最近要用psexec远程运行win7下的程序,但是这个psexec必须要用可以访问admin share的帐号才能工作(admin share就是\\computername\c$这种访问方式)。由于win7在workgroup下默认是不能使用admin share的(入域后的域管理员是可以用admin share的),所以需要更改一下windows的设置:
1. 打开network discovery和file and printer sharing
2. 注册表HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System加一个DWORD类型的key “LocalAccountTokenFilterPolicy”, value为1:
之后重启电脑就OK了。
如果还不能访问admin share,就要再查查是不是加入homegroup了:
打开control panel -> Network and Internet -> HomeGroup,点击HomeGroup并离开Homegroup
如果还是不能访问admin share,就要折腾一下组策略里面的设置了:
1. 运行secpol.msc
2. 定位到“Local Policies” -> “Security Options”
打开Network Security: LAN Manager authentication level” ,设置为“Send LM & NTLM – use NTLMv2 session security if negotiated”
3. 运行gpedit.msc
4. 定位到“Computer Configuration”/Windows Settings/Security Settings/Local Policies/Security Settings“
5. Enable下面这些:
Network access: Allow anonymous SID/name translation
Network access: Let Everyone permissions apply to anonymous users
6. Disable下面这些:
Network access: Restrict anonymous access to Named Pipes and Shares
Network access: Do not allow anonymous enumeration of SAM accounts
Network access: Do not allow anonymous enumeration of SAM accounts and shares