0
eugie17Author Commented:
thanks for your support,
but i hope to find another idea.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.