Thursday, March 17, 2022

Windows 10 - How to Disable UAC Remote Restrictions - LocalAccountTokenFilterPolicy


I've been testing out a new RMM recently. However after several failed hours trying to decipher a Windows 10 error code I stumbled across a small speed bump that had been causing this error.

I was trying to access a bunch of Windows 10 test VM's across the network by calling up their IP followed by "c$" to access their hidden shares. I needed to copy files to the remote machine but I kept receiving an access denied error.

*Applies to a Windows 8.1 computer sending data to a Windows 10 computer.
*Applies to a Windows 10 computer sending data to a Windows 10 computer.

I tried a bunch of different ways to access two test machines running different versions of Windows 10. Versions were 21H1 & 21H2. Neither seemed to change the outcome.


I tried the following:
  • Connect via "\\\c$"
  • Connect via "\\\admin$"
  • Remotely connect to another machine using "services.msc"
  • Remotely connect to another machine using "regedit.exe"
  • Even "Computer Management" failed to connect to the remote machine.
They all returned back with "Error Code 5: Access Denied after typing in the username and password on that machine.
  • I made sure the local user existed on both machines with the same password and both had "Administrator" rights.
So far this isn't working like any previous version of Windows and I know that I've been able to connect to hidden shares easily with the correct credentials countless times in the past without having to do anything extra.

I start digging further and come across a Microsoft Knowledge Base article that talks about remote UAC control restrictions for Windows Vista. I know I've seen this post before but I never had to explicitly change anything in the registry to get this to work.

I proceeded to read on and found that one registry key needs to be added and all is right in the world again.๐Ÿ˜’

How to Disable UAC Remote Restrictions in Windows 10:

  1. Start --> Run --> regedit
  2. Paste "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" without quotes into regedit and hit Enter.
  3. Create a new DWORD (32-bit) Value called, "LocalAccountTokenFilterPolicy" if it doesn't exist and give it a value of 1. Hit OK to save.
  4. Exit regedit.
Be sure to add a "DWORD (32-bit) Value" and not a "QWORD (64-bit) Value".

Now if you try any of the things I've mentioned at the beginning of this post they should work without an issue. You do not need to restart or even close the Registry Editor for this to take effect.

It seems that Microsoft has restricted legit local Administrator accounts from achieving full admin access unless interactively accessed via RDP or the likes.


No comments: