Vista Forums - View Single Post - cached credentials for mapped drives and elevation

07-26-2007

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:C020B2C2-E742-4E51-94C8-747EC69902E0@microsoft.com...
> Is the account a member of the local administrators group on the Vista
> Enterprise computer? If you have to enter a username and password the
> elevated process runs in the context of the account that you authenticate
> for the elevated process.

Kerry,
I am testing using two accounts on both machines. One is a member of the
local administrators group and the second is a standard user with the
addition of the privilege "Impersonate user after authentication" on the
local machine. Neither account is able to "see" the shares within the
elevated process.

When I elevate using the account that belongs to the local administrators
group I get the normal over the shoulder (OTS) elevation prompt. When I
elevate using the standard user account, I am prompted with the dialog that
allows me to either enter the account password or select another account.

Please note that the manifest states that the "highestAvailable" credentials
are required. I do not specify "requireAdministrator".

-Pete

> "Pete Delgado" <Peter.Delgado@noads.net> wrote in message
> news:Our0yyuzHHA.1184@TK2MSFTNGP04.phx.gbl...
>>I have two computers, one running Windows Vista Ultimate and the other
>>running Windows Vista Enterprise. The first machine is configured on our
>>network but is set up within a workgroup. The second machine is
>>configured on our network as a member of our domain. Both machines have
>>UAC turned on.
>>
>> When I map network drives to the machines everything works normally.
>> However, when I run a program that requires elevation via a manifest, the
>> network drive mappings "disappear" in the login session that is created
>> for the elevated process on the Vista Enterprise machine. This results in
>> the elevated process not being able to "see" the same environment as the
>> user login session when an elevated process is run on Vista Enterprise.
>>
>> Is there a difference in the default group policy that would affect the
>> caching of network credentials in Vista Enterprise? I recall that
>> Windows XP Media Center had network credential cache turned off by
>> default so I wondered if what I am seeing is something similar.
>>
>> TIA
>>
>> -Pete
>>
>

07-26-2007	#3 (permalink)
Pete Delgado n/a posts	Re: cached credentials for mapped drives and elevation "Kerry Brown" <kerry@kdbNOSPAMsys-tems.cam> wrote in message news:C020B2C2-E742-4E51-94C8-747EC69902E0@microsoft.com... > Is the account a member of the local administrators group on the Vista > Enterprise computer? If you have to enter a username and password the > elevated process runs in the context of the account that you authenticate > for the elevated process. Kerry, I am testing using two accounts on both machines. One is a member of the local administrators group and the second is a standard user with the addition of the privilege "Impersonate user after authentication" on the local machine. Neither account is able to "see" the shares within the elevated process. When I elevate using the account that belongs to the local administrators group I get the normal over the shoulder (OTS) elevation prompt. When I elevate using the standard user account, I am prompted with the dialog that allows me to either enter the account password or select another account. Please note that the manifest states that the "highestAvailable" credentials are required. I do not specify "requireAdministrator". -Pete > "Pete Delgado" <Peter.Delgado@noads.net> wrote in message > news:Our0yyuzHHA.1184@TK2MSFTNGP04.phx.gbl... >>I have two computers, one running Windows Vista Ultimate and the other >>running Windows Vista Enterprise. The first machine is configured on our >>network but is set up within a workgroup. The second machine is >>configured on our network as a member of our domain. Both machines have >>UAC turned on. >> >> When I map network drives to the machines everything works normally. >> However, when I run a program that requires elevation via a manifest, the >> network drive mappings "disappear" in the login session that is created >> for the elevated process on the Vista Enterprise machine. This results in >> the elevated process not being able to "see" the same environment as the >> user login session when an elevated process is run on Vista Enterprise. >> >> Is there a difference in the default group policy that would affect the >> caching of network credentials in Vista Enterprise? I recall that >> Windows XP Media Center had network credential cache turned off by >> default so I wondered if what I am seeing is something similar. >> >> TIA >> >> -Pete >> >
My System Specs