We recently tried to connect to the administrative shares (i.e. C$, E$, admin$, …) on a PC that was not part of a Domain using a Microsoft Account that was setup on that remote PC. We were frustrated to find it errored out with “You might not have permission to use this network resource”
After a few hours of poking around we found the root cause was in User Access Control (UAC).
What is User Access Control?
UAC was introduced with Windows Vista as a means of protecting low skill administrators (often home users) from themselves. The basic idea is that UAC will present an approval popup to perform most administrative tasks, even if the current user is logged as an administrator. There are however other UAC functions that do things like lock down C:\PROGRAM FILES and that create virtualized copies of important files.
UAC in its original form caused much consternation and is likely the largest reason Windows Vista was a commercial failure. Over the last 15 years it has since been massaged into a much more nuanced feature that still performs the core role of protecting admins from themselves but without constant and unexpected annoyances.
If you want more information on the UAC details, Local Security Policy and Group Policy take a look at our original UAC article from 2010 HERE.
How to Work Around The Security Issue?
The solution to “You might not have permission to use this network resource” when working with Microsoft Account is to modify the Local Security Policy to DISABLE a setting named LOCAL POLICIES > SECURITY POLICIES > USER ACCOUNT CONTROL: RUN ALL ADMINISTRATORS IN ADMIN APPROVE MODE.
We demonstrate the problem and the solution in this video:
0 Comments