Fix Elevated applications not having access to mapped drives

Fix Elevated applications not having access to mapped drives

One of the side effects of UAC is the inability to access the mapped (over net use) network drives from the applications running in privileged mode (Run As Administrator). This means that when you run the command prompt or an application (like SpecWin) with elevated privileges, they won’t display the disk letters of the mounted network shares.

A quick way to show what this looks like. Open command prompt, as a regular user, not an administrator and run/enter:

net use

Your screen should look something like this:

clip_image002

And if you change directories and looked at what’s there, it would look something like this

clip_image004

If you run the command prompt ‘As Administrator’ the prompt will look something like this:

clip_image006

If you try and change drives you will get something like this:

clip_image008

This behavior of the system can lead to some inconveniences when trying to run apps elevated often.

Why does it happen? This peculiarity is connected with UAC mechanism for a user with the local administrator privileges. The matter is that when this user signs in, two access tokens are created: the first token provides access without the administrator privileges (the filtered access token, with which most apps are run) and the second is the administrator token with full privileges in the system (all apps approved elevated in UAC are run using it).

When connecting shared network folders, they are associated with the current session for the current process access token and are not available with another token.

There is a solution. To implement it, you have to make some changes to the registry:

Open the registry editor (regedit.exe)

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Create a new parameter (DWORD type) with the name EnableLinkedConnections and the value 1

clip_image010

Restart your computer

After the computer has been restarted, make sure that you have access to the network drives from the apps run with the administrator privileges.

How it works. After you enable EnableLinkedConnections parameter of the registry, LanmanWorkstation and LSA will check if there is the second access token associated to the session of the current user. If this token is found, the list of the mounted network drives will be copied from one token to another. Thus, the network drives mounted elevated will be seen in the standard mode, and vice versa.

Ref:

https://support.microsoft.com/en-us/help/3035277/mapped-drives-are-not-available-from-an-elevated-prompt-when-uac-is-configured-to-prompt-for-credentials-in-windows

https://technet.microsoft.com/en-us/library/ee844140(v=ws.10).aspx

https://social.technet.microsoft.com/Forums/en-US/49e551df-8e18-45fa-b4bf-923b5a317337/windows-8-issue-with-drive-mapping-and-uac-enabled-enablelinkedconnections?forum=w81previtpro

Creating Customized Windows 10/8.1 Media (ISO, WIM, Flash Drive)

Creating Customized Windows 10/8.1 Media (ISO, WIM, Flash Drive)

In the Enterprise environment Windows Operation Systems are usually created, captured and deployed via MS SCCM, WDS or other imaging deployment technology. This allows for an Operating System to be deployed that is updated to the latest version(s) and standards of the organization along with any other software (Office suites, AV etc.) or configurations required by that organization. These system images can be ‘pushed’ out to machines, ‘pulled’ across the network via network (PXE) boot, or be placed on portable media to be installed by technicians (usually USB drives).

I also personally install a lot of Operating systems for my SMB clients, friends and family. This requires me to have install media that is as up to date (patch wise) as possible so that I do not have to spend hours, or often days, downloading security updates and patches just to install a system and get it safe.

I used to have a full server farm (including SCCM) on my home server/workstation so creating custom images (.wim) was not too much work. However, that machine physically gave up the ghost a while ago. So for personal images I decided to create a custom image on my laptop using Microsoft Hyper-V (available on Windows 8.1 and Windows 10).

Below is how I created my latest Windows 10 fully patched image. After following these steps you will have a UEFI capable ISO and the ability to produce a UEFI bootable flash drive.

So here we go…

You will need a Microsoft Windows 10 (or 8.1) installation ISO. If you don’t have your Windows 10/8.1 installation media available or someone else’s (just iso not license key needed) it is possible to find the .iso files via a good search.

[Note: you will need a valid installation key once you install your image to a machine to activate it. Or use a KMS server/volume license.]

Download and install the Microsoft Deployment Toolkit here.

image

image

image

Download and install Windows 10 (1607) or Windows 8.1 ADK with these options; you can get them here.

image

Next let’s enable and configure the Microsoft Hyper-V Platform on your workstation.

You can go to the Control Panel and click on Program and Features or hold the Windows key + X and select Programs and Features at the top.

Select Turn Windows features on or off.

image

Select Hyper-V and click OK. When prompted, click Restart now.

image

Once rebooted, open the Start Screen and type "Hyper" > Open Hyper-V Manager.

image

Select your host (computer name) on the left and then click Virtual Switch Manager. (on the right)

image

Select New virtual network switch on the left and External under the type to create. Click Create Virtual Switch.

image

Name the switch something appropriate (I’m using "Main").

