WakeOnLANx authentication in domain and non-domain (workgroup) environments:
If you are experiencing any problems with authentication or access denied, please see below:
Using Integrated Security with a Domain Account:
1. The domain account that you use to launch WakeOnLANx must be a member of the local administrators group on the target computer.
Using Integrated Security with a Local Account:
1. The local account that you use to launch WakeOnLANx must also exist on the target computers, defined with the exact same username and password that is defined on the computer running WakeOnLANx.
2. If the local account you are using to run WakeOnLANx is THE built-in administrator account on the target computers, the following registry DWORD must be set to 0 on the target computers. When this DWORD is set to 0, the built-in administrator account is set to full-token mode, and WakeOnLANx will work properly. However, if it’s set to 1, the built-in administrator account is put in admin-approval mode, which will prevent most WakeOnLANx actions from completing successfully for those target computers:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\FilterAdministratorToken
(Only required for Vista/7/8/10/2008/2008R2/2012/2012R2/2016/2019 targets. NOT required for XP/2003 targets)
3. If the local account you are using to run WakeOnLANx is not THE built-in administrator account on the target computers, but instead is just a regular named local account that is a member of the local administrators group on the target computers, then the following registry DWORD must be set to 1 on the target computers:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy
(Only required for Vista/7/8/10/2008/2008R2/2012/2012R2/2016/2019 targets. NOT required for XP/2003 targets)
Using Alternate Credentials with a Domain Account:
1. The account that you specify must be a member of the local administrators group on the target computers.
Using Alternate Credentials with a Local Account:
1. The account that you specify must be a member of the local administrators group on the target computers.
2. If the local account that you specify is THE built-in administrator account on the target computers, the following registry DWORD must be set to 0 on the target computers. When this DWORD is set to 0, the built-in administrator account is set to full-token mode, and WakeOnLANx will work properly. However, if it’s set to 1, the built-in administrator account is put in admin-approval mode, which will prevent most WakeOnLANx actions from completing successfully for those target computers:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\FilterAdministratorToken
(only required for Vista/7/2008/2008R2/2012)
3. If the local account that you specify is is not THE built-in administrator account on the target computers, but instead is just a regular named local account that is a member of the local administrators group on the target computers, then the following registry DWORD must be set to 1 on the target computers:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy
(only required for Vista/7/2008/2008R2/2012)