Access and Authentication

RemoteRebootX authentication in domain and non-domain (workgroup) environments:

If you are experiencing any problems with authentication or access denied, please see below:



Using Integrated Security with a Domain Account:
1. The domain account that you use to launch RemoteRebootX must be a member of the local administrators group on the target computer.



Using Integrated Security with a Local Account:
1. The local account that you use to launch RemoteRebootX must also exist on the target computers, defined with the exact same username and password that is defined on the computer running RemoteRebootX.

2. If the local account you are using to run RemoteRebootX is THE built-in administrator account on the target computers, the following registry DWORD must be set to 0 on the target computers. When this DWORD is set to 0, the built-in administrator account is set to full-token mode, and RemoteRebootX will work properly. However, if it’s set to 1, the built-in administrator account is put in admin-approval mode, which will prevent most RemoteRebootX actions from completing successfully for those target computers:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\FilterAdministratorToken
(Only required for Vista/7/8/10/2008/2008R2/2012/2012R2/2016/2019 targets. NOT required for XP/2003 targets)

3. If the local account you are using to run RemoteRebootX is not THE built-in administrator account on the target computers, but instead is just a regular named local account that is a member of the local administrators group on the target computers, then the following registry DWORD must be set to 1 on the target computers:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy
(Only required for Vista/7/8/10/2008/2008R2/2012/2012R2/2016/2019 targets. NOT required for XP/2003 targets)



Using Alternate Credentials with a Domain Account:
1. The account that you specify must be a member of the local administrators group on the target computers.



Using Alternate Credentials with a Local Account:
1. The account that you specify must be a member of the local administrators group on the target computers.

2. If the local account that you specify is THE built-in administrator account on the target computers, the following registry DWORD must be set to 0 on the target computers. When this DWORD is set to 0, the built-in administrator account is set to full-token mode, and RemoteRebootX will work properly. However, if it’s set to 1, the built-in administrator account is put in admin-approval mode, which will prevent most RemoteRebootX actions from completing successfully for those target computers:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\FilterAdministratorToken
(only required for Vista/7/2008/2008R2/2012)

3. If the local account that you specify is is not THE built-in administrator account on the target computers, but instead is just a regular named local account that is a member of the local administrators group on the target computers, then the following registry DWORD must be set to 1 on the target computers:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy
(only required for Vista/7/2008/2008R2/2012)