If you deployed a Windows Server 2012 R2 image with MDT to a machine (physical or virtual) you quickly learned that connecting to the administrative shares, C$, D$ etc. as Administrator is not very easy.
The reason is that MDT sets the FilterAdministratorToken registry value to 1 during deployment, which prevents access to the administrative shares. If you try to do a net use or similar, you are greeted by a non-shiny: System error 5 has occurred. Access is denied.
Trying to connect to C$ as Administrator when FilterAdministratorToken is set to 1.
Note: This is typically not a problem in a normal production environment, where you are using a different admin account, are joined to the domain etc. But when testing stuff in a lab or other standalone / workgroup setup, this is useful info to know about.
The Fix
Simply navigate to the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system registry key, and change the FilterAdministratorToken registry value to 0. No reboot required. Here is how to set the value using PowerShell:
$RegKey ="HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system"
Set-ItemProperty -Path $RegKey -Name FilterAdministratorToken -Value 0if you want to check the value using PowerShell you can use the following command:
$RegKey ="HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system"
(Get-ItemProperty -Path $RegKey).FilterAdministratorToken
And happiness, connection now works 🙂
