How to enable hidden administrative shares on XP Home edition.

Xp PRO allow you to connect to hidden adminstrative shares across the network for remote administration. XP HOME does not.
This page will describe how to configure XP Home edition to enable the adminstrative shares and allow you to connect to them across the network.


Warning: The methods used here are not secure, they are by no means “best practices” these are work-arounds that may compromise the security of the machine and your network. You could damage your computer, lose data, and mess things up beyond all recognition. It’s possible that this violates your EULA of XP home. I will not be responsible for your actions or results. Use at your own risk, or just see how it’s done for educational purposes.

1) Modify the registy to enable hidden administrator shares.
Hide guest account from welcome screen. Reboot for changes to take effect.

Open the registry editor. Start > Run > regedit

This will enable the hidden administrative shares Admin$ and C$ that are used for remote access.

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
\lanmanserver\parameters] “AutoShareWks”=dword:00000001

This next registry change will hide the Guest account from the Welcome screen. We are going to be forced to use the guest account to access the hidden administrative shares we just created, so we’re going to hide it from the welcome screen so we are not broadcasting to all users that the Guest account is active.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
\SpecialAccounts\UserList] “Guest”=dword:00000000

Reboot the computer for changes to take effect.

When it reboots, at a command prompt, type: net share

Now admin$, C$, and IPC$ should be visible. Just like in XP Pro editions.

2) Add the guest account to the administrators group, add a complex password for guest and enable the account.

When you try to access an XP Home machine over the network, you are forced to use the guest account. This means when you try to connect to those hidden shares on the XP Home machine from another computer on the network, you are presented with a login dialog box that has the username greyed out with the name “computer\guest” in it. You can’t change it.

I have seen the registry changes “[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“forceguest”=dword:00000000″ and the local security policy setting “Network access: Force network logons using local accounts to authenticate as Guest” that are supposed to remedy the problem. However in the first case, forceguest=dword:0000000 disables simple file sharing, and does not change how the login box forces the guest as the user. In the second case, that local security policy simply does not exist, or at least myself and many others cannot find it, search though we may.

At a command prompt run these commands.

net localgroup Administrators Guest /add
net user Guest 99secretpassword44 /active:yes

The first line adds the Guest account to the local Administrators group
The second line gives the Guest user the password of “99secretpassword44 and sets the guest account active.

later, if you want to remove the guest account from the administrators group:
net localgroup Administrators Guest /DELETE

if you want to change the password:
net user Guest newharderpassword

3)Enable file sharing on the XP home machine by sharing a folder on the desktop, and choose “just enable file sharing” You can delete the folder afterwards.

4) Make sure your firewall allows File and Printer sharing, or disable the firewall.

5) This last part requires that we copy the Group Policy Editor from XP Pro and add it to XP home. We will make a simple change in local policy that will ensure our ability to connect across the network using the guest account and password.

Copy the following files to C:\windows\system32

appmgmts.dll
appmgr.dll
fde.dll
fdeploy.dll
gpedit.dll
gpedit.msc
gptext.dll
wsecedit.dl

Copy the following files to C:\Windows\Sytem32\GroupPolicy\Adm
(create the subfolders as necessary)

conf.adm
inetres.adm
system.adm

Now go to Start->Run and type: cmd (click OK)
Type the following lines, hit enter after each line. If you do not receive errors it is OK.
regsvr32 gpedit.dll
regsvr32 fde.dll
regsvr32 gptext.dll
regsvr32 appmgr.dll
regsvr32 fdeploy.dll
regsvr32 wsecedit.dll

Go to start > run . Type gpedit.msc.
In the Group Policy editor, expand Computer Configuration, expand Windows Settings, expand Security settings, expand Local Policies, click User Rights Assignments. Double click Deny Logon Locally. Remove Guest. This little change is the difference between being able to connect remotely and NOT being able to connect.

Close the Group Policy Editor. Let’s restart the computer and then connect to it from another computer on the network.

6) Time to connect to the XP Home remotely

With a different computer try to connect to the admin shares on the XPHOME computer. In explorer type: \\XPhomecomputername\c$

At the logon dialog box enter the guest account password. If all went well you should be able to access the folders and files in the c$ share.

8) Final notes:
You can find the necessary .dll files in the C:\Windows directory of an XP Pro computer. Just copy them over the XP Home machine. You can download the .adm files directly from Microsoft. Just google for “Group Policy ADM Files” . There are also sites that have more information and files for download for the Group Policy editor. Google for “group policy editor for xp home”.