Best IT Recipes

Vista UAC - Network Drives

We have an application that displays network drives programmatically. In Vista with UAC, we get some weird issues.

Our application maps the disk without being raised, therefore, if the user views the explorer and double-clicks to launch exe, it asks for UAC. So when they approve of it, it asks for the username / password for the share ... Strange, since the credentials are saved.

It turns out that a process with an elevated level cannot access the mapped drive that was mapped from an unextended process.

To see this problem in action, follow these steps:

  • Run cmd.exe without UAC
  • Run "net use w: \ yourHostname \ yourShare / user: yourUser yourPassword / persistent: yes"
  • Run cmd.exe as administrator
  • Type "w:" and see the error message

At this point, you can start the usual "network usage" and see that the connection on the elevated cmd is not available, but another failed cmd sees it as OK.

Does anyone know a workaround to fix this problem? or perhaps a way to map a network drive to All Users?

+8
windows windows-vista uac file-sharing net-use
Aug 12 '09 at 15:52
source share
2 answers

Check out this link: Regedit Link

They describe a registry key that allows elevated users to access mapped drives and vice versa. This solves all my problems and exactly what I was looking for.

EDIT:

The original link is dead, but here the text is copied from a snapshot on January 24, 2009 at www.archive.org :



If you find that you do not have access to mapped drives from an administrator token, try the following. When working as a secure administrator, you have two tokens, and this key will support the connection for both labels (this is the same). It can also help troubleshoot login scripts.

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ System EnableLinkedConnections = (dword) 1

It also uses the "Group Policy Scenarios that may not work due to user account control" in this document.

http://technet2.microsoft.com/WindowsVista/en/library/5ae8da2a-878e-48db-a3c1-4be6ac7cf7631033.mspx?mfr=true

I will be posting more information about this soon.

+2
Aug 13 '09 at 13:40
source share

This is by design.

Despite the fact that the user account is the same, with an increased version having a token with membership in the administrator group and additional privileges, tokens are created independently and, therefore, have different LUIDs and are displayed by the kernel for different users, since they are associated with different inputs, mapped disks are not shared between them.

http://blogs.msdn.com/cjacks/archive/2007/02/19/mapped-network-drives-with-uac-on-windows-vista.aspx discusses this in more detail.

+2
Aug 12 '09 at 16:30
source share


More articles:


All Articles