Cannot browse Windows 7 admin disk volume shares from Windows 10

Question

Cannot browse Windows 7 admin disk volume shares from Windows 10

Randal Andress 1

From computer A (Windows 10 Home), the file shares on computer B (Windows 7 Pro, laptop) can be successfully accessed by: "\b\users\<username>\desktop\<shared-folder>".

But when browsing the network from computer A by opening the Network in explorer, although computer B shows up as a computer icon, when you open it an error is displayed:

"You do not have permission to access \b."

I get the same error when entering "\b" from computer A.

On computer B, the admin shares (C$, D$, etc,) are enabled via the AutoShareServer and AutoShareWks values in the LanmanServer\Parameters and are visible after restart.

I have another Windows 7 computer on the network whose local disk shares can be browsed to and accessed by opening the computer icon in the Network explorer window but, like the Windows 10 computer A, it cannot browse the shares on computer B when beginning at the local disk volume (C$).

What should I check next?

-Randal

Anonymous

2021-05-28T07:54:37.917+00:00

Please check SMBclient log on windows 10 to see if there are something related for us to troubleshooting.
Randal Andress 1 Reputation point

2021-05-28T16:38:04.953+00:00

I fount this Warning in the Security section:
The AllowInsecureGuestAuth registry value is not configured with default settings.

Default Registry Value:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:0
Configured Registry Value:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:1

I do not recall changing this (I rarely modify the regsitry)
-Randal
Randal Andress 1 Reputation point

2021-05-28T16:44:37.627+00:00

Could there be an event on the Windows 7 side (\b) that might help? Where?

I do see some error events in the Security section on the W10 (A) computer, but they do not seem to be related to the failures that I am getting when I attempt to access B (W7): \b which produces an error dialog "You do not have permission to access \b."

Where else can I look?

BTW, remember this also occurs (can't access \b) from another W7 Computer "C" on the network. Perhaps there is an event on it that could help. -Randal
Randal Andress 1 Reputation point

2021-05-28T16:55:24.627+00:00

One more thing... while "\b" gets a permission error, "\b\users" works!
Thanks for looking into this...-Randal
Randal Andress 1 Reputation point

2021-05-31T22:56:38.243+00:00

Any more ideas?
Randal Andress 1 Reputation point

2021-05-31T22:59:47.457+00:00

What I am trying to figure out is what "permission" would keep me from browsing the 'C' drive but would not prevent me from accessing its folders.

4 answers

Your answer

Anonymous

2021-05-28T07:54:37.917+00:00

Please check SMBclient log on windows 10 to see if there are something related for us to troubleshooting.
Randal Andress 1 Reputation point

2021-05-28T16:38:04.953+00:00

I fount this Warning in the Security section:
The AllowInsecureGuestAuth registry value is not configured with default settings.

Default Registry Value:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:0
Configured Registry Value:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"AllowInsecureGuestAuth"=dword:1

I do not recall changing this (I rarely modify the regsitry)
-Randal
Randal Andress 1 Reputation point

2021-05-28T16:44:37.627+00:00

Could there be an event on the Windows 7 side (\b) that might help? Where?

I do see some error events in the Security section on the W10 (A) computer, but they do not seem to be related to the failures that I am getting when I attempt to access B (W7): \b which produces an error dialog "You do not have permission to access \b."

Where else can I look?

BTW, remember this also occurs (can't access \b) from another W7 Computer "C" on the network. Perhaps there is an event on it that could help. -Randal
Randal Andress 1 Reputation point

2021-05-28T16:55:24.627+00:00

One more thing... while "\b" gets a permission error, "\b\users" works!
Thanks for looking into this...-Randal
Randal Andress 1 Reputation point

2021-05-31T22:56:38.243+00:00

Any more ideas?
Randal Andress 1 Reputation point

2021-05-31T22:59:47.457+00:00

What I am trying to figure out is what "permission" would keep me from browsing the 'C' drive but would not prevent me from accessing its folders.

Answer 1

MotoX80 36,291

One more thing... while "\b" gets a permission error, "\b\users" works!
What I am trying to figure out is what "permission" would keep me from browsing the 'C' drive

I have always used a local account with the same name and password on each machine. If you want to access the administrative shares, C$, then that account needs to be a member of the administrators group.

If you open a command prompt and run "net view \b" does it display the non-administrative shares? What error do you get? Does B have an identical account? Have you checked the security eventlog on B?

