0

I am trying to UNC Path to the C drive of a hyper-v based VM that is running Windows Server 2008 R2 standard.

I can RDP into the system just fine using the machine name.

When I enter the UNC path: \\machinename\c$ I am prompted for credentials.

The server is not a part of the domain so I enter the login as such machinename\Admin and enter the password. The authentication fails.

When I go to event viewer and look at the security logs I see many failed authentication attempts with my username from my domain. Why would this occur? Why would it submit my domain credentials despite the fact that I logged in with an entirely different username and password?

I have never tried to log into this machine using my domain credentials.

Edit: Worth noting that I can UNC into a shared directory on this system, just not the C drive.

Shrout1
  • 343
  • 2
  • 6
  • 18

1 Answers1

2

The reason you see your domain credentials is that your own machine is trying to give you what is commonly referred to as a Single Sign-On experience.

When you access a UNC path without any dots in the hostname, Windows assumes you're trying to access an Intranet location, and treats it like a part of the "Intranet Zone" security scope in Internet Explorer.

The default behavior in Windows is to use the current default network credentials of the given security context and try to authenticate using those before giving you the opportunity to fill in a different set of credentials. This is not restricted to SMB/share access, but for websites using Kerberos or NTLM authentication schemes as well.

To avoid this behavior, either:

  • use the fqdn: \\machine.fqdn.tld\c$
  • use the IP adress: \\192.168.10.34\c$ unnamed Admin Shares does not seem to be accessible remotely
  • Disable Intranet location detection:
    • Open IE on your own machine
    • Press Alt and select Tools -> Internet Options -> Security
    • Mark the "Intranet" icon
    • Click "Sites"
    • Uncheck "Automatically detect intranet network"
    • Make sure "Include all network paths (UNCs)" is unchecked as well

Then you'll be presented with a credential prompt before Windows tries to authenticate you automatically. Make sure "File and Printer sharing" is enabled, SMB access is allowed in Windows Firewall (be sure to check that the rule is applied to the correct Profile)

Mathias R. Jessen
  • 24,907
  • 4
  • 62
  • 95