Re: cached credentials for mapped drives and elevation
I suspect the answer is in your first paragraph. One computer is joined to
the domain, one isn't.
Microsoft MVP - Shell/User
"Pete Delgado" <Peter.Delgado@noads.net> wrote in message
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
>> Is the account a member of the local administrators group on the Vista
>> Enterprise computer? If you have to enter a username and password the
>> elevated process runs in the context of the account that you authenticate
>> for the elevated process.
> I am testing using two accounts on both machines. One is a member of the
> local administrators group and the second is a standard user with the
> addition of the privilege "Impersonate user after authentication" on the
> local machine. Neither account is able to "see" the shares within the
> elevated process.
> When I elevate using the account that belongs to the local administrators
> group I get the normal over the shoulder (OTS) elevation prompt. When I
> elevate using the standard user account, I am prompted with the dialog
> that allows me to either enter the account password or select another
> Please note that the manifest states that the "highestAvailable"
> credentials are required. I do not specify "requireAdministrator".
>> "Pete Delgado" <Peter.Delgado@noads.net> wrote in message
>>>I have two computers, one running Windows Vista Ultimate and the other
>>>running Windows Vista Enterprise. The first machine is configured on our
>>>network but is set up within a workgroup. The second machine is
>>>configured on our network as a member of our domain. Both machines have
>>>UAC turned on.
>>> When I map network drives to the machines everything works normally.
>>> However, when I run a program that requires elevation via a manifest,
>>> the network drive mappings "disappear" in the login session that is
>>> created for the elevated process on the Vista Enterprise machine. This
>>> results in the elevated process not being able to "see" the same
>>> environment as the user login session when an elevated process is run on
>>> Vista Enterprise.
>>> Is there a difference in the default group policy that would affect the
>>> caching of network credentials in Vista Enterprise? I recall that
>>> Windows XP Media Center had network credential cache turned off by
>>> default so I wondered if what I am seeing is something similar.