Randal Andress 1 Reputation point

2021-06-01T04:31:31.297+00:00

Thanks for your reply!

I have always used a local account with the same name and password on each machine. If you want to access the administrative shares, C$, then that account needs to be a member of the administrators group.

Only accounts on both machines (A and B) are admin and have same name - no passwords. In Network settings I have selected the no passwords option.

Also I have another windows 7 machine (computer 'C'), that has a different admin user name with no password and I can browse it with no problem. So password and user account name would not seem to be the problem.

Here is my "net view" result on computer B:

Shared resources at \localhost

laptop

Share name Type Used as Comment

FEATool Disk
FSX Disk
rpa Disk
Users Disk
The command completed successfully.
MotoX80 36,291 Reputation points

2021-06-01T12:42:59.867+00:00

So on computer A, does "net view \B" show the same share names?
Randal Andress 1 Reputation point

2021-06-01T15:49:15.623+00:00

Again, thank you for this interaction!
From a powershell on computer A (windows 10 home) being run as administrator the following results (computer B name is "v3500":

PS C:\Users\Randal\Desktop> net view \v3500
System error 5 has occurred.

Access is denied.

PS C:\Users\Randal\Desktop>

BUT from the same shell:

PS C:\Users\Randal\Desktop> copy \v3500\users\randal\desktop\testshare\fromb.txt toa.txt
PS C:\Users\Randal\Desktop> type toa.txt
file from B TestSHare folder.

\v3500 (name of computer B) is not accessible from computer A, but from computer A I can copy a file FROM a shared folder on computer B desktop TO computer A.

This behavior is similar to that of using explorer from computer A. Entering "\v3500" gets the permission error, yet entering "\3500\users\randal\desktop\testshare" will list the content of the testshare folder on computer B (v3500), which includes the file that was successfully copied from B to A (fromb.txt).
MotoX80 36,291 Reputation points

2021-06-01T16:10:21.03+00:00

I don't know, it may have something to do with the use of the no passwords option. What about the 3 other shares? Can you access them from the Win10 machine?

Is there a reason for not using passwords? Seems like a rather insecure option to me.
Randal Andress 1 Reputation point

2021-06-01T18:27:35.083+00:00

I can access the 3 other shares (actually when I tried, it failed on "FSX" because I had not yet added "Everyone" to the permissions - which I fixed :-)

Why no passwords? Good question and my reasons are not really good ones (especially if that's what it takes). Most all configuration examples/tutorials say to disable passwords (probably to make things easy).

But the real reason is more than you want to know and is basically because I do not understand networks (despite the fact that I am a retirred software eng) and every time something on my home network changes over the years it seems like getting things to "work" (what I need at the time) is always a blind fumble. I now have a mixture of (sometimes) Xp, iMac, MacBook Pro, Windows 7 and 10.... in addition to of course printer, roku, etc. I lack the confidence that if I add password requirements I would either get it all to work OR get it back to the way it is now:-(
Randal Andress 1 Reputation point

2021-06-01T18:41:51.447+00:00

...the other thing that is really confusing is that I have this other Windows 7 computer ('c') whose shares have been visible (browsable) for years.

The good news is that anything I can think of to check as far as configuration, I can check on each W7 computer (B vs. C). B is Windows 7 Pro and C is Windows 7 Home Premium.
MotoX80 36,291 Reputation points

2021-06-02T00:45:28.897+00:00

Maybe something here, like "Shares that can be accessed anonymous".

http://woshub.com/anonymous-access-shared-folders-printers-windows/

From what I know, the guest account would have to get involved somehow. In a corporate environment (where I'm from) you want to have everything locked down, and guest access is a big no-no. Going after C$ would mean administrator access but you should at least be able to enumerate shares.

If you have a Win7 that "works", and one that doesn't, run gpedit.msc on both systems and compare the configured settings.
Randal Andress 1 Reputation point

2021-06-02T04:53:40.927+00:00

Good ideas and suggestions: compare those policy settings & take a look at anonymous access.

Regarding accounts::W7 that "works" (the "C" computer) has an admin user "Karen" and a guest account that is "off"; W7 that does not "work" (the "B" computer) has an admin user "Randal" and no other accounts.

My current rabbit trail is the SMBv1 and Computer Browser...

https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/smbv1-not-installed-by-default-in-windows#:~:text=The%20Computer%20Browser%20service%20relies%20on%20the%20SMBv1

Computer Browser service seems to be running on both W7s but I can't determine whether SMBv1 is enabled or not, but I think the are the same - they have the same return for the function shown in the above link to determine it.

