C$ read only access?

Is there a way to give users rights to \\computers\c$ but readonly?
F.e. powershell Add-smbhareaccess to c$ is not allowed because it is a default admin share but maybe we could add the users to a specific group which then has only readonly accesss?

J.
janhoedtAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott CSenior EngineerCommented:
No, there isn't.  C$ is an admin share for a good reason....users have NO business mucking around on the root of the C drive.

Create them a share on C if you must, but on another drive is better and give them rights to that share.

Under no circumstances should users be at the roof of C.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JohnBusiness Consultant (Owner)Commented:
I agree. And there is nothing there a user needs.  Make Users share that people can use for individual files and a Common or like folder for shared documents.
0
oBdACommented:
Some sort of HelpDesk access?
You can share C: under a different name (for example "CRO" or "CRO$" - yes, the same folder can be shared multiple times), and leave the Share permissions as Read Only.
Note that this will still not give them NTFS access to folders where they aren't allowed.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

janhoedtAuthor Commented:
Thanks, I knew that. I explicitly wanted to share c$ but seems not possible.
0
JohnBusiness Consultant (Owner)Commented:
Yes, not a good idea at all. Set up proper shares and share those.
0
oBdACommented:
The administrative shares are completely controlled by the system. You can only disable them completely (which is usually not recommended), but not change their configuration.
0
janhoedtAuthor Commented:
Don't agree at all. I see no reason why some extra users shouldn't have read only to C$. Now shares need to be created which is extra administration. Yes, it s very easy via Powershell but still don't like it.
0
janhoedtAuthor Commented:
Do not fully agree of usefullness,  but yes it is not possible
0
oBdACommented:
Changing the permissions would be "extra administration", too ...
0
janhoedtAuthor Commented:
But then the share stays c$ for everyone and it is clear. Now you need a name and configure it on all devices. Adding users via goo is no work at all.
0
janhoedtAuthor Commented:
gpo
0
Scott CSenior EngineerCommented:
Glad I could help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.