How to connect a remote Windows 7/Vista/XP computer with NirSoft utilities

Some of NirSoft utilities like ServiWin, ProduKey, USBDeview, MyEventViewer, RegScannerNirCmd, and DevManView (a new device manager utility that will be released soon) allows you to connect a remote computer on your network and get the same result as you use it in the local computer.  In order to use this remote computer feature, you must have full administrator access to the remote computer.

Even if you have the admin user name and password of the remote machine that you wish to connect, you still have to configure it properly in order to get full  administrator access.
If you have a network with a domain controller, and you are the administrator of this domain, your life is a little easier, because some of configuration changes required to get admin access remotely are made by Windows automatically when the computer joins the domain.

Here’s a list of security configuration changes that you have to do in the remote machine, in order to get the administrator access remotely:

1.  Configure your Firewall. Depending on  the firewall that you use on the remote computer, you may need to change the firewall configuration in order to be able to connect the computer.
If you use the Windows firewall,you should go to ‘Allow Programs’/Exceptions section and verify that the ‘File And Printer Sharing’ option is checked.’

Enable 'File And Printer Sharing' in Windows Firewall

Enable 'File And Printer Sharing' in Windows Firewall

If you have another Firewall that filter the traffic by port numbers, you should configure it to accept incoming TCP/UDP packets with ports 135-139.
Warning: On your router that connect you to the Internet, you must verify that it’s not configure to forward ports 135-139 from the Internet into your machine. If the router is configured this way, your computer is in high risk of being penetrated by hackers and Trojans.

2. Change network security and sharing mode to classic:  On Windows XP, the default network sharing mode is ‘Guest Only’, which means that even if you log-on remotely as admin user, you’ll only get the access rights of regular user. In order to change this mode, go to the ‘Local Security Settings’ in Administrative Tools of Control Panel, and under Local Policies->Security Options, find the option of ‘Network and security model for local accounts’ and change it to classic mode.

Sharing and security model

Sharing and security model

Alternatively, you can change the following Registry value to get the same effect:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“forceguest”=dword:00000000

3.  Turn off the Remote User Account Control in Windows Vista and Windows 7:
By default, the User Account Control component of Windows 7/Vista doesn’t allow to get administrator access on a remote machine. In order to turn off this restriction, you should set the following Registry value:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
“LocalAccountTokenFilterPolicy”=dword:00000001

For more information about this Registry value, read here.

4. Starting the ‘Remote Registry’ service. Some of NirSoft utilities, like ProduKey and USBDeview, get the data from the remote machine by reading it from the Registry database.  On Windows 7/Vista, the ‘Remote Registry’ service is not started automatically by default,  so you have to start it in order allow these utilities to work on the remote machine.
You can start this service by using the Services module in Administrative Tools of Windows or by using the ServiWin utility of NirSoft.

Remote Registry Service

Remote Registry Service

5. Connecting the remote machine. After making the above changes, you should be able to connect the remote machine and get full admin rights.
You can connect the remote machine by typing a path of admin share in the ‘Run’ text-box of Windows, for example:
\\192.168.0.11\c$
\\192.168.0.12\admin$
\\MyComp01\admin$

After a few seconds, Windows will ask you to type the user name and password for connecting the remote machine.

Connect the admin share of remote computer

Connect the admin share of remote computer

You can also connect the machine by using the ‘Net Use’ command, for example:
net use \\192.168.0.15 “MyPassword” /user:”MyPC\admin”

After connecting the remote machine, you’ll also be able to connect it with all NirSoft utilities that have the remote computer feature.

13 Comments

  1. pd says:

    WhatInStartup has an excellent facility built into the Advanced Options dialog for changing the instance that it is looking at. Currently I’m trying to debug a BSOD machine by running Bart PE over the top and some of your excellent utilities. So rather than a remote machine, I needed to change the instance of the program to get it focusing on the underlying system, not the Bart PE live system. This was a brilliant feature. I was super pleased to find it.

    Unfortunately the same facility appears available but only via command line, for only some of your utilities.

    If you could find the time to add the same “Advanced Options” GUI for setting the instance or remote machine your utilities are targeting, that would be awesome.

  2. Tim says:

    Crap, I think I did it wrong…

  3. Michael says:

    Nitpick: With “net use”, it is better to use the option that prompts you for your password, rather than putting it on the command line.

  4. alagrb says:

    WhatInStartup has an excellent facility built into the Advanced Options dialog for changing the instance that it is looking at. Currently I’m trying to debug a BSOD machine by running Bart PE over the top and some of your excellent utilities. So rather than a remote machine, I needed to change the instance of the program to get it focusing on the underlying system, not the Bart PE live system. This was a brilliant feature. I was super pleased to find it.

    Unfortunately the same facility appears available but only via command line, for only some of your utilities.

    If you could find the time to add the same “Advanced Options” GUI for setting the instance or remote machine your utilities are targeting, that would be awesome.

  5. Harold B. Touchstone says:

    Here is another way to set the “Network access: Sharing and security model for local accounts” setting to Classic in step 2 above without using the Local Security Settings (secpol.msc) or editing the Registry.

    * Click the Start menu and then select “Control Panel -> Folder Options”.

    * Select the View tab in Folder Options and scroll to the bottom of the “Advanced settings:” list.

    * Uncheck the “Use Simple File Sharing (Recommended)” check box.

    Harold

  6. Nick says:

    I’m able to connect to the admin share (C$) on remote, domain joined Windows 7 computers but I still can’t get ProduKey to find any product keys. ProduKey run locally works fine. I’ve made sure that I’ve completed all 5 steps above. Any other suggestions on getting this to work on remote Windows 7 systems?

  7. Marc says:

    I’m having difficulty getting ServiWin to work on Windows 7 64 Ultimate. Is there some sort of trick I would need? I just don’t know what to do exactly.

  8. Mr. Cmd says:

    Better use ipc-connection to get the authorisation done.

    net use \\servername\ipc$ * /user:servername\adminaccount

    then every communication between the pc’s are done with the adminaccount-credentials.
    no need for any admin$ share….

    thats the way we deploy software on dozens of PCs, editing the registry remotely, changing services with “sc” remotely etc. etc.

  9. bart says:

    it is not so easy

  10. Mark says:

    Is there any way within the product to disable all remote functionality rather than relying on standard Microsoft restructions and firewalls? I don’t need this funtionality and am a bit worried about security. Thanks

  11. David says:

    Using Produkey on Windows 7 to try to get product key for remote Windows 10. I’ve opened firewall and started remote registry service on windows 10. Getting ‘Access is denied. Error 5″. Works fine when remote system is Windows 7. Works fine when local system is Windows 10 and remote system is Windows 7. Windows 10 local–> Windows 10 remote doesn’t work either. Admin user is connect to remote and has full access to all files on Windows 10 remote.

  12. Tony4219 says:

    Rant = ON
    Problems doing things on remotely on machines that run Win10.

    I finally was able to get remote Shutdown, sharing files, etc to work in Win10. Besides all the remote registry settings (see tenforums.com) that you have to do AT EACH REMOTE MACHINE in person, be aware that every time that MSFT decides to do an update of Win10, most of those settings will have to be rechecked, and likely, manually reset AGAIN.

    I think MSFT wants all Win10 Home users to upgrade to Enterprise and learn to be domain administrators!

    Rant = OFF

  13. Robert says:

    I am an admin on my domain. USBDeview keeps returning “Error 53: The network path was not found” when viewing a remote computer. What’s going on here and how to I correct it?

Leave a Reply