Access Denied Trying to Connect to Administrative Shares C$, D$ etc.

Under certain circumstances, you cannot connect to administrative shares (e.g. C$) on remote computers, even though you use the right credentials. Accessing a normal (i.e. non-administrative) share works flawlessly, though.


In this situation you get the following error when trying to connect to the admin share in Explorer:

This is the message text:

\\\c$ is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

Multiple connections to a server or shared resource by the same user, using more than one username, are not allowed. Disconnect all previous connections to the server or shared resource and try again.

The message hints at multiple connections, but that is misleading.

When you try to connect to the admin share on the command line, you get a different error message:

C:\>net use \\\c$ /user:win7-2\admin *
Type the password for \\\c$:
System error 5 has occurred.
Access is denied.


As described in MS KB article 951916, Microsoft introduced as part of UAC a little known feature called “UAC remote restrictions”. It filters the access token for connections made with local user accounts or Microsoft accounts (the latter typically have the format MicrosoftAccount\EMailAddress). In other words, it removes the SID for “Administrators”. Connections made with domain accounts remain unchanged.

From KB951016:

If the user wants to administer the workstation with a Security Account Manager (SAM) account, the user must interactively log on to the computer that is to be administered with Remote Assistance or Remote Desktop, if these services are available.

One may like this or not, the solution is luckily pretty simple. UAC remote restrictions can be disabled by setting the registry value LocalAccountTokenFilterPolicy to 1:

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Value: LocalAccountTokenFilterPolicy
Data: 1 (to disable, 0 enables filtering)
Type: REG_DWORD (32-bit)

After a reboot access tokens from remote connections are not filtered any more. On Windows 8 and Windows 10 the reboot is not even required any more.

, ,

29 Responses to Access Denied Trying to Connect to Administrative Shares C$, D$ etc.

  1. George February 10, 2013 at 14:16 #

    I am assuming the UAC reg key is not the case if one admin account (set on both machines) will access the C$ with ease but a newly created admin account on both local and server will toss the access denied prompt. Starting to bug me now and I will probably figure it out come the time anyone responds, but have narrowed it down to a server side error as the local account on the client machine will utilize network level auth to pull remote system info on another machine, but will get the access denied when trying to save that file on the server.

  2. David May 22, 2013 at 15:58 #

    I use a mechanism that runs net use command to verify the local admin account password has not changed on my windows 2003 servers. When we upgraded to 2008 it broke with the system error 5 message. Found your post and this worked for me. Thanks

  3. Carl February 4, 2014 at 18:20 #

    Big thanks on this article, I found it very useful. I was about to make some backups from my laptop to my desktop, and have just been struggling for more than half an hour with connecting. I was just about to give up when realized that I (for some strange reason) have left the wicked UAC feature enabled on the laptop, so that this could have something to do with it. A Google search “uac admin shares” took me here, and a couple of minutes later I was fixed. In my case, the Windoze registry didn’t even have a DWORD there, so at first I thought I was in the wrong key folder. Anyways, I created the DWORD and rebooted the system. Everything worked. Big thanks!

  4. Kapil September 26, 2014 at 11:15 #

    Thanks for the workout … it really work as champ. I was havning problem while access c$ of window 2012 using local admin accout. This regitry twik works and aslo as mention reboot not required.

  5. Terry December 26, 2014 at 20:21 #

    Great find. Thanks much for the tip!

  6. pilat32 March 10, 2015 at 18:38 #

    Very usefull!!! Thanks much

  7. dom March 13, 2015 at 00:28 #

    great tip. worked for me on srv 08. did not even have the Dword, had to add it. srv is a workgroup in dmz

    • Michael March 19, 2015 at 09:24 #

      super! was struggling with this for backing up my servers with veeam in dmz…
      added the key in 2012R2 and it work perfect now!!

  8. dharanesh May 21, 2015 at 06:57 #

    guys, This did not work for me in windows server 2008 r2. Please help

  9. raymov May 18, 2016 at 01:59 #

    To avoid a reboot, simply restart the “Server” Service (along with Computer Browser) in services.msc
    The correct KB article is: 951016

  10. Julian May 25, 2016 at 09:18 #

    Thank you, you saved me hours of hair pulling.

