Workgroup下开启Win7的Admin share

最近要用psexec远程运行win7下的程序,但是这个psexec必须要用可以访问admin share的帐号才能工作(admin share就是\\computername\c$这种访问方式)。由于win7在workgroup下默认是不能使用admin share的(入域后的域管理员是可以用admin share的),所以需要更改一下windows的设置:

1. 打开network discovery和file and printer sharing

Workgroup下开启Win7的Admin share_第1张图片

 

 

 

2. 注册表HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System加一个DWORD类型的key “LocalAccountTokenFilterPolicy”, value为1:

 

之后重启电脑就OK了。

如果还不能访问admin share,就要再查查是不是加入homegroup了:

  打开control panel -> Network and Internet -> HomeGroup,点击HomeGroup并离开Homegroup

 

如果还是不能访问admin share,就要折腾一下组策略里面的设置了:

1. 运行secpol.msc

2. 定位到“Local Policies” -> “Security Options”

     打开Network Security: LAN Manager authentication level” ,设置为“Send LM & NTLM – use NTLMv2 session security if negotiated”

Workgroup下开启Win7的Admin share_第2张图片

3. 运行gpedit.msc

4. 定位到“Computer Configuration”/Windows Settings/Security Settings/Local Policies/Security Settings“

5. Enable下面这些:

Network access: Allow anonymous SID/name translation
Network access: Let Everyone permissions apply to anonymous users

6. Disable下面这些:

Network access: Restrict anonymous access to Named Pipes and Shares
Network access: Do not allow anonymous enumeration of SAM accounts
Network access: Do not allow anonymous enumeration of SAM accounts and shares

你可能感兴趣的:(group)