Symptoms

When attempting to connect to the local service on a machine that is a member of a WORKGROUP the connection fails with the following error, even though the user is a member of the Administrators group.


You do not have permissions to access the local service.

Cause

This can be caused by the User Access Control (UAC) settings on the WORKGROUP machine which removes Administrator privileges from remote user accounts by default.

Resolution

There are two options to resolve this issue.


  • Enable diagnostics logging on the machine running the local service to confirm the account name that is being evaluated - for example
    Access denied for user 'CORP-SRV01\adminaccount'.

    Explicitly add the user account to the access list setting in the Group Policy settings.

    - or -


  • Change the following registry key

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
    LocalAccountTokenFilterPolicy = 1

    WARNING: This change affects the security level.



More Information

For more information see the Access is denied scanning WORKGROUP machines article.