I am trying to set up a pair of Windows XP computers in a Workgroup
(no Windows Domain) such that the special "Admin$" share of one is
available to the other. I need to do this to use PsExec.

On a Windows Domain network this is possible by making \\DOMAIN\User
an administrator on the admin$-sharing computer, and then logging in
as that user to the admin$-accessing computer.

But the network I have to get this working in has no Windows Domain,
just a plain old Workgroup. I just want to get PsExec functioning.
Security is a non issue (a small LAN, used by trusted people and
separated from the internet by an air gap).


Here is what happens if I try "NET USE" (admin is an account on both
machines with administrator privelidges whose password is pswd on both
machines)

C:> NET USE L: \\REMOTE\admin$ pswd /USER:admin
System Error 5 has occurred.

Access is denied.


And if I just type "\\REMOTE\admin$" into an explorer address bar I
get a "Connect to REMOTE" dialog in which the user is fixed at
"\\REMOTE\Guest", the password can be editted, but pressing OK only
ever redisplays the dialog.


Thanks,
Tom.

In article <(E-Mail Removed)>,
(E-Mail Removed) (Tom Hanks) wrote:
>I am trying to set up a pair of Windows XP computers in a Workgroup
>(no Windows Domain) such that the special "Admin$" share of one is
>available to the other. I need to do this to use PsExec.
>
>On a Windows Domain network this is possible by making \\DOMAIN\User
>an administrator on the admin$-sharing computer, and then logging in
>as that user to the admin$-accessing computer.
>
>But the network I have to get this working in has no Windows Domain,
>just a plain old Workgroup. I just want to get PsExec functioning.
>Security is a non issue (a small LAN, used by trusted people and
>separated from the internet by an air gap).
>
>
>Here is what happens if I try "NET USE" (admin is an account on both
>machines with administrator privelidges whose password is pswd on both
>machines)
>
> C:> NET USE L: \\REMOTE\admin$ pswd /USER:admin
> System Error 5 has occurred.
>
> Access is denied.
>
>
>And if I just type "\\REMOTE\admin$" into an explorer address bar I
>get a "Connect to REMOTE" dialog in which the user is fixed at
>"\\REMOTE\Guest", the password can be editted, but pressing OK only
>ever redisplays the dialog.
>
>
>Thanks,
>Tom.

I assume that you have XP Professional: to the best of my knowledge,
XP Home Edition doesn't have administrative shares.

I suspect that you just need to disable simple file sharing on the
computer that you're trying to access. Go to My Computer | Tools |
Folder Options | View and scroll to the end of the list of advanced
settings.

If that results in a user name and password prompt, enter values
corresponding to an administrator account on the computer that you're
accessing.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

"Steve Winograd [MVP]" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...
> In article <(E-Mail Removed)>,
> (E-Mail Removed) (Tom Hanks) wrote:
> >I am trying to set up a pair of Windows XP computers in a Workgroup
> >(no Windows Domain) such that the special "Admin$" share of one is
> >available to the other. I need to do this to use PsExec.

[snip]

> I assume that you have XP Professional: to the best of my knowledge,
> XP Home Edition doesn't have administrative shares.
>
> I suspect that you just need to disable simple file sharing on the
> computer that you're trying to access. Go to My Computer | Tools |
> Folder Options | View and scroll to the end of the list of advanced
> settings.

You're correct, "simple file sharing" was not my friend. Now I can
access admin$ well enough for my purposes. Thankyou.

> If that results in a user name and password prompt, enter values
> corresponding to an administrator account on the computer that you're
> accessing.

Oddly, whenever the password box is displayed it has the same problem
as before (always has the account "REMOTE\Guest", password can be
editted but clicking [OK] just redisplays the dialog).

This can be avoided in two ways.

1. Perform the command line...
NET USE L: \\REMOTE\admin$ pswd /USER:admin
...and then \\REMOTE\admin$ can be accessed (either as drive L: or
simply as the absolute path "\\REMOTE\admin$")

2. Use an account on the LOCAL computer that also exists with
administrator privelidges and the same password on the REMOTE
computer.