  11. lorisco May 27, 2016 at 08:27 #

    I had the problem for two years. Thanks

  12. Suki August 15, 2016 at 16:45 #

    I’m having the same issue – ran the regedit and rebooted but this hasn’t worked for me either – anyone got any other suggestions?

  13. Schnurpf April 26, 2017 at 21:13 #

    Struggled with this issue since Windows 7. Is still the same in latest Windows 10 release (Creators Update, Version 1703, Build 15063).
    Used the fix as described, – works perfectly.
    Super ! Thank you.

  14. Osvaldo June 19, 2017 at 23:31 #

    Worked like a charm. I do nothave a domain but a standalone Windows 2012 server, and with this solution I was able to map administrative shares with a user account with administrative rights.

  15. Flesz June 21, 2017 at 11:37 #

    Thanks, that worked on Win 2008 R2 which was not on a domain

  16. Season0091 September 18, 2017 at 10:02 #

    It is strange. when I add the key and set to 1. It could work right after the server reboot, but about half an hour passed, the error will appear gain.
    Could any one help? thanks a lot!

  17. Barak October 3, 2017 at 16:12 #

    Right click Computer and hit Manage
    Under System Tools, double click Local Users and Groups then click Groups
    Right click Administrators
    Click Add to group then click Add then Advanced
    Click Find Now
    Double click on Local Service then click OK
    NT Authority\Local Service should show up in the list, click OK then Reboot

  18. Tonelock November 15, 2017 at 02:03 #

    I wanted access to backup files remotely on a Windows 10 pro home group.. This worked fine. I created a .reg file that saved me time and will also create the registry entry as well, if it is missing as it appears to be on Windows 10 Pro.

    A .reg file is is just a text file with a .reg extension. create a text file and save it as EnableRemoteHiddenShares.REG then you can just right click on it and use the merge option. or just double click on it.

    Windows Registry Editor Version 5.00

  19. vitinrj December 17, 2017 at 16:11 #

    Thank you so much.
    It worked great in W7 Pro. Actually it solved a lot of issues which needs admin privileges for local users.
    The key was not there, so I just created and it worked.

  20. Simon December 22, 2017 at 07:25 #

    Wow… six years later and this is *still* so relevant. Excellent work Helge. There is an awful lot of mis-information on the ‘net about this issue and how to fix it. Well done.

  21. Leo January 19, 2018 at 16:05 #

    This did not work for me on Windows 7 32 bit machine.

  22. Alex February 17, 2018 at 13:02 #

    I used this solution everytime… but for some pc, with windows 10 pro, i don’t know why (I think after some windows update) this solution is not enough. Pc (server side) asks me username and password, but does not recognize them. I tried disabling antivirus and firewall, but nothing to do.

    • Llewellyn October 22, 2018 at 20:07 #

      Try this work around; share the network folder (i.e. \\server\C) and grant the user (i.e. user1) read access+.
      Now test and see if it works. This should also bypass UAC Remote Restrictions as you explicitly shared the network share.
      If it still fails, setup the same user on your local computer and try again.

  23. Jibin John Philip March 6, 2018 at 13:41 #

    Access Denied Trying to Connect to Administrative Shares C$, D$ etc.

    Open Registry -regedit
    run as administrator
    Then copy paste below link to the registry


    create new – Dword (32bit value)
    Value data change-1

  24. Gauss August 7, 2018 at 05:16 #

    Thank you!!!

  25. Mike November 8, 2018 at 01:22 #

    We have 3 Win 2008 R2 servers (plus some 2012s). I can access admin shares (C$, D$) at will out of the box with all of them except one 2008 R2 box. I get the same message as posted above. I’ve tried both the domain administrator account and the local administrator account.

    I compared the registry on all 3 2008 boxes and they are all exactly the same – none of them have that key. Two of them I can access fine, the other one I can’t. Firewalls are off on all of them.

    I also checked the local administrators group for the LOCAL SYSTEM account and it is not there in all 3 boxes.

    I know this is an old post but maybe somebody has new info.


  26. Baldo November 8, 2018 at 10:19 #

    Had an issue with Veeam B&R using a local account for connecting and activating VSS, applied this solution and worked for me. Great! Thanks

  27. Vitek June 12, 2019 at 04:51 #

    Thank you so much!!! Making this change allowed me to access the admin shares.

Leave a Reply