Fix Elevated applications not having access to mapped drives

Fix Elevated applications not having access to mapped drives

One of the side effects of UAC is the inability to access the mapped (over net use) network drives from the applications running in privileged mode (Run As Administrator). This means that when you run the command prompt or an application (like SpecWin) with elevated privileges, they won’t display the disk letters of the mounted network shares.

A quick way to show what this looks like. Open command prompt, as a regular user, not an administrator and run/enter:

net use

Your screen should look something like this:

clip_image002

And if you change directories and looked at what’s there, it would look something like this

clip_image004

If you run the command prompt ‘As Administrator’ the prompt will look something like this:

clip_image006

If you try and change drives you will get something like this:

clip_image008

This behavior of the system can lead to some inconveniences when trying to run apps elevated often.

Why does it happen? This peculiarity is connected with UAC mechanism for a user with the local administrator privileges. The matter is that when this user signs in, two access tokens are created: the first token provides access without the administrator privileges (the filtered access token, with which most apps are run) and the second is the administrator token with full privileges in the system (all apps approved elevated in UAC are run using it).

When connecting shared network folders, they are associated with the current session for the current process access token and are not available with another token.

There is a solution. To implement it, you have to make some changes to the registry:

Open the registry editor (regedit.exe)

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Create a new parameter (DWORD type) with the name EnableLinkedConnections and the value 1

clip_image010

Restart your computer

After the computer has been restarted, make sure that you have access to the network drives from the apps run with the administrator privileges.

How it works. After you enable EnableLinkedConnections parameter of the registry, LanmanWorkstation and LSA will check if there is the second access token associated to the session of the current user. If this token is found, the list of the mounted network drives will be copied from one token to another. Thus, the network drives mounted elevated will be seen in the standard mode, and vice versa.

Ref:

https://support.microsoft.com/en-us/help/3035277/mapped-drives-are-not-available-from-an-elevated-prompt-when-uac-is-configured-to-prompt-for-credentials-in-windows

https://technet.microsoft.com/en-us/library/ee844140(v=ws.10).aspx

https://social.technet.microsoft.com/Forums/en-US/49e551df-8e18-45fa-b4bf-923b5a317337/windows-8-issue-with-drive-mapping-and-uac-enabled-enablelinkedconnections?forum=w81previtpro

Leave a Reply

*