Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

cached credentials for mapped drives and elevation

microsoft.public.windows.vista.administration accounts passwords






Speedup My PC
Reply
  #1 (permalink)  
Old 07-25-2007
Pete Delgado
 

Posts: n/a
cached credentials for mapped drives and elevation
I have two computers, one running Windows Vista Ultimate and the other
running Windows Vista Enterprise. The first machine is configured on our
network but is set up within a workgroup. The second machine is configured
on our network as a member of our domain. Both machines have UAC turned on.

When I map network drives to the machines everything works normally.
However, when I run a program that requires elevation via a manifest, the
network drive mappings "disappear" in the login session that is created for
the elevated process on the Vista Enterprise machine. This results in the
elevated process not being able to "see" the same environment as the user
login session when an elevated process is run on Vista Enterprise.

Is there a difference in the default group policy that would affect the
caching of network credentials in Vista Enterprise? I recall that Windows
XP Media Center had network credential cache turned off by default so I
wondered if what I am seeing is something similar.

TIA

-Pete


Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 07-26-2007
Kerry Brown
 

Posts: n/a
Re: cached credentials for mapped drives and elevation
Is the account a member of the local administrators group on the Vista
Enterprise computer? If you have to enter a username and password the
elevated process runs in the context of the account that you authenticate
for the elevated process.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


"Pete Delgado" <Peter.Delgado@noads.net> wrote in message
news:Our0yyuzHHA.1184@TK2MSFTNGP04.phx.gbl...
>I have two computers, one running Windows Vista Ultimate and the other
>running Windows Vista Enterprise. The first machine is configured on our
>network but is set up within a workgroup. The second machine is configured
>on our network as a member of our domain. Both machines have UAC turned on.
>
> When I map network drives to the machines everything works normally.
> However, when I run a program that requires elevation via a manifest, the
> network drive mappings "disappear" in the login session that is created
> for the elevated process on the Vista Enterprise machine. This results in
> the elevated process not being able to "see" the same environment as the
> user login session when an elevated process is run on Vista Enterprise.
>
> Is there a difference in the default group policy that would affect the
> caching of network credentials in Vista Enterprise? I recall that Windows
> XP Media Center had network credential cache turned off by default so I
> wondered if what I am seeing is something similar.
>
> TIA
>
> -Pete
>


Reply With Quote
  #3 (permalink)  
Old 07-26-2007
Pete Delgado
 

Posts: n/a
Re: cached credentials for mapped drives and elevation

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:C020B2C2-E742-4E51-94C8-747EC69902E0@microsoft.com...
> Is the account a member of the local administrators group on the Vista
> Enterprise computer? If you have to enter a username and password the
> elevated process runs in the context of the account that you authenticate
> for the elevated process.


Kerry,
I am testing using two accounts on both machines. One is a member of the
local administrators group and the second is a standard user with the
addition of the privilege "Impersonate user after authentication" on the
local machine. Neither account is able to "see" the shares within the
elevated process.

When I elevate using the account that belongs to the local administrators
group I get the normal over the shoulder (OTS) elevation prompt. When I
elevate using the standard user account, I am prompted with the dialog that
allows me to either enter the account password or select another account.

Please note that the manifest states that the "highestAvailable" credentials
are required. I do not specify "requireAdministrator".

-Pete




> "Pete Delgado" <Peter.Delgado@noads.net> wrote in message
> news:Our0yyuzHHA.1184@TK2MSFTNGP04.phx.gbl...
>>I have two computers, one running Windows Vista Ultimate and the other
>>running Windows Vista Enterprise. The first machine is configured on our
>>network but is set up within a workgroup. The second machine is
>>configured on our network as a member of our domain. Both machines have
>>UAC turned on.
>>
>> When I map network drives to the machines everything works normally.
>> However, when I run a program that requires elevation via a manifest, the
>> network drive mappings "disappear" in the login session that is created
>> for the elevated process on the Vista Enterprise machine. This results in
>> the elevated process not being able to "see" the same environment as the
>> user login session when an elevated process is run on Vista Enterprise.
>>
>> Is there a difference in the default group policy that would affect the
>> caching of network credentials in Vista Enterprise? I recall that
>> Windows XP Media Center had network credential cache turned off by
>> default so I wondered if what I am seeing is something similar.
>>
>> TIA
>>
>> -Pete
>>

>



Reply With Quote
  #4 (permalink)  
Old 07-28-2007
Kerry Brown
 

Posts: n/a
Re: cached credentials for mapped drives and elevation
I suspect the answer is in your first paragraph. One computer is joined to
the domain, one isn't.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


"Pete Delgado" <Peter.Delgado@noads.net> wrote in message
news:uQ%23PRM6zHHA.4824@TK2MSFTNGP02.phx.gbl...
>
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:C020B2C2-E742-4E51-94C8-747EC69902E0@microsoft.com...
>> Is the account a member of the local administrators group on the Vista
>> Enterprise computer? If you have to enter a username and password the
>> elevated process runs in the context of the account that you authenticate
>> for the elevated process.

