1. Introduction

While Linux is a full-featured operating system (OS), network integration with other systems like Microsoft Windows is a common scenario for data exchange, development, or even administration.

In this tutorial, we’ll explore how to access Microsoft Windows administrative shares from a Linux system. First, we dive into the feature in general. Next, we discuss ways to access administrative shares in Linux. Finally, we describe some common pitfalls when doing so.

We tested the code in this tutorial on Debian 11 (Bullseye) with GNU Bash 5.1.4. It should work in most POSIX-compliant environments unless otherwise specified.

2. Microsoft Windows Administrative Shares (Admin Shares)

Microsoft Windows provides full remote access to system data for authorized users via so-called administrative shares. In essence, the feature exposes special shares with specific functions:

  • C$ – system partition access, roughly related to rootfs in Linux
  • D$Z$ – secondary drive access, roughly related to /mnt in Linux
  • IPC$ – responsible for inter-process communication with named pipes
  • Admin$%SYSTEMROOT% access, roughly related to the combination of the /etc, /lib, and /sbin directories in Linux
  • Printer$ – access to shared printers
  • FAX$ – access to shared FAX

Just like mapped drives, the shares, named with drive or partition letters followed by a $ dollar sign, provide full data, system, and configuration access to authorized users.

Of course, security is important, so administrative shares use the Common Internet FileSystem (CIFS) protocol. Its implementation in Linux is Samba, from Server Message Block (SMB), their common base.

Although the protocol is mainly for file exchange, among other options, we can leverage administrative shares to enable remote access protocols:

So, let’s see how we can access Microsoft Windows Administrative Shares from a Linux machine.

3. Access Administrative Shares in Linux

Since admin shares use CIFS in Windows, we can employ an SMB implementation under Linux to access them.

Importantly, administrative shares cannot be accessed anonymously, so a username and password are always necessary.

3.1. Desktop Environment

Depending on our graphical user interface (GUI), we might be able to access administrative shares directly with a desktop environment application:

If entering the Universal Resource Identifier (URI), we can specify colon-separated credentials after it and before the hostname or IP address:

smb://Administrator:PASSWORD@WindowsServer

If we don’t supply them, the GUI should present a prompt. In most interfaces, we need the smb:// protocol prefix.

3.2. mount

To access administrative shares from the command line interface (CLI), we can use the mount command after installing cifs-utils via a package manager like apt:

$ apt-get -y install cifs-utils
[...]
$ mkdir /mnt/admin_C
$ mount -t cifs //WindowsServer/C$ /mnt/admin_C

In fact, the last command is what commonly gets run at the back-end of GUI operations with SMB but usually with another directory as the mount point. Furthermore, we can change the owner of the resulting mount.

3.3. smbclient

Another CLI way to access administrative shares is the smbclient tool.

First, let’s install smbclient via apt:

$ apt install smbclient

Now, we can supply the path we want to access along with the default Administrator [-U]sername:

$ smbclient //WindowsServer/C$ -U Administrator
Enter WORKGROUP\administrator's password:
Try "help" to get a list of possible commands.
smb: \> 

After entering the correct password, we see an smb: \> prompt, where we can enter a command such as help:

$ smb: \> help
?              allinfo        altname        archive        backup
blocksize      cancel         case_sensitive cd             chmod
chown          close          del            deltree        dir
du             echo           exit           get            getfacl
geteas         hardlink       help           history        iosize
lcd            link           lock           lowercase      ls
l              mask           md             mget           mkdir
more           mput           newer          notify         open
posix          posix_encrypt  posix_open     posix_mkdir    posix_rmdir
posix_unlink   posix_whoami   print          prompt         put
pwd            q              queue          quit           readlink
rd             recurse        reget          rename         reput
rm             rmdir          showacls       setea          setmode
scopy          stat           symlink        tar            tarmode
timeout        translate      unlock         volume         vuid
wdel           logon          listconnect    showconnect    tcon
tdis           tid            utimes         logoff         ..
!

While this interface provides more limited control compared to a mount, it’s usually a convenient way to quickly browse an administrative share.

4. Potential Issues

Of course, no technology is flawless, and the CIFS-Samba combination is no exception. In addition to the many standard problems with Samba, some pitfalls pop up more often with administrative shares in particular.

4.1. Configuration

Although a regular occurrence in general, administrative shares are especially prone to misconfiguration since there are requirements to enable them in Windows:

  • File and Printer Sharing should be enabled
  • the correct firewall rules are set
  • registry corrections to the protocol version or access control are sometimes needed

Still, home editions of Microsoft Windows don’t support administrative shares. Regardless of our setup, access to a non-existent share isn’t possible.

4.2. Mismatched Protocol Versions

SMB has many versions:

  • vers=3.1 is SMB3_11 (Windows 11, Windows Server 2022, Windows 10, Windows Server 2016)
  • vers=3.0 is SMB3 (Windows 8, Windows Server 2012)
  • vers=2.1 is SMB2_10 (Windows 7, Windows Server 2008 R2)
  • vers=2.0 is SMB2_02 (Vista SP1, Windows Server 2008)
  • vers=1.0 is NT1 (Windows 95, NT 4.0)

If Samba doesn’t match CIFS in terms of their default SMB version, the connection can fail. Negotiating the version is part of the setup, but it might not always be successful due to external limitations like configuration or OS version.

5. Summary

In this article, we discussed browsing Microsoft Windows administrative shares from Linux.

In conclusion, although Linux provides the necessary facilities to access an admin share, we need a proper configuration on both sides.