Network access of C$

Accessing C$ on the network:

I have various reasons for needing to do this.  
One has to do with testing / confirming / troubleshooting access from monitoring "server workstations" using things like EventLog Analyzer and GFI Languard.

Here is the situation:
Each computer is on a peer-to-peer network and has a common Admin1 User/Password.  The server workstation is logged in with that User.
Using UAC \\[target_ipaddress]\C$ from the server workstation generally works.
But, on some target workstations it does not.
So, the task is to resolve the failures and turn them into successes.

Since all of these workstations have been treated fairly equally regarding file sharing, firewall settings, services, etc. it's surprising when failures occur. and I'm hard pressed to find a solution.  
I keep asking myself "what's different?"  and, while willing,  end up searching rather involved descriptions of things that I probably don't need to investigate in such detail.  

There are other aspects but to be fair to the Experts, I'll ask them separately.
But, in this case I'll add that the workstations are in 3 subnets each in workgroups named identically WORKGROUP - routed together with no NetBIOS traffic allowed; there is no inter-subnet name service.
Yet, the services I'm trying to troubleshoot DO work across all 3 subnets - just not in every target computer.
(In some cases I'm sure that the checklist of things to "fix" to get the monitoring to work is bigger than it needs to be.  So, I may be tilting at windmills in some cases...).

I can confirm using UAC in RUN:  \\target-ipaddress\C$ that targets in all 3 subnets CAN have C$ accessed from the server workstation without having to provide credentials
And, I can confirm that SOME targets pop up a security login dialog (which would prevent automated remote monitoring).  With these, I can gain access using: Administrator as the User but that would not be the intent - just a demo of what seems to be expected.
And, I can confirm that SOME targets pop up a message that says \\target-ipaddress\C$ is not accessible.  
I can also confirm that while RUN \\target-ipaddress\C$ will sometimes say "path not found" and yet, \\target-ipaddress will work.  Once that works, if the Windows Explorer address is changed to append \C$, then it works.  And, it appears it will work thereafter.... but that's another demo.
LVL 27
Fred MarshallPrincipalAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
generally speaking set GPO which would put firewall exception on clients for below

basically you need to allow below

TCP 445 (File sharing)
NetBIOS resolution
Network discovery
administrative $ shares must not be disabled for any reason on clients
clients should have correct AD DNS server specified in network card properties so that there won't be any secure channel errors
Ron MalmsteadInformation Services ManagerCommented:
If you are managing 3 subnets, it's best to have a domain environment, not a workgroup environment.

However, if everything is uniform ... for example, you don't have firewalls blocking you and sharing is enabled, and a local admin account is available....

In command line (cmd), you can manually authenticate: NET USE \\192.168.0.0.2\ipc$ /user:Administrator YourAdminPa$$w0rd

If successful...every command thereafter ...will include that authenticated user context.   For example ..open the c$ using:  Explorer \\192.168.0.0.2\c$
...or  ...restart the computer using:  SHUTDOWN -f -m -r \\192.168.0.0.2

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Fred MarshallPrincipalAuthor Commented:
Ron Malmsead:  
If successful...every command thereafter ...will include that authenticated user context.

I'm not sure what state that puts the client computer in and I should know that much at least.  

And, I'm not sure this is a permanent solution because it would not appear to survive a reboot, right?  

I'm needing to change the permanent state of the targets because the access is needed for an automated processes from EventLog Analyzer and GFI Languard.
Need More Insight Into What’s Killing Your Network

Flow data analysis from SolarWinds NetFlow Traffic Analyzer (NTA), along with Network Performance Monitor (NPM), can give you deeper visibility into your network’s traffic.

kevinhsiehCommented:
Hi Fred!

This is just one of the reasons why trying to manage a large group group instead of a domain is a PITA.
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Two possibilities:
 1: Firewall is on the PUBLIC profile instead of the PRIVATE
 2: Network Location Awareness has not been enabled.

On the machines that are being difficult open File Explorer and click on the Network node in the left hand column then click YES to enable Network Location Awareness.
Fred MarshallPrincipalAuthor Commented:
Hi Kevin!  Yes, it may be.  But might that suggest that using a DC is a panacea?  :-)  I'm still working on it slowly.  
Philip Elder: The issue is C$, not just any file folder... and THAT is just as a test to see if monitoring is supposed to work.
David Johnson, CD, MVPOwnerCommented:
.
you have to set in the credential manager under windows credentials
computername\username and password for each computer in the workgroup
kevinhsiehCommented:
Yes, just domain joining all of the workstations, and connecting to the workstations via a domain admin account will make these troubles go away. Transitioning from local accounts to domain accounts for users can happen later.
Fred MarshallPrincipalAuthor Commented:
David Johnson:
you have to set in the credential manager under windows credentials
computername\username and password for each computer in the workgroup
Yes, that has been done.
Fred MarshallPrincipalAuthor Commented:
Thank you all!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.