>
> Kerry,
> I am testing using two accounts on both machines. One is a member of the
> local administrators group and the second is a standard user with the
> addition of the privilege "Impersonate user after authentication" on the
> local machine. Neither account is able to "see" the shares within the
> elevated process.
>
> When I elevate using the account that belongs to the local administrators
> group I get the normal over the shoulder (OTS) elevation prompt. When I
> elevate using the standard user account, I am prompted with the dialog
> that allows me to either enter the account password or select another
> account.
>
> Please note that the manifest states that the "highestAvailable"
> credentials are required. I do not specify "requireAdministrator".
>
> -Pete
>
>
>
>
>> "Pete Delgado" <Peter.Delgado@noads.net> wrote in message
>> news:Our0yyuzHHA.1184@TK2MSFTNGP04.phx.gbl...
>>>I have two computers, one running Windows Vista Ultimate and the other
>>>running Windows Vista Enterprise. The first machine is configured on our
>>>network but is set up within a workgroup. The second machine is
>>>configured on our network as a member of our domain. Both machines have
>>>UAC turned on.
>>>
>>> When I map network drives to the machines everything works normally.
>>> However, when I run a program that requires elevation via a manifest,
>>> the network drive mappings "disappear" in the login session that is
>>> created for the elevated process on the Vista Enterprise machine. This
>>> results in the elevated process not being able to "see" the same
>>> environment as the user login session when an elevated process is run on
>>> Vista Enterprise.
>>>
>>> Is there a difference in the default group policy that would affect the
>>> caching of network credentials in Vista Enterprise? I recall that
>>> Windows XP Media Center had network credential cache turned off by
>>> default so I wondered if what I am seeing is something similar.
>>>
>>> TIA
>>>
>>> -Pete
>>>

>>

>
>


Reply With Quote
  #5 (permalink)  
Old 08-02-2007
Pete Delgado
 

Posts: n/a
Re: cached credentials for mapped drives and elevation

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:42846B54-A4AA-495D-B2C5-098B80102628@microsoft.com...
>I suspect the answer is in your first paragraph. One computer is joined to
>the domain, one isn't.


I set up another test machine in a workgroup running Vista Enterprise. Same
behavior as the one connected to the domain.

-Pete


Reply With Quote
  #6 (permalink)  
Old 08-03-2007
Kerry Brown
 

Posts: n/a
Re: cached credentials for mapped drives and elevation
I don't have a copy of Vista Enterprise to test with. I have heard that the
UAC defaults are different in Enterprise. I don't know if this is true or
just a rumour. Try comparing the settings for UAC. Gpedit.msc => Computer
Configuration => Windows Settings => Security Settings => Local Policies =>
Security Options.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


"Pete Delgado" <Peter.Delgado@noads.net> wrote in message
news:%23$8UdNR1HHA.600@TK2MSFTNGP05.phx.gbl...
>
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:42846B54-A4AA-495D-B2C5-098B80102628@microsoft.com...
>>I suspect the answer is in your first paragraph. One computer is joined to
>>the domain, one isn't.

>
> I set up another test machine in a workgroup running Vista Enterprise.
> Same behavior as the one connected to the domain.
>
> -Pete
>


Reply With Quote
  #7 (permalink)  
Old 08-03-2007
Pete Delgado
 

Posts: n/a
Re: cached credentials for mapped drives and elevation

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:6D1F9286-7E9F-493B-ACA1-122574F65308@microsoft.com...
>I don't have a copy of Vista Enterprise to test with. I have heard that the
>UAC defaults are different in Enterprise. I don't know if this is true or
>just a rumour. Try comparing the settings for UAC. Gpedit.msc => Computer
>Configuration => Windows Settings => Security Settings => Local Policies =>
>Security Options.


Kerry,
I had already look at the local system policy to see if there were
differences. Unfortunately, I couldn't find any/ I am not reinstalling all
of the versions of the Vista OS using Virtual PC in order to see if I can
duplicate the behaviour on a clean OS.

-Pete


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Odd UAC elevation issue with mapped drives Andy Bates microsoft.public.windows.vista.security 1 07-18-2007 05:15
pb with rights on mapped drives shoros@hotmail.fr microsoft.public.windows.vista.administration accounts passwords 0 03-11-2007 11:58
Mapped Drives Michael O microsoft.public.windows.vista.general 8 02-28-2007 21:08
Mapped Drives Michael O microsoft.public.windows.vista.administration accounts passwords 1 02-28-2007 14:10
Mapped Drives Michael O microsoft.public.windows.vista.networking sharing 0 12-23-2006 14:25




All times are GMT +1. The time now is 03:05.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120