Error message when you try to access an administrative share on a Windows Vista-based computer from another Windows Vista-based computer that is a member of a workgroup: “Logon unsuccessful: Windows is unable to log you on”

Consider the following scenario:

You work with a Windows Vista-based computer that is a member of a workgroup.
On this computer, you try to access an administrative share that is located on another Windows Vista-based computer.
The computer that you try to access is a member of a workgroup or a member of a domain. For example, you try to access the C$ administrative share.
When you are prompted for your user credentials, you provide the user credentials of an administrative user account on the destination computer.

In this scenario, you receive the following error message:

Logon unsuccessful:
Windows is unable to log you on.
Make sure that your user name and password are correct.

If you try to map a network drive to the administrative share by using the Net Use command, you receive the following error message after you provide the correct credentials:

System error 5
has occurred. Access is denied.


CAUSE

By default, the User Account Control (UAC) feature in Windows Vista prevents access to administrative shares through the network.


RESOLUTION

To let users have access, we recommend that you create shares on the Windows Vista-based computer by using the appropriate permissions. To share a folder on a Windows Vista-based computer that has file sharing enabled, follow these steps:

1. Click Start, and then click Computer.
2. Locate the folder that you want to share.
3. Right-click the folder that you want to share, and then click Share.
4. If you have password protected sharing enabled, select which users can access the shared folder and their permission level. To let all users have access, select Everyone in the list of users. By default, the permission level is “Reader.” Users who have this permission level cannot change files or create new files in the share. To let a user change files, change folders, create new files, and create new folders, use the “Co-owner” permission level.

If you have password protected sharing disabled, select the Guest account or the Everyone account. This is the same as simple sharing in Windows XP.

5. Click Share, and then click Done.


WORKAROUND

To work around this behavior, follow these steps on the destination computer.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.

1. Click Start, type regedit in the Start Search box, and then press ENTER.

Note If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.

2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

3. On the Edit menu, point to New, and then click DWORD (32-bit) Value
4. Type LocalAccountTokenFilterPolicy to name the new entry, and then press ENTER.
5. Right-click LocalAccountTokenFilterPolicy, and then click Modify.
6. In the Value data box, type 1, and then click OK.
7. Exit Registry Editor.

The LocalAccountTokenFilterPolicy entry in the registry can have a value of 0 or 1. These values change the behavior of the entry as follows:

0 = build a filtered token
This is the default value. The administrator credentials are removed. These credentials are required for remote administration of the print drivers.
1 = build an elevated token
This value enables the remote administration of the print drivers on a server within a workgroup.


MORE INFORMATION

When the destination Windows Vista-based computer and the computer from which you want to access the administrative share are on the same domain, you can access the share by using domain administrator credentials.

You cannot access this administrative share if the destination Windows Vista-based computer is joined to a domain and you try to connect to it by using computer that is joined to a workgroup. This is true even if you supply domain administrator credentials of the domain where the destination computer is located.

For more information about how to share folders or printers in Windows Vista, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/library/bb727037.aspx (http://technet.microsoft.com/en-us/library/bb727037.aspx)



APPLIES TO
Windows Vista Enterprise 64-bit Edition
Windows Vista Ultimate 64-bit Edition
Windows Vista Enterprise
Windows Vista Ultimate
Windows Vista Home Basic 64-bit Edition
Windows Vista Home Premium 64-bit Edition
Windows Vista Business
Windows Vista Business 64-bit Edition
Windows Vista Home Basic
Windows Vista Home Premium

——————————————–

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks

 


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image