eugie17
asked on
how to allow a user without administration privileges to read the share C$
dear,
i have windows 2000 server,
i need to allow a user to access the administrative share folder C$, D$, ... on this win2000 server
amy one can tell me the way to do that
thanx
i have windows 2000 server,
i need to allow a user to access the administrative share folder C$, D$, ... on this win2000 server
amy one can tell me the way to do that
thanx
If you must then why not just share the drive again with a different name and allow the user the necessary share and NTFS permissions (note you can share drive/folder multiple times with different names and different sets of share permissions)
have the user access it like this:
Start > Run
type in: \\Servername or IP Address\C$
Start > Run
type in: \\Servername or IP Address\C$
ASKER
well
there is a program called GFI Network Server Monitor, that can monitor my network servers. it need a user name and pass install on remote server to access the information like disk size, running batches,... when i set the user with administration privileges the program doing fine but if i set it as power user or normal user the disk related checks not work.
so i need the user any thing else than administrator, and i need exactly C$
there is a program called GFI Network Server Monitor, that can monitor my network servers. it need a user name and pass install on remote server to access the information like disk size, running batches,... when i set the user with administration privileges the program doing fine but if i set it as power user or normal user the disk related checks not work.
so i need the user any thing else than administrator, and i need exactly C$
The C$, ADMIN$, IPC$ etc shares are called administrative shares, and are only accessible by accounts with administrator privileges. To my knowledge you can't alter the permissions for admin shares. Why don't you just use an (even a temporary) admin account for the scan?
To mitigate the risks involved, make sure the account has local admin privileges on the target server but only minimal privileges anywhere else. You could for example remove it from the Domain Users group and add it to the Domain Guests group, unless guest accounts have explicitly been denied access on the server.
ASKER
dear the checking program should keep monitor on the servers, so it should be permanent user account.
on other hand i cant set a share folder coz it will be useless to my monitor program
on other hand i cant set a share folder coz it will be useless to my monitor program
To reiterate:
1. Create a domain user account, let's say "gfiscanner" and assign it a strong password (upper and lower case, numbers, special characters, min. 15 characters)
2. Add the user to Domain Guests and remove it from Domain Users
3. Add the user to the local Administrators group on the target servers.
This makes sure the account has admin access to the target computers but minimal access anywhere else.
1. Create a domain user account, let's say "gfiscanner" and assign it a strong password (upper and lower case, numbers, special characters, min. 15 characters)
2. Add the user to Domain Guests and remove it from Domain Users
3. Add the user to the local Administrators group on the target servers.
This makes sure the account has admin access to the target computers but minimal access anywhere else.
ASKER
but i didn't have a domain, and i am not allowed to create a domain or add this server to a domain.
Ok well that changes things. You need to create identical user acconts on each monitored server with the same password, and add the users to the local Administrators group on each server.
ASKER
in this case it will has administrative privileges!
You cannot access the administrative shares without administrative privileges.
ASKER
Sorry, but you describe the water after long conversation as a water.!!!!
I know from beginning it is administrative share and accessible by administrators, what i look for is a new idea, way, or things may be i didn't know.
any way, thanks for helping. and i wait another solution.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks for your support,
but i hope to find another idea.
but i hope to find another idea.