Thanks,
Tom Hanks.

On 8 Feb 2004 14:17:35 -0800, (E-Mail Removed) (Tom
>"Steve Winograd [MVP]" <(E-Mail Removed)> wrote
>> (E-Mail Removed) (Tom Hanks) wrote:

>> >I am trying to set up a pair of Windows XP computers in a Workgroup
>> >(no Windows Domain) such that the special "Admin$" share of one is
>> >available to the other. I need to do this to use PsExec.

>> I assume that you have XP Professional: to the best of my knowledge,
>> XP Home Edition doesn't have administrative shares.

I wish that was true, but it's cursed with Admin$, IPC$, C$ etc.

>> I suspect that you just need to disable simple file sharing on the
>> computer that you're trying to access. Go to My Computer | Tools |
>> Folder Options | View and scroll to the end of the list of advanced
>> settings.

>You're correct, "simple file sharing" was not my friend. Now I can
>access admin$ well enough for my purposes. Thankyou.

Let's hope the entire Internet doesn't share that access - else your
PC is likely to be "automated" to do who knows what!

>Oddly, whenever the password box is displayed it has the same problem
>as before (always has the account "REMOTE\Guest", password can be
>editted but clicking [OK] just redisplays the dialog).

>This can be avoided in two ways.

>1. Perform the command line...
> NET USE L: \\REMOTE\admin$ pswd /USER:admin
> ...and then \\REMOTE\admin$ can be accessed (either as drive L: or
> simply as the absolute path "\\REMOTE\admin$")

>2. Use an account on the LOCAL computer that also exists with
> administrator privelidges and the same password on the REMOTE
> computer.

Interesting, thanks. Personally I'd like the option to get rid of
these (as one can the C$, D$ etc.). Allowing write access to the
startup axis and other "magic" locations is poor Safe Hex,
facilitating direct intra-LAN and possibly Internet attack.



>---------- ----- ---- --- -- - - - -
Consumer Asks: "What are you?"
Market Research: ' What would you like us to be? '
>---------- ----- ---- --- -- - - - -

In article <(E-Mail Removed)>, "cquirke (MVP
Win9x)" <(E-Mail Removed)> wrote:
>On 8 Feb 2004 14:17:35 -0800, (E-Mail Removed) (Tom
>>"Steve Winograd [MVP]" <(E-Mail Removed)> wrote
>>> (E-Mail Removed) (Tom Hanks) wrote:
>
>>> >I am trying to set up a pair of Windows XP computers in a Workgroup
>>> >(no Windows Domain) such that the special "Admin$" share of one is
>>> >available to the other. I need to do this to use PsExec.
>
>>> I assume that you have XP Professional: to the best of my knowledge,
>>> XP Home Edition doesn't have administrative shares.
>
>I wish that was true, but it's cursed with Admin$, IPC$, C$ etc.

I've just checked four different XP Home Edition computers, Chris, and
I don't see what you see. I'm running compmgmt.msc, clicking Shared
Folders, then clicking Shares. I see IPC$ (which isn't a shared disk
or folder) and Print$ (if there's a shared printer). I don't see
Admin$, C$, or anything else for shared disks and folders. Where do
you see them? Have you booted to Safe mode and changed any file
system settings?
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

On Mon, 09 Feb 2004 02:15:01 -0700, "Steve Winograd [MVP]"
>In article <(E-Mail Removed)>, "cquirke (MVP
>Win9x)" <(E-Mail Removed)> wrote:
>>On 8 Feb 2004 14:17:35 -0800, (E-Mail Removed) (Tom
>>>"Steve Winograd [MVP]" <(E-Mail Removed)> wrote
>>>> (E-Mail Removed) (Tom Hanks) wrote:

>>>> >I am trying to set up a pair of Windows XP computers in a Workgroup
>>>> >(no Windows Domain) such that the special "Admin$" share of one is
>>>> >available to the other. I need to do this to use PsExec.
>>
>>>> I assume that you have XP Professional: to the best of my knowledge,
>>>> XP Home Edition doesn't have administrative shares.