I will let you know what I find tomorrow.

Thanks for your continued thinking about this.

Answer 2

Hello @Randal Andress ,

I have never used a "Home" version of Windows, so I don't know what features/capabilities it is missing (compared to the "Pro" version). If what I propose below does not work then we can check for alternatives.

In a command windows, running as an administrator, issue the command logman start why -ets -p Microsoft-Windows-SMBClient -bs 64 -nb 999 -o why.etl. This will start an ETW trace session.

Now reproduce the problem. From what I have understood from the above messages, "net view \b" fails and "dir \b\c$\Users" works - if that is so then issue those two commands.

Now stop the trace with the command logman stop why -ets. There should now be a file called why.etl that you could make available here by posting a link to OneDrive, Google Drive, etc. where a copy of why.etl resides.

There is a reasonable chance (but not a guarantee) that analysing the content of why.etl would provide an indication of why the system is behaving as it is.

Gary

Randal Andress 1 Reputation point

2021-06-02T18:19:12.383+00:00

Many thanks for jumping in!

I have uploaded "why.etl" and "testcmdlog.txt" to www.randress.com/msft .

I executed all commands on computer A (name: RPAFEA; W10 Home) from an administrator account powershell started as "run as administrator". All commands are shown in "testcmdlog.txt".

The remote computer "B" (name V3500) is Windows 7 Pro.

Please let me know how I can produce further data if it would be helpful. I also have another W7 computer "C" (user: Karen-PC, W7 Home Premium) which does NOT fail on cmd "net view \Karen-PC".

-Randal

Answer 3

Hello Randal,

Thanks for that. Here is some immediate feedback, so that you know that you efforts were (hopefully) not in vain. We might get some useful input from @MotoX80 too - someone who often has useful insights.

This is what your network traffic looks like when examined with the (now discontinued) Microsoft Message Analyzer tool:

I have highlighted the problematic protocol exchange in yellow. Your Windows 10 client issues a NetShareEnum request for "level 1" information and receives a response with error code 5 (ERROR_ACCESS_DENIED).

The documentation for NetShareEnum ("NetrShareEnum" is just the name of the RPC method that transports the NetShareEnum request) says:

For interactive users (users who are logged on locally to the machine), no special group membership is required to execute the NetShareEnum function. For non-interactive users, Administrator, Power User, Print Operator, or Server Operator group membership is required to successfully execute the NetShareEnum function at levels 2, 502, and 503. No special group membership is required for level 0 or level 1 calls.

It seems as though the Windows 7 "server" is behaving unexpectedly/unexplainably (at the moment). I will need to do a bit of thinking about the next step...

Gary

Randal Andress 1 Reputation point

2021-06-02T21:53:16.013+00:00

101862-comment1.txt

I had trouble entering message (haven't figured out how to best navigate interface), so I just attached a text file.
-Randal
Gary Nebbett 6,216 Reputation points

2021-06-03T08:19:21.34+00:00

Hello Randal,

Another problem with the forum (for me) is that approaching 5% of my posts are referred by some automatic process to a moderator before they (hopefully) appear in the forum. I replied to your last message - let's see if/when it becomes visible here...

Gary

Answer 4

Hello Randal,

The software which implements this platform seems to have many weaknesses; it seems that if you leave a message open too long in a browser window, a session times out and many buttons (Preview, Post, etc.) become ineffective - this may explain your difficulties (refreshing the page helps).

This problem is turning out to be a real mystery. To get a feel for how things should work, I traced what happens on my (Windows 10) "server" when responding to a "net view" (NetShareEnum) request. The best ETW trace that I got was:

This shows the RPC for NetShareEnum (RPC OpNum = 15 (0xF)) to interface srvsvc (4B324FC8-1670-01D3-1278-5A47BF6EE188) arriving and some processing taking place in srvnet.sys.