Select External Network > Select your main NIC (wireless or wired).

Check Allow management operating system to share this network adapter and click OK.

image

Click Yes on the notice prompt.

image

Create the Staging VM

Now that you’re prepped, within Hyper-V Manager select New > Virtual Machine and then click Next.

image

Type a name for your staging VM (I’m picking stage01) then click Next.

image

Select Generation 1 and then click Next.

image

Enter an appropriate amount of memory (I’m entering 4096 MB), UNselect Dynamic Memory and then click Next.

image

Choose the Network Connection you previously created and then click Next.

image

Designate an adequate amount of storage for your VM (not less than the total GB of all applications you will be installing) and then click Next.

image

Select Install an operating system from a bootable CD/DVD-ROM > Select Image File (.iso) > Find and select the Windows ISO you downloaded earlier > Click Next > Click Finish.

image

image

Back at the Hyper-V Manager, right click stage01 and select Connect… (This will open the console of the VM.)

image

Navigate to Action and click Start.

image

Install Windows 10 by accepting the EULA and choosing Custom > selecting the entire virtual disk and clicking Next.

image

Then let the setup continue until it reboots and you get to the first ‘customization’ screen.

Enter Audit Mode and Install Applications

Start Windows installation normally. After reboot or two Windows is installed and process stops waiting your input. At this point we need to click on the Use express settings button. On next dialog you should not type a username, so don’t enter it. – STOP.

image

Instead, press and hold down the CTRL+SHIFT+F3 keys combination. Windows will now reboot to a special customization mode, the Audit Mode.

When presented with the System Preparation Tool window, click Cancel

image

You’re now in Audit mode. Audit mode is used to add customizations to Windows images. When you use audit mode, the system does not have to apply settings in Windows Welcome – things like creating user accounts, read and accept the Microsoft® Software License Terms, and select their language and time zones etc. It is designed specifically for preparing Windows images for deployment.

Okay so now let’s prepare and update the system. In Windows 10 (and 8.1) you can forcefully check for updates here:

image

OR you can use PowerShell to update – as in my previous article. I’d make sure ALL the updates are done – reboot several times (clicking ‘Cancel’ each time) until you’re sure that there are no more updates.

You may also want to uninstall any Windows ‘Store’ apps per this article.

Here is where you will download/install any software you wish to be on your image.

I install things like Office Suites, Acrobat, 7-zip, Java, different Browsers (Chrome Firefox etc.), plugins (Flash, Shockwave etc.) and such.

Once done with all your installs you should clean up all temp files (I use CCleaner portable) and run Disk Cleanup too.

So now let’s finalize and Sysprep the disk.

Shutdown your Staging VM.

Create a Checkpoint

Click Action > Checkpoint.. > Enter "Ready for sysprep" > Click Yes

Power your Staging VM back on.

When logged in, do not close the System Preparation Tool window this time.

Select Enable System Out-of-Box Experience (OOBE)

Checkbox Generalize

Select Shutdown

Click OK

image

Now we’re going to create the WIM file that we’ll use for creating our install media. The WIM file is a compressed image which is deployed during Windows installation. The install.wim file is the actual source used when installing Windows 10. Thus, we need to create our own WIM file, and replace the stock one with it. To do this, we need to "capture" the last Checkpoint – the one named ‘Complete’.

We’ll use the DISM tool to capture a mounted hard drive.

So we first need to mount the VHD (virtual hard drive) of our very last/updated VM – the checkpoint we named complete.

Once your VM is shut down, create another Checkpoint named "Complete". 
Do NOT power your VM back on.

As mentioned above, the install.wim file is the actual source used when installing Windows 10. Thus, we need to create our own WIM file, and replace the stock one with it. To do this, we need to "capture" the last Checkpoint.

On your host (physical machine), open up Disk Management. 
WIN+X > Disk Management

image

Navigate to Action > Attach VHD

image

Click Browse

image

Navigate to the directory where the virtual disks are stored for stage01. By default this directory is: C:\Users\Public\Documents\Hyper-V\Virtual hard disks/

In the bottom right, change Virtual Disk files (* .vhd, * .vhdx) to All files (* . *)

image

Select the file with the most recent Date Modified – this is your Complete Checkpoint!

image

Click Open

Check box Read-only and then click OK.

image

At this point you will see one new disk with two partitions. Make note of the second partition drive letter (in my case, the F: Drive).

image

Now the capture!

