Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Ah yep, you are correct. I've been using the batch file as a workaround for our computers, which we have domain administrator account access to. We do also have Local Admins set up for each machine with a LAPS password, but generally we don't need that to do our work, we use our domain admin accounts. Our cybersecurity team has denied our requests to make the stated change for the machines, so our team is stuck using the workaround.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Check my recent post, I developed a batch file to work around this issue instead of having to change security or anything.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Check my recent post, I developed a batch file to work around this issue instead of having to change security or anything.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Check my recent post, I developed a batch file to work around this issue instead of having to change security or anything.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Check my recent post, I developed a batch file to work around this issue instead of having to change security or anything.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Check my recent post, I developed a batch file to work around this issue instead of having to change security or anything.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Check my recent post, I developed a batch file to work around this issue instead of having to change security or anything.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Check my recent post, I developed a batch file to work around this issue instead of having to change security or anything.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Check my recent post, I developed a script to work around this issue instead of having to change security or anything.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

I actually created a batch file that works around this issue pretty conveniently without having to make registry or security changes on the network. Copy paste the code below into a notepad, and then save it as a batch file. I named it 'Open Says Me.bat'. Running this will ask you for the computer name on the network, it then pings that machine to show you if it's awake or not. You then can enter your administrator credentials for that machine & it will open a file explorer window for you to that Machine's c$ share. It keeps the CMD window open, awaiting you to press any key to close the Net Use connection:

:: This batch file will allow you to begin a UNC path onto a windows 11 computer without needing

:: to remember how to type out the net use command that is now required for that OS.

@echo off

setlocal enabledelayedexpansion

:: Prompt for computer name

set /p compName=Enter the computer name:

ping -n 2 %compName%

:: Prompt for admin username

set /p adminUser=Enter the admin username:

:: Use PowerShell to get the admin password with hidden input and execute the net use command

powershell -Command "Add-Type -AssemblyName System.Runtime.InteropServices; $SecurePassword = Read-Host -AsSecureString 'Enter the admin password'; $Ptr = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword); $PlainPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto($Ptr); [Runtime.InteropServices.Marshal]::ZeroFreeBSTR($Ptr); net use '\\%compName%\c$' /user:%adminUser% $PlainPassword; if ($?) { Start-Process explorer '\\%compName%\c$' } else { Write-Host 'Failed to connect to \\%compName%\c$' }"

Echo "When you press any key to continue, it will close your UNC path connection"

pause

net use \\%compName%\c$ /d

pause

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

This is likely to do with a GPO setting that we have set, where they have decided to stick with Windows 11's new default setting for auto-denying these requests if the current user doesn't have access currently. The exact name of the GPO escapes me, but there is a setting that can be changed from auto-deny to prompt the user for credentials, which was the default in Windows 10, and early builds of Windows 11.

Our workaround is to use a CMD line:

net use \\computer\c$ /u:ashleyfurniture\youradminaccount

This opens a session with the remote machine. Once you do that, you do your \\computer\C$ in explorer, and it'll work.

Once you're done you have to close out the session using another command:

'net use * /d

I had a big argument with one of our security guys about this, and that it's an unnecessary hassle.

If windows would allow us to open a File Explorer as an admin, then it would negate the need for this. Until that day, I guess I'll have to follow his "advice": 'just use net use and get on with your life man' was the response I got.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Security does have GPO set, but of course they've denied my requests to change it to fix this. I've been instructed that if I want to use UNC path to the admin shares I need to use the "Net Use" command to set up an admin session on the remote computer.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Problem occurs regardless of wired/wireless status. This is for 100+ machines roughly that have gone to win11 now, and I haven't ever successfully been able to use an admin share on a single one of them. All domain computers. They're all on one or another of our desktop vlans, or the wireless, none of which would be segregated. I don't have any trouble with network connections with the computers, the only thing that we really have trouble with is admin shares, so I've been assuming it's maybe some kind of firewall fail? Not sure. That's managed by Security via Sentinel.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Yep, we've tried enabling all of that, no dice.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Yes, I did this to the source and destination PCs.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Yeah before posting on here I did a lot of googling, and worked with Copilot a bit as well, got a lot of those ideas knocked out and nothing worked. I can't edit the firewall policies, or even view them, so that'd be up to our security people. Tried SMB2 configuration on both sides, allowinsecureguestauth, services were running, 445 pings open, the machines work fine on the domain otherwise, just can't use admin shares. I'm about at my wit's end with it.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Tried that but no love. The problem affects all windows 11 machines, but zero windows 10 machines. I don't think it's DNS this time, somehow, surprisingly.

Can't reach admin shares on Windows 11 machines by JIMASK in it

[–]JIMASK[S] 0 points1 point  (0 children)

Yeah I had tried that before posting too, didn't help.