Access denied to Administrative (Admin) shares in Windows 8

Access denied is what you get when you try to map a remote drive by connecting to the Admin share with \\computername\<drive letter>\$ on a workgroup computer. To connect to drive C: on a remote computer, you would map to \\computer\c$. Whereas this works fine for Active Directory domain members, a popup window will appear with the error message “Enter Network Password.”
Profile photo of Michael Pietroforte

Michael Pietroforte

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in IT management and system administration.
Profile photo of Michael Pietroforte

This message is a bit misleading because, by default, there is no such network password. However, in this post, I will explain how you can “create” this password and describe two other ways to access Admin Shares on standalone machines.

Access denied admin share

Access denied admin share

Traditionally, Administrative Shares have been a favorite Windows feature of hackers and crackers. And, as everyone knows, the best way to improve security is to give in to hackers and terrorists by restricting the freedom to move for everyone. Thus, even if you have an account with administrative rights, Windows will deny access to Admin Shares by default.

Access to Admin Shares is often required to remotely administer computers. That’s why they are called Administrative Shares. In a corporate environment, it might make sense to get your administrative privileges back.

Map Admin Shares with the built-in administrator account ^

The network password that I referred to above is the password of the built-in administrator account, which is disabled by default in Windows 8. A while back, I outlined two methods for enabling the built-in administrator account if you have no other administrator account. Here I assume that you have another account with admin privileges. To enable the administrator account, you just have to launch a command prompt with administrator privileges and then type net user administrator /active:yes.

If you now try to connect to an Admin Share with the user name “administrator,” you will receive the error message “Login error: user account restriction. Possible reasons are blank passwords not allowed,… Yup, we have to create the ominous network password that I mentioned above.

Login failure - user account restriction blank password

Login failure – user account restriction blank password

Open the Control Panel, click User Account and Family Safety (“family safety”—funny, isn’t it?), click User Accounts, and then Manage Accounts. You should see the local Administrator now, and you can set a password.

Create a network password for local Administrator account

Create the network password for local Administrator account

You can now access Administrative Shares remotely with the built-in Administrator account.

LocalAccountTokenFilterPolicy – UAC remote restrictions ^

The reason why access is denied if you try to access an Admin Share with an account with administrator privileges is User Account Control (UAC). For the built-in administrator account, UAC prompts are disabled by default. That is why the above described procedure works. If you don’t want to enable the built-in administrator for security reasons, you can disable the UAC remote restrictions with the LocalAccountTokenFilterPolicy Registry setting. Note that this will also enable other remote management features, such as the ability to remotely connect through the Computer Management console.

To get rid of the Access Denied message, follow this procedure:

  1. Launch the Registry editor by typing regedit.exe in the Start Screen.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.
  3. Create a new entry by right-clicking System and then selecting DWORD (32-bit) Value.
  4. Choose LocalAccountTokenFilterPolicy as name for the new entry.
  5. Set the value of LocalAccountTokenFilterPolicy to 1 by right-clicking the new entry.



Disable UAC Admin Approval mode ^

Another way to access Administrative Shares is to disable the Admin Approval mode for all administrator accounts. Note that this setting not only removes the remote UAC restrictions as described above, but it also affects UAC for logged-on administrator accounts.

Note: Disabling UAC Admin Approval mode will also disable the Windows Store app.

  1. Launch Control Panel, type admin… in the search box, and then click Administrative Tools.
  2. Open the Local Security Policy application.
  3. Navigate to Local Policies > Security Options.
  4. Disable the policy User Account Control: Run all administrators in Admin Approval Mode.

Disable UAC Admin Approval mode

Disable UAC Admin Approval mode

From now on, the Access Denied message will disappear if you try to access an Administrative Share with a local account in the administrators group.

Please let me know if you know another method. I am a how-to collector. 🙂

Also read: Public Folder sharing, network discovery, and password-protected sharing

-1+1 (+1 rating, 1 votes)
  1. avatar
    Nico 3 years ago

    If any local user has a password, i use this:
    op dosprompt
    net use \\ /user:
    then i do \\\c$ from start->run

  2. Profile photo of Michael Pietroforte
    Michael Pietroforte 3 years ago

    Oh yes, you can set the password faster on the command prompt. Thanks for the hint. It is just that I bought this new Logitech touch mouse a few days ago and now I enjoy “click-click” even more. 😉

  3. avatar
    Alan 3 years ago

    Using the “Disable UAC Admin Approval mode” method appears to disable the ability to run the Windows 8 Microsoft “Store” application. The application reports that UAC is disabled and must be re-enabled to launch Store.
    Using the “LocalAccountTokenFilterPolicy – UAC remote restrictions” method above removes the “Access is denied” message and doesn’t disable the Store application.

  4. Profile photo of Michael Pietroforte
    Michael Pietroforte 3 years ago

    Alan, thanks for the hint. I added a note to the article.

  5. avatar
    Sandeep 1 year ago

    I am trying to do the regedit method in windows 8.1 (64bit) but it keeps on asking the username and password. Is there any other work around for windows 8.1 environment?

  6. Profile photo of Michael Pietroforte

    Sandeep. Do you also get the prompts if you disable the UAC policy?

  7. avatar
    TanMan 1 year ago

    I installed Windows 8.1 x64 with the other computers still running Windows 7 x64, and I had to change the UAC policy before I could connect using a common user ID/pwd that has local administrator. Changing LocalAccountTokenFilterPolicy was not sufficient, like it was in Vista and Windows 7. And FYI, it’s not necessary to use the policy editor to change the UAC Run All Administrators setting. The registry entry is in the same branch as LocalAccountTokenFilterPolicy (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System) and it’s called EnableLUA. Set it to 0 to disable.

  8. avatar
    Chintz 9 months ago


    I am having a different concern. In my office using of /c$ has been restricted. Now if i am trying to access any PC that is connected in the network, it first asks for username and password for the pc that i am trying to access. As i have the this data, i enter username and password. It does accepts and gets in. But then if i am using /c$ (like, \\PCNAME\c$) then it is not accessible. It says that not connected in network or sometimes gives “Cannot Access Network Share – Get Unspecified Error 0x80004005” error.

    Can you please help me with this.

    Thanking you.

  9. avatar
    MATHISH 6 months ago


    ive made 2 accounts one is administrator and the other is not administrator i couldnt do anything that was in this paige because it come ACESS DENIED YOU HAVE NO PERMISSION can u please give me answer!

  10. avatar
    Jeevanram hansdah 1 month ago

    when ever i install any software it ask me To continue, type  an administrator password and click yes. so what  to do then?

Leave a reply

Your email address will not be published. Required fields are marked *



Please ask IT administration questions in the forum. Any other messages are welcome.

© 4sysops 2006 - 2016

Log in with your credentials


Forgot your details?

Create Account