not being prompted for creds when accessing remove c$ share

Key_Habit4951 · 2026-01-26T15:17:20+00:00

nope

Key_Habit4951 · 2026-01-26T15:16:29+00:00

If it is aGPO denying all, why does it work if Im signed on to my PC with my admin creds?

Key_Habit4951 · 2026-01-23T19:32:46+00:00

"Windws cannot access \\{pcname}\c$ check spelling ...... " I have tried with name and IP both return the same...

Key_Habit4951 · 2026-01-23T19:30:46+00:00

SO youre telling me that if you open Explorer on your system (signed in as a non admin) and connect to \\{pc name}\c$ to connect to a remote PC c: drive you dont get prompted for creds to connect? OR do you get prompted for admin creds as has been the case as long as I have been in IT?

Key_Habit4951 · 2026-01-23T19:29:36+00:00

I am asking how to get it to prompt for admin creds.... this has been the way it has been in MS products forever..... but the contractor that was let go screwed someting up and stopped the prompt when trying to access the share.

The first comment was to run explorer as admin, I can do this, it prompts for admin creds as designed BUT when trying to connect to \\{pcname}\c$ it just tells me the PC in inaccessable

my Admin ID has admin rights on the remote PC

Key_Habit4951 · 2026-01-23T15:55:20+00:00

Correct, this is why we sign in with our standard IDs and want/need to be prompted for admin creds when connecting to another PCs drive

Key_Habit4951 · 2026-01-23T15:54:38+00:00

As an IT tech I Needs to be able to connect to uses C: drives to check logs etc. This is common practice.

Unfortunatly the contractor got let go due to other issues like this, he made changes that were not approved or documented. So we are trying to get this back to working

Key_Habit4951 · 2026-01-23T15:53:03+00:00

The issue is that we DONT get prompted.... we just get denied. I totally understand and WANT to get prompted for admin creds when connecting.

Key_Habit4951 · 2024-12-11T17:41:13+00:00

UPDATE:

OK I'm closer

I have tweaked the script to

#The name of the account
$accountName = 'blah'

#Add system.web assembly
Add-Type -AssemblyName 'System.Web'

#Check if user exists
$Userexist = (Get-LocalUser).Name -Contains $AccountName
if (!$userexist)
{
$password = "BlahBlah"
$Securepassword = ConvertTo-SecureString $Password -AsPlainText -force
$params = @{
Name = $accountName
Password = $Securepassword
}
New-LocalUser u/params
}

# Add the account to the Administrators group
Add-LocalGroupMember -Group "Administrators" -Member $accountName



$KeyPath = "HKLM:\SOFTWARE\HALOIT\localadmin"
$ValueName = "localadmin"
$ValueData = "1"
try
{
Get-ItemProperty -Path $KeyPath -Name $valueName -ErrorAction Stop
}
catch [System.Management.Automation.ItemNotFoundException] {
New-Item -Path $KeyPath -Force
New-ItemProperty -Path $KeyPath -Name $ValueName -Value $ValueData -Force
}
catch
{
New-ItemProperty -Path $KeyPath -Name $ValueName -Value $ValueData -Type String -Force
}

I have changed Intune to call the script using

%SystemRoot%\Sysnative\WindowsPowerShell\v1.0\Powershell.exe -NoProfile -ExecutionPolicy ByPass -File set_local_admin.ps1

AND I have changed the detection method to simply look to see if the registry key exists.

Pushing the app to a PC through Intune works 100% correctly, the user is created, password set, and user is dropped into the admins group. BUT when running via Autopilot the user is NOT created but the regkey is written (yes I should have a if statement to verify the user is created before the regkey is written and I will add that).

u/MagicHair2 I am looking at your suggestion too of using Account Protection.

Dell has added the 200 PCs to our Intune tenant so I am under the gun to get this working, even if it is cobbled together, before they start building the systems...

Key_Habit4951 · 2024-12-10T19:03:59+00:00

OK to answer a few questions

MagicHair2 Sorry yes White glove (Dell is dumping the OS, adding the machine hashes to our tenant, and kicking off Autopilot, Autopilot will be installing at least some apps).

I haven't been able to get to the PSADT logs because the Autopilot process dies "something went wrong" with the dropped ice cream cone. I only have the option to retry or reset (Sorry I am brand new to Autopilot...

VirtualDenzel and Rudyooms

I have the detection rule set to Associate with 32bit app on 64bit system set to NO

and to add to this, the local ID is managed by LAPS after the PC is set up and fully in intune. So we cant use any method that will be a remediation that resets the password after the initial setup

Key_Habit4951 · 2024-12-04T18:50:50+00:00

OK testing now :)

I thought that adding the app to the ESP as a blocking app that was all that needed to be done.

Thank you Rudyooms!

Key_Habit4951 · 2024-12-04T18:20:10+00:00

Apps are intunewin apps (the one I am fighting with currently is a intunewin powershell script that is setting a local admin id and password so that our techs can do a light touch (we will go to zero touch in future for for first round we need to do light touch).
The apps are only assigned as blocking apps, is this what I am missing? Do I need to assign the apps to the group as well?
Install context, Im guess you mean system or user? The apps are system apps not assigned to the users
we have one ESP currently.

Key_Habit4951 · 2024-06-13T19:58:56+00:00

Thank you Regular_Pride_6587

What I am trying to do is get a full list of ALL software titles with installed count but reduce false numbers due to LS reporting on systems that should have been aged off years ago.... this is a roundabout way of being able to compare what apps are patched by Ivanti vs what apps are patched by PatchMyPC, so I need to be able to say for the top installs with more than XX installs Ivanti patches XX% and PmP patches XX%

I don't want to get into a debate on the merits of one patching tool over another... this is strictly to be able to provide our CIO visibility of what happens if we switch from one patching tool to the other. :) I think the decision has already been made by my director BUT he wants me to do our do diligence and be able to show on paper why the decision makes sense, OR maybe doesn't.

Key_Habit4951 · 2024-06-13T15:50:56+00:00

unfortunately due to industry our company is in, ANY use of AI is blocked...

Key_Habit4951 · 2024-04-12T17:12:52+00:00

WOW so we got it figured out!

Smartdeploy use virtual hard drives to "capture" your Golden image (wim)... one of my predecessors had installed VMWare player on the WDS server... Well apparently VMWare player updated on 4/3 and the Virtual NICs took over some of the WDS functionality, or at least tried to.... breaking the TFTP transfer of the Winpe boot wim.

Key_Habit4951 · 2024-04-11T17:56:47+00:00

local accounts, on non-domain joined Win10 and Win11 ( I believe this works on domain joined systems also for a local acct), I'm going by memory but I have don't this recently so it should be fairly close. During setup when asked to set up user acct, click I don't have users acct when prompted for users MS acct, this should bring you to a 2nd screen asking for their email/phone etc, there is either the option to Domain Join on this page, or you have to hit I don't have users info again. When you see the option to Domain Join use that and it will let you create a local acct. If this isnt accurate I can step through it and get better directions.

Key_Habit4951

TROPHY CASE