I checked the srvnet.sys routines and there is no access checking there. The only access checking takes place in the LanmanServer service process, in routine srvsvc!NetrShareEnum. Based on the "level" of the NetShareEnum request, it checks the desired access against this ACL:

0:000> !acl poi(srvsvc!SsSharePrintSecurityObject+10)+14 1  
ACL is:  
ACL is: ->AclRevision: 0x2  
ACL is: ->Sbz1       : 0x0  
ACL is: ->AclSize    : 0xe0  
ACL is: ->AceCount   : 0xa  
ACL is: ->Sbz2       : 0x0  
ACL is: ->Ace[0]: ->AceType: ACCESS_ALLOWED_ACE_TYPE  
ACL is: ->Ace[0]: ->AceFlags: 0x0  
ACL is: ->Ace[0]: ->AceSize: 0x18  
ACL is: ->Ace[0]: ->Mask : 0x000f0013  
ACL is: ->Ace[0]: ->SID: S-1-5-32-544 (Alias: BUILTIN\Administrators)  
  
ACL is: ->Ace[1]: ->AceType: ACCESS_ALLOWED_ACE_TYPE  
ACL is: ->Ace[1]: ->AceFlags: 0x0  
ACL is: ->Ace[1]: ->AceSize: 0x18  
ACL is: ->Ace[1]: ->Mask : 0x000f0013  
ACL is: ->Ace[1]: ->SID: S-1-5-32-549 (no name mapped)  
  
ACL is: ->Ace[2]: ->AceType: ACCESS_ALLOWED_ACE_TYPE  
ACL is: ->Ace[2]: ->AceFlags: 0x0  
ACL is: ->Ace[2]: ->AceSize: 0x18  
ACL is: ->Ace[2]: ->Mask : 0x000f0013  
ACL is: ->Ace[2]: ->SID: S-1-5-32-550 (no name mapped)  
  
ACL is: ->Ace[3]: ->AceType: ACCESS_ALLOWED_ACE_TYPE  
ACL is: ->Ace[3]: ->AceFlags: 0x0  
ACL is: ->Ace[3]: ->AceSize: 0x18  
ACL is: ->Ace[3]: ->Mask : 0x000f0013  
ACL is: ->Ace[3]: ->SID: S-1-5-32-547 (Alias: BUILTIN\Power Users)  
  
ACL is: ->Ace[4]: ->AceType: ACCESS_ALLOWED_ACE_TYPE  
ACL is: ->Ace[4]: ->AceFlags: 0x0  
ACL is: ->Ace[4]: ->AceSize: 0x14  
ACL is: ->Ace[4]: ->Mask : 0x00000001  
ACL is: ->Ace[4]: ->SID: S-1-1-0 (Well Known Group: localhost\Everyone)  
  
ACL is: ->Ace[5]: ->AceType: ACCESS_ALLOWED_ACE_TYPE  
ACL is: ->Ace[5]: ->AceFlags: 0x0  
ACL is: ->Ace[5]: ->AceSize: 0x14  
ACL is: ->Ace[5]: ->Mask : 0x00000001  
ACL is: ->Ace[5]: ->SID: S-1-5-7 (Well Known Group: NT AUTHORITY\ANONYMOUS LOGON)  
  
ACL is: ->Ace[6]: ->AceType: ACCESS_ALLOWED_ACE_TYPE  
ACL is: ->Ace[6]: ->AceFlags: 0x0  
ACL is: ->Ace[6]: ->AceSize: 0x14  
ACL is: ->Ace[6]: ->Mask : 0x00000002  
ACL is: ->Ace[6]: ->SID: S-1-5-20 (Well Known Group: NT AUTHORITY\NETWORK SERVICE)  
  
ACL is: ->Ace[7]: ->AceType: ACCESS_ALLOWED_ACE_TYPE  
ACL is: ->Ace[7]: ->AceFlags: 0x0  
ACL is: ->Ace[7]: ->AceSize: 0x14  
ACL is: ->Ace[7]: ->Mask : 0x00000002  
ACL is: ->Ace[7]: ->SID: S-1-5-4 (Well Known Group: NT AUTHORITY\INTERACTIVE)  
  
ACL is: ->Ace[8]: ->AceType: ACCESS_ALLOWED_ACE_TYPE  
ACL is: ->Ace[8]: ->AceFlags: 0x0  
ACL is: ->Ace[8]: ->AceSize: 0x14  
ACL is: ->Ace[8]: ->Mask : 0x00000002  
ACL is: ->Ace[8]: ->SID: S-1-5-6 (Well Known Group: NT AUTHORITY\SERVICE)  
  
ACL is: ->Ace[9]: ->AceType: ACCESS_ALLOWED_ACE_TYPE  
ACL is: ->Ace[9]: ->AceFlags: 0x0  
ACL is: ->Ace[9]: ->AceSize: 0x14  
ACL is: ->Ace[9]: ->Mask : 0x00000002  
ACL is: ->Ace[9]: ->SID: S-1-5-3 (Well Known Group: NT AUTHORITY\BATCH)

In the case of a level 1 info request, the desired access is 1 - an access that is granted to "NT AUTHORITY\ANONYMOUS LOGON" among others.

