In this tutorial, we’ll explore how to access Microsoft Windows administrative shares from a Linux system. First, we dive into the feature in general. Next, we discuss ways to access administrative shares in Linux. Finally, we describe some common pitfalls when doing so.
2. Microsoft Windows Administrative Shares (Admin Shares)
Microsoft Windows provides full remote access to system data for authorized users via so-called administrative shares. In essence, the feature exposes special shares with specific functions:
- C$ – system partition access, roughly related to rootfs in Linux
- D$–Z$ – secondary drive access, roughly related to /mnt in Linux
- IPC$ – responsible for inter-process communication with named pipes
- Admin$ – %SYSTEMROOT% access, roughly related to the combination of the /etc, /lib, and /sbin directories in Linux
- Printer$ – access to shared printers
- FAX$ – access to shared FAX
Of course, security is important, so administrative shares use the Common Internet FileSystem (CIFS) protocol. Its implementation in Linux is Samba, from Server Message Block (SMB), their common base.
Although the protocol is mainly for file exchange, among other options, we can leverage administrative shares to enable remote access protocols:
So, let’s see how we can access Microsoft Windows Administrative Shares from a Linux machine.
3. Access Administrative Shares in Linux
Since admin shares use CIFS in Windows, we can employ an SMB implementation under Linux to access them.
Importantly, administrative shares cannot be accessed anonymously, so a username and password are always necessary.
3.1. Desktop Environment
Depending on our graphical user interface (GUI), we might be able to access administrative shares directly with a desktop environment application:
If we don’t supply them, the GUI should present a prompt. In most interfaces, we need the smb:// protocol prefix.
To access administrative shares from the command line interface (CLI), we can use the mount command after installing cifs-utils via a package manager like apt:
$ apt-get -y install cifs-utils [...] $ mkdir /mnt/admin_C $ mount -t cifs //WindowsServer/C$ /mnt/admin_C
In fact, the last command is what commonly gets run at the back-end of GUI operations with SMB but usually with another directory as the mount point. Furthermore, we can change the owner of the resulting mount.
Another CLI way to access administrative shares is the smbclient tool.
First, let’s install smbclient via apt:
$ apt install smbclient
Now, we can supply the path we want to access along with the default Administrator [-U]sername:
$ smbclient //WindowsServer/C$ -U Administrator Enter WORKGROUP\administrator's password: Try "help" to get a list of possible commands. smb: \>
After entering the correct password, we see an smb: \> prompt, where we can enter a command such as help:
$ smb: \> help ? allinfo altname archive backup blocksize cancel case_sensitive cd chmod chown close del deltree dir du echo exit get getfacl geteas hardlink help history iosize lcd link lock lowercase ls l mask md mget mkdir more mput newer notify open posix posix_encrypt posix_open posix_mkdir posix_rmdir posix_unlink posix_whoami print prompt put pwd q queue quit readlink rd recurse reget rename reput rm rmdir showacls setea setmode scopy stat symlink tar tarmode timeout translate unlock volume vuid wdel logon listconnect showconnect tcon tdis tid utimes logoff .. !
While this interface provides more limited control compared to a mount, it’s usually a convenient way to quickly browse an administrative share.
4. Potential Issues
Of course, no technology is flawless, and the CIFS-Samba combination is no exception. In addition to the many standard problems with Samba, some pitfalls pop up more often with administrative shares in particular.
Although a regular occurrence in general, administrative shares are especially prone to misconfiguration since there are requirements to enable them in Windows:
- File and Printer Sharing should be enabled
- the correct firewall rules are set
- registry corrections to the protocol version or access control are sometimes needed
Still, home editions of Microsoft Windows don’t support administrative shares. Regardless of our setup, access to a non-existent share isn’t possible.
4.2. Mismatched Protocol Versions
SMB has many versions:
- vers=3.1 is SMB3_11 (Windows 11, Windows Server 2022, Windows 10, Windows Server 2016)
- vers=3.0 is SMB3 (Windows 8, Windows Server 2012)
- vers=2.1 is SMB2_10 (Windows 7, Windows Server 2008 R2)
- vers=2.0 is SMB2_02 (Vista SP1, Windows Server 2008)
- vers=1.0 is NT1 (Windows 95, NT 4.0)
If Samba doesn’t match CIFS in terms of their default SMB version, the connection can fail. Negotiating the version is part of the setup, but it might not always be successful due to external limitations like configuration or OS version.
In this article, we discussed browsing Microsoft Windows administrative shares from Linux.
In conclusion, although Linux provides the necessary facilities to access an admin share, we need a proper configuration on both sides.