 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows XP / Security and Administration / November 2005What permissions do I need to use admin$ ?
I'm trying to mount admin$ of one of our NT Server machines onto my XP machine. I do not have permissions to do so, but I can't find the permissions I'd need. admin$'s own permissions cannot be set (or so it appears) because "This has been shared for administrative purposes. The permissions cannot be set." So how do I get permissions? Maury > I'm trying to mount admin$ of one of our NT Server machines onto my XP > machine. I do not have permissions to do so, but I can't find the [quoted text clipped - 7 lines] > > Maury If in a domain you need domain admin permissions. If in a workgroup then you must be a administrator on that machine. Why would you want to mount admin$? I can't think of any reason to do this. At best if you need temporary access you should use Start ==> Run ==> \\server_name\c$ or whatever drive you need access to. If you need permanent access to the root of a system drive then something is not right with your overall network security plan. Kerry > If in a domain you need domain admin permissions. If in a workgroup then you > must be a administrator on that machine. It is on a domain, I am a domain admin of another domain. I am attempting to add rights for those domain admins to have access to admin$. > Why would you want to mount admin$? PsExec requires access to admin$. I'm not so much trying to mount it as figure out why PsExec always gives me "access is denied". using net use admin$ also gives me "access is denied". The two are almost certainly caused by the same problem. Maury >> If in a domain you need domain admin permissions. If in a workgroup >> then you must be a administrator on that machine. [quoted text clipped - 11 lines] > > Maury You may need to specify an account that will work with the -u and -p switches. See the following link for usage and axamples. http://www.windowsitpro.com/Windows/Article/ArticleID/42919/42919.html Alternatively you could logon as a domain admin in the same domain as the server. Another method would be to logon as an Enterprise Admin. Obviously running a program as an Enterprise Admin is a security risk that should be avoided if at all possible. What are you trying to accomplish with psexec? Kerry > What are you trying to accomplish with psexec? All I need to do is run a batch file. The batch file spawns an interactive application that imports data into a db. The morons that wrote it included a "batch mode", but it nevertheless displays both a splash screen as well as a dialog box saying it's complete. I have tried every possible tool I can think of... "at" fails because the application appears to be setting the working directory, which for some reason is not allowed. at runs as the logged in user, which in this case is the admin. rcmd fails because on this machine any attempt to run with "allow access to desktop", which is required for an interactive app, fails with an error about kernel32.dll failing to initialize. MS has a tech note on this error, but it does not describe how to fix it in terms I can understand. psexec fails as I mentioned, with an "Access is denied". However, I have made progress with psexec. By simply using: psexec \\server cmd ...with no user or pass I _was_ able to run cmd! However when I ran the batch file in question, psexec never returns from the importer program. I assume it is "frozen" waiting for the user to click something which is not visible on the screen. This shouldn't be this hard! Am I overlooking some other solution? Maury >> What are you trying to accomplish with psexec? > [quoted text clipped - 29 lines] > > Maury Did you see Steven L Umbach's post? Adding your domain account to the local administrators group on the server might work. It's been a long time since I used NT4 and I've never used psexec so I'm out of ideas. Kerry More playing, more progress... Using PsExec I can now get cmd to run with the -i flag, which makes the screen on the server. When I run my batch file I get a dialog saying "Error attempting to set the system's working directory". Whoa, same error I get when running "at". Hmmm, maybe this is closer to working after all! Maury > > If in a domain you need domain admin permissions. If in a workgroup then you > > must be a administrator on that machine. > > It is on a domain, I am a domain admin of another domain. I am attempting to > add rights for those domain admins to have access to admin$. Don't add admin$, create shares they need to access and then set permissions using the NORMAL method. Also, if you are in one domain and the resource in another, you need to setup a trust between the domains and create groups to apply permissions to the resources. You do NOT want to give users access to C$, ADMIN$ or other $ resources. > > Why would you want to mount admin$? > > PsExec requires access to admin$. I'm not so much trying to mount it as > figure out why PsExec always gives me "access is denied". using net use > admin$ also gives me "access is denied". The two are almost certainly caused > by the same problem. Not sure what PsExe is, but if you setup the TRUST between the domains you should have no issues with this.  Signaturespam999free@rrohio.com remove 999 in order to email me You do not need to be a domain administrator unless the server in question is a domain controller which the user did not clarify. While domain admins global group is in the local administrators group of a domain computer by default any domain user account can be added or the credentials of any user in the local administrators group can be used including the built in administrator account.. --- Steve >> I'm trying to mount admin$ of one of our NT Server machines onto my XP >> machine. I do not have permissions to do so, but I can't find the [quoted text clipped - 18 lines] > > Kerry > You do not need to be a domain administrator unless the server in > question is a domain controller which the user did not clarify. While > domain admins global group is in the local administrators group of a > domain computer by default any domain user account can be added or > the credentials of any user in the local administrators group can be > used including the built in administrator account.. --- Steve Good point. That is probably the best option, to add the domain user account to the local administrators group. Kerry >>> I'm trying to mount admin$ of one of our NT Server machines onto my >>> XP machine. I do not have permissions to do so, but I can't find the [quoted text clipped - 18 lines] >> >> Kerry Only an administrator can access that share which is full control access to the systemroot folder and is hard coded by the operating system. If you have a real need to do such then you will have to use credentials for a user account that is an administrator on the target computer. If you do not need full control then you can create your own share with the access needed.--- Steve http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314984&sd=tech --- info on administrative shares > I'm trying to mount admin$ of one of our NT Server machines onto my XP > machine. I do not have permissions to do so, but I can't find the [quoted text clipped - 8 lines] > > Maury |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2010 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.