Mapped drives are not available from an elevated prompt when UAC is configured to "Prompt for credentials" in Windows

Прилага се за: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials Повече

Symptoms


This issue occurs when the following conditions are true:
  • You use Group Policy Preference (GPP) or logon scripts to map network drives during logon.
  • User Account Control (UAC) is enabled.
  • The following UAC Group Policy setting is configured to Prompt for credentials:
    User Account Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode
  • The EnableLinkedConnections registry entry is configured. See the detail to configure the registry entry.
Under these conditions, you experience the following situation:
  • When you log on, mapped drives are available as expected.
  • When you run an elevated command prompt as administrator, the mapped drives are unavailable in the elevated command prompt.
Note This issue also affects other applications that run in an elevated context (run as administrator) and use drive letters to access mapped drives.

Cause


When UAC is enabled, the system creates two logon sessions at user logon. Both logon sessions are linked to one another. One session represents the user during an elevated session, and the other session where you run under least user rights.

When drive mappings are created, the system creates symbolic link objects ("DosDevices") that associate the drive letters to the UNC paths. These objects are specific for a logon session and are not shared between logon sessions.

Note The EnableLinkedConnections registry entry forces the symbolic links to be written to both linked logon sessions that are created, when UAC is enabled.

When the UAC policy is configured to Prompt for credentials, a new logon session is created in addition to the existing two linked logon sessions. Previously created symbolic links that represent the drive mappings will be unavailable in the new logon session.

Workaround


To work around this issue, follow the steps in one of the following methods:

Method 1

  1. In Local Group Policy Editor, locate the following Group Policy path:
    Local Computer Policy\Windows Settings\Security Settings\Local Policies\Security Options
  2. Configure the following policy to Prompt for consent:
    User Account Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode

Method 2

Map the required drives again in the elevated session, for example, by using a .bat script file.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information


Detail to configure the EnableLinkedConnections" registry entry

  1. In Registry Editor, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  2. Right-click Configuration, click New, and then click DWORD (32-bit) Value.
  3. Name the new registry entry as EnableLinkedConnections.
  4. Double-click the EnableLinkedConnections registry entry.
  5. In the Edit DWORD Value dialog box, type 1 in the Value data field, and then click OK.
  6. Exit Registry Editor, and then restart the computer.