This ACL is created by code inside the LanmanServer and is not directly accessible to any tool. There may however by policies that influence the content of the ACL. Under Windows 10, at least, one such policy is:

Can you check whether this policy exists in Windows 7 and, if it does exist, what its value is on B?

Gary

Randal Andress 1 Reputation point

2021-06-03T13:40:27.637+00:00

See attached Comment2.txt.
-Randal
Gary Nebbett 6,216 Reputation points

2021-06-03T14:19:06.393+00:00

Hello Randal,

Unfortunately your Comments2.txt attachment does not quite work - the full URL is just "comments2.txt" with no scheme, site, etc.

When you set the setting to "disabled" (the default setting) do things work?

Gary
Randal Andress 1 Reputation point

2021-06-03T15:52:21.823+00:00

102097-comment2.txt

I was awaiting on 1) verifying that on the "good" W7 computer ("C"), the value was "Disabled" and 2) your concurrence that I should make the change and see if it works...

Note my cry for help in the attached comment2.txt in getting mmc configured again :-)
-Randal
Gary Nebbett 6,216 Reputation points

2021-06-03T16:06:18.99+00:00

Hello Randal,

The link in your comments2.txt says:

Anonymous enumeration of shares is less of a risk, but it does obviously provide an attacker a list of folders to try to access if he or she succeeds in logging on to the computer.

There are a myriad of things that one could do to make a computer more secure, but in an environment where most accounts don't even have a password, this setting would be way down the list of useful things to do...

The snap-in to use is probably the "Group Policy Object Editor".

Gary
Randal Andress 1 Reputation point

2021-06-03T17:12:47.12+00:00

Gary,

IT WORKS!!!

After I restarted both computers (A and B):

=========
C:\Users\Randal>net view \v3500
Shared resources at \v3500

laptop

Share name Type Used as Comment

FEATool Disk
FSX Disk
rpa Disk
Users Disk

The command completed successfully.

Some awesome troubleshooting, my friend! ... peeling the onion one layer at a time... following the bad news from indication to source...

Turns out, W7 Home Premium does not have gpedit. Nor does it have the mmc snap-in Local Group Policy Editor. Getting it installed on 64-bit system is a bit of a hack that I shall put off until necessary.

BTW, I was not concerned about the security issue of Disabling the Policy. Since I'd never messed with them before and since I had you "on the line", I just thought I'd wait to see if that was definitely the next step.

:-) :-) :-)
Randal
Randal Andress 1 Reputation point

2021-06-03T17:23:39.39+00:00

Gary,

I want to do the "Accept Answer" thing. Do accept at the top of this thread or should you make another summary "answer" entry that I then accept?

As you must know, I am very grateful for your stepping in to debug this. It was really bothering me - much more than it should have - distracting me from things that are much more important.

-Randal
Gary Nebbett 6,216 Reputation points

2021-06-04T11:00:09.427+00:00

Hello Randal,

I am glad that we solved the problem. There is no need to do the "Accept Answer" thing - as you say, information is spread throughout our exchanges and, like you, I am a retired software engineer who just enjoys solving IT mysteries.

Gary
MotoX80 36,291 Reputation points

2021-06-04T12:46:14.017+00:00

I am a retired software engineer who just enjoys solving IT mysteries.

Same here. Do you think that we're just a little bit crazy for doing this?

-Dave
Gary Nebbett 6,216 Reputation points

2021-06-04T17:41:51.35+00:00

Hello Dave,

I think that it keeps us sane - there are not many other opportunities for me to unleash the full force of 40 plus years experience in an unfiltered way...

Gary
Randal Andress 1 Reputation point

2021-06-13T18:56:45.4+00:00

Dave & Gary,
Thanks again for sorting this out. I had asked the same question over on the superuser StackExchange group. I posted the solution you found.

https://superuser.com/questions/1651152/network-shares-do-appear-beneath-computer-icon-in-network-view/1656415#1656415

Keep it up. There are many out there like me who know there is an answer and are familiar with the troubleshooting process but are not familiar with the tools and under-the-hood Windows, not to mention the instincts, that your experience brings. I look forward to my next head-scratcher for you to solve :-)
-Randal

Share via

Cannot browse Windows 7 admin disk volume shares from Windows 10

4 answers

The command completed successfully.

Your answer