MS went to great lengths specifically to increase the security of the system by preventing non-admin access to root folders - it was never going to be a simple job to effectively remove that protection
As it is, you do appear to have a workaround.
My Computer
At a glance
Win 7 x64 Home Premium (and x86 VirtualBox VM...i3 370M/i7 6500U8GB - finally :)/8GBit's an i3, dude!/dual Intel&nVidia
Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
~~~~
-I have notepad set to "Run as Administrator" on both windows 7 machines
-I can write to the root C: such as copying over a .exe file or something like that. The issue is editing a text file only.
I can edit a text file on the root C drive on a windows xp machine but not any windows 7 machines across network. I am guessing i must of missed some windows 7 permissions policy some where to enable this. Now i can edit a file on windows 7 machines if it's not on the root of the drive say C:\testfolder\testfile.txt
You probably need to figure out how to set things back to their default values. The only thing that you have to change from default is to create/set LocalAccountTokenFilterPolicy to 1 (as you eventually did).
I know that you have already done some of these steps - so just check them instead of redoing them.
Computer A = local
Computer B = remote
Disconnect any mapped drive letters that you might have between computers.
Open Credential Manager on both computer A and computer B.
On computer A, remove any reference that you see to computer B.
On computer B, remove any reference that you see to computer A.
Set LocalAccountTokenFilterPolicy to 1 on computer B.
Restart both computers see if this works:
While sitting at computer A
Map a drive letter to \\computer B\C$
(Or use a UNC type of connection.)
When asked for credentials, enter any admin account info that resides on computer B. computer B\username password
You should now be able to do whatever you want to a file on computer B; even if the file of interest is in the system root of computer B.
When computer A uses a connection to the admin share on computer B that type of connection acts like an elevated process. Computer B uses its own unelevated explorer.exe to allow the remote connection to SILENTLY create/edit/rename/delete/infect files in areas that normally require an elevated process to access. (Scary huh? A malware writer's dream connection.)
Files can be created locally on computer A then moved to computer B's root.
Files can be created directly in computer B's root via an unelevated process like computer A's explorer.
(via right-click > New > Text Document)
Files can be created directly in computer B's root via computer A's unelevated notepad.
(via File > Save as > navigate to computer B's root)
So, unelevated malware can do stuff to Computer B that is cannot do to computer A. But if computer B has an admin share connection to computer A, then it can use computer B to further infect computer A.
As you found out, you need an elevated process on computer B to edit a file that was created by computer A and placed directly into computer B's root. That is perfectly normal and desired. The same is true for a local file that is created in the root by an elevated process.
