Troubleshooting the ADMIN$ or IPC$ shares can be a painful ordeal for some.
SysAdmins use the ADMIN$ share for programs and services to deploy or run from a network, remotely. The IPC$ share is the default share you connect to when you type \\hostname in your address bar. These shares are required for SysAdmins to deploy their software or otherwise manage their environment of Windows clients.
By default, Windows automatically creates special hidden administrative shares that administrators, programs, and services can use to manage the computer environment or network. These special shared resources are not visible in Windows Explorer or in My Computer.
The IPC$ share is also known as a null session connection. By using this session, Windows lets anonymous users perform certain activities, such as enumerating the names of domain accounts and network shares. The IPC$ share is created by the Windows Server service
- Microsoft’s definitions
I use PDQ Deploy for remote installations of packages, and it works great! I was trying to push out an installation, but it kept failing. The reason was due to the ADMIN$ and IPC$ shares not being accessible with my account. Using their Remote Repair tool, the errors found were related the ADMIN$ and IPC$ shares, but could create services, which seemed odd. I ensured that Windows Firewall (the only one at the time) was allowing File and Printer Sharing traffic through on Private profiles. But I couldn’t even access it by \\IP_Address or \\Hostname. This was weird…
Was it the registry?
I already ensured the registry entry was correct. Navigating to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System in the registry, I then created a new DWORD (32-bit) Value named LocalAccountTokenFilterPolicy, with a value of 1. This should generate the ADMIN$ and IPC$ shares, yet I still cannot connect to this computer!
I tried rebooting, running updates, and even disabling the Firewall temporarily; however, I could not access ANY file shares! Next, I turned to the Network Adapter.
Network Adapter? What do you mean?
I went to Control Panel -> Network and Sharing Center -> Change Adapter Settings, right-clicked on the LAN connection, and clicked Properties. I found that many services and clients were not installed on the network adapter, at all! It had IPv4 installed, and that was it! I had to add more to the list.
I clicked on the Install… button at the bottom, and added each of the components below:
- Client for Microsoft Networks (Client)
- QoS Packet Scheduler (Service)
- File and Printer Sharing for Microsoft Networks (Service)
- Internet Protocol Version 6 (TCP/IPv6) (Protocol)
- Internet Protocol Version 4 (TCP/IPv4) (Protocol)
- Link-Layer Topology Discovery Mapper I/O Driver (Protocol)
- Link-Layer Topology Discovery Responder (Protocol);
This can be daunting to touch every computer, and navigate a likely-customized Control Panel. If you want to do it via the command line, check out this post for adding the protocols, services and client with the command line. Save it as a .CMD file, then you can run around with a USB stick or stick it on a network server.
I clicked OK to close the dialog, and I could push my software back out! Hopefully this missing step helps some other SysAdmins out there - I didn’t set up this computer, my predecessor did.