Open the Command Prompt with Administrator Rights.

WIN+X > Command Prompt (Admin)

image

Type:

dism /capture-image /imagefile:c:\customInstall.wim /capturedir:F:\ /name:"Windows 10 Enterprise – Customized by: Darth Sidious" /Description:"Windows 10 Enterprise – Customized by: Darth Sidious" /compress:maximum /checkintegrity /verify /bootable

replacing F: with the second partition drive letter you made note of earlier – and replacing "Customized by: Darth Sidious" with whatever you want.

Depending on your processing power, this may take a little while. When complete, you will see "This operation completed successfully." You should now see a file named "customInstall.wim" at the root of your C:\ Drive.

image

Build the Customized Media

Open/Double click the stock ISO you used to install Windows in stage01 to mount it within File Explorer.

Open This PC and double click the newly mounted drive.
(In my case, Drive E: SW_DVD5_WIN_ENT_10_1607_64BIT_English_MLF_X21-07102.ISO)

CTRL+A (to select all) and CTRL+C (to copy)

Create a new folder named WinExtract off your C:\ drive

(Another location is fine too, but these instructions will be assuming C:\)

Navigate to C:\WinExtract\ and CTRL+V (to paste).

image

After the copy completes, navigate to C:\WinExtract\sources\ and delete the install.wim file.

image

Move C:\customInstall.wim (your custom WIM) to C:\WinExtract\sources\.

Rename C:\WinExtract\sources\customInstall.wim to install.wim.

image

At this point, you are ready to create your ISO.

Create UEFI Bootable ISO:

Open Admin Command Prompt

Change directory (cd) to:

C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\Oscdimg

Then enter and run:

oscdimg -m -u2 -bC:\WinExtract\boot\etfsboot.com C:\WinExtract\ C:\Windows10Updated.iso

Once complete, you now have a UEFI bootable ISO named Windows10Updated.iso

[If you are making a Windows 8.1 image you will need to use the right directory for the ‘Windows Kits/adk selection]

You should now test your .iso by using it to create a new VM. Verify that it installs and works. Then you can create a bootable USB drive.

I use Rufus Portable to create my bootable USBs. Portable download here.

One of the first cool things about Rufus Portable is that no installation is necessary to run it. When you run it, setting it up is simple. Select the USB drive you want to use. To make sure your drive will boot on most devices including newer UEFI ones select the ‘MBR partition scheme for BIOS or UEFI Computers’ and also ‘Use Rufus MBR’ option.

Then select the disc icon next to the ISO drop-down and navigate to the location of your newly created Windows 10 ISO.

image

After that click Start and you should be good to go, within minutes.

image

Hope this helps some. I put this up here, like most of my stuff, mainly so I have a place to remember what I did. 😛

Happy image building.

WebEx in Chrome security flaw

Recently there have been some pretty big security issues found with several browser plug-ins. Like this huge one for the WebEx in Chrome issue

It is best that, if you must use them, you manually update them. Please always keep your stuff updated.

To force update Chrome extensions:

Open Chrome, then got to Settings – clicking on the three vertical dots in the top right of Chrome.

clip_image003

clip_image005

Then click on Extensions:

clip_image007

Next Click on ‘Developer mode’ then click on “Update extensions now”

clip_image010

For Firefox you need to update addons and plug-ins:

clip_image012orclip_image014

Then

clip_image016

And then

clip_image018

Watch out for e-Mail Scams about Electronic Tax Payments

Well it’s getting closer to tax season.

Many of us do our taxes as soon as we get our year end statements and many of us have quarterly taxes we pay.

Either way please keep an eye our for scams ‘reminding you of payments’ telling you owe payments and the like.

Believe me – if the IRS or the State wants their tax dollars they’ll reach out to you via REGULAR MAIL they will NOT be using some third party payment processing company.

The idea with emails like the one I just received is to first scare you into thinking you owe money, and second get you to click on a malicious link – one that will either infect your system or get you to a site designed to one way or another separate you from your money. Often times with life operators asking questions and continuing the scare tactics.

SCAM

Above is one I just received. – IT’S COMPLETELY B.S.!!

Please IF you are ever concerned about a Tax problem go to the ‘front door’ of the agency – www.irs.gov, www.oregon.gov/dor, or the like, via your web browser address bar (NOT a search bar – the very top bar of your browser that says, http://www……)

the IRS has some good info here.

Remember be safe folks