>>I wish that was true, but it's cursed with Admin$, IPC$, C$ etc.

>I've just checked four different XP Home Edition computers, Chris, and
>I don't see what you see. I'm running compmgmt.msc, clicking Shared
>Folders, then clicking Shares. I see IPC$ (which isn't a shared disk
>or folder) and Print$ (if there's a shared printer). I don't see
>Admin$, C$, or anything else for shared disks and folders. Where do
>you see them? Have you booted to Safe mode and changed any file
>system settings?

That's interesting! No, no tweaks (though if I tweaked, it would be
to .reg away C$, D$ etc. there's one that does that).

They are supposed to be invisible, and are documented to always exist.
There is a .reg that kills them, but there's no way to completely kill
some of the others, esp. IPC$ - best is suppression for remainder of
runtime, but it's back next boot. AFAIK, Admin$ points to C: or the
OS subtree, where the others don't map to file system as we know it.

When I read up on this, I found a "how to exploit" page, as well as
discussions where it was pointed out that these shares were only
hidden from MS-UI stuff (much like +s +h files).

I have to nibble XP while buiding new PCs, which generally aren't
LAN'd until delivery - so learning will be slow :-(



>---------- ----- ---- --- -- - - - -
Consumer Asks: "What are you?"
Market Research: ' What would you like us to be? '
>---------- ----- ---- --- -- - - - -

"cquirke (MVP Win9x)" <(E-Mail Removed)> wrote in message news:<(E-Mail Removed)>...

> >You're correct, "simple file sharing" was not my friend. Now I can
> >access admin$ well enough for my purposes. Thankyou.
>
> Let's hope the entire Internet doesn't share that access - else your
> PC is likely to be "automated" to do who knows what!

This is a timely warning. In my case the computer is on a small
trusted LAN that is seperated from the internet.

Thanks,
Tom Hanks.

On 9 Feb 2004 16:54:42 -0800, (E-Mail Removed) (Tom
>"cquirke (MVP Win9x)" <(E-Mail Removed)> wrote

>> >You're correct, "simple file sharing" was not my friend. Now I can
>> >access admin$ well enough for my purposes. Thankyou.

>> Let's hope the entire Internet doesn't share that access - else your
>> PC is likely to be "automated" to do who knows what!

>This is a timely warning. In my case the computer is on a small
>trusted LAN that is seperated from the internet.

Good one. In case of migration from some other entrance method to
trans-LAN spread (a standard feature of many malware), I'd still limit
and manage shares. What I usually do is:
- write-share only data locations, with no auto-run opportunities
- maintain a "data hygiene" policy; no executables in such locations

You can put a fist in the glove by automatically sweeping these data
shares for executables and deleting them, or simply leave it as a
matter of policy; "if you see executables (digression on what an
'executable' is) in here, don't run them; they *will* be intruders".

The main "autorun opportunities" are:
- patching into system startup; StartUp, Win.ini, Autoexec.bat etc.
- patching into app startup; MS Office StartUp, Normal.dot etc.
- \Autorun.inf (suppress via NoDriveTypeAutoRun=9D and others)
- desktop.ini / "View As Web Page"
- any dir in the Path
- other magic-name opportunities

"View As Web Page" is potentially the biggest risk, as this makes
every full-shared directory a malware launchpad. The most dangerous
practice is to full-share C:\ as "C" and map a drive letter to it; the
auto C$ may be less visible, but I'd rather it was completely gone.

TCP/IP on LAN can make it more difficult to use personal firewall
software, which in turn makes it harder to spot call-home behaviour
(even when this is isn't stealthed through via a trusted wrapper such
as svchost, rundll, rundll32, or a BHO-driven IE).

That's why I liked using NetBEUI or IPX for LAN, wherever Internet
access via router or ICS was not required. But XP botches that.


>-- Risk Management is the clue that asks:
"Why do I keep open buckets of petrol next to all the
ashtrays in the lounge, when I don't even have a car?"
>----------------------- ------ ---- --- -- - - - -