instructions on how to enable admin$ on PC's via Group Policy

hi experts I cannot find specific instructions for enabling the admin$ share on all PC's in my domain. I must be using the wrong keywords on google. Any assistance is appreciated
thanks
WAMSINCAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
So far as I know, users must be domain admins to use this share.
WAMSINCAuthor Commented:
we have some software that requires \\PCNAME\ADMIN$ to be enabled on all PC's.
I would like to do this through group policy if possible
Hypercat (Deb)Commented:
The admin share is created automatically.  If you're on a Windows domain, then any accounts with Domain Administrator or local administrator permissions will be able to access it.  However, it's hidden and you won't see it when you browse the computer through the network.

If you're on a stand-alone or workgroup computer, you will need a local administrator account logon in order to access that share.  Here's an article on how to enable this access in a workgroup situation:

http://www.wintips.org/how-to-enable-admin-shares-windows-7/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

WAMSINCAuthor Commented:
Something must have been changed from default before I got here, when I got from my pc logged in as domain admin and start > run type \\COMPUTERNAME\\ADMIN$ or \\COMPUTERNAME\C$ I cannot connect on many PC's but I can on some. Or is that a firewall setting ?
themrrobertCommented:
If windows firewall is on, you will not be able to connect to anything on those computers unless specific rules are added, or the firewall is turned off
Hypercat (Deb)Commented:
Yes - what themrrobert said.  I forgot to mention that! You would have to add firewall rules to access the admin shares, and that could be done through group policies using the Computer policies under Security Settings/Windows Firewall with Advanced Security.
WAMSINCAuthor Commented:
just found out some previous guy disabled it on many PC's here so is there a way to enable it globally with group policy ?

I will create a policy to disable the PC firewalls also
Hypercat (Deb)Commented:
Did he remove access to it, or did he actually remove the admin$ shares?  If the shares are there but access has been denied, you should be able to re-enable access using the Windows Firewall with Advanced Security section under the Computer Configuration as I mentioned above.  What you need to do is add a rule to allow File and Print Sharing.
themrrobertCommented:
2 ways to do this with group policy:
1) Use this link if you're in a windows 8+ / windows server 2008R2+ domain
https://technet.microsoft.com/en-us/library/cc732793.aspx

2) (should work on all versions of Windows, XP+ (maybe even NT+): you can create a batch file (.bat) that automatically creates the ADMIN$ share and set that script to run at startup on all of your machines.

This should enable the ADMIN$ share and open firewall for file sharing on Windows XP:
admin_enable.bat
reg add "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 00000001 /f
netsh firewall set service type = fileandprint mode = enable
add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" /v  AutoShareWks /t REG_DWORD /d 00000001 /f

Open in new window

WAMSINCAuthor Commented:
so I found a technet article to enable the shares, but when browsing through group policy the "autoshareserver" is not available and I dont see a way to add it via GPO creation
WAMSINCAuthor Commented:
I have mostly windows 7 out there right now, currently testing the disable firewall GPO which was applied to all workstations out there.  We dont have any XP machines any more. That link looks perfect except we have very few win 8 machines out there
themrrobertCommented:
Just put a registry object in the group policy that activates these settings:
http://configuration-guide.com/how-to-enable-disable-administrative-shares/
McKnifeCommented:
By default, the firewall prevents access. If you enable file and printer sharing, rules are added. No further changes are required, so please refrain from editing the registry with funny entries and so on.

Please be aware about two things:
-to test if the firewall lets you through, install the telnet client on your computer (add windowsfeature) and go
telnet target 445
If successful, the screen goes black immediately.
-opening file and printer sharing is a huge security risk. There's a reason why it's disabled by default. Each security vulnerability can ruin your network now. You should not open it to everyone but to limited and authenticated stations (best: ipsec). You should foremost not disable the firewall in general. You should know what you are doing.
WAMSINCAuthor Commented:
the combo of disabling the firewall GPO and this win 8 policy appears to be working for all the win 7 machines on my network now. Going to do some more testing. Really appreciate the replies guys
themrrobertCommented:
No problem :) Be sure to select the best/most accurate/useful answer(s) when you're done.

Best of luck!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.