Saturday, February 3, 2007

Missing Drive Letters

UAC has another interesting side effect. It's not a simple elevation of priviledges or tokens that's happening; you actually have some separation between the limited and admin user programs while UAC is active.

This is readily demonstrated in the following fashion
  1. Map a drive letter to a network share from the limited user account; it can be done several ways, including using logon scripts.
  2. Open CMD (or your preferred shell; mine is JPSoft's 4NT) as a limited user.
  3. Enter "net use" at the prompt.
  4. Open CMD (or your preferred shell) as an admin user.
  5. Enter "net use" at the prompt.
Note that you get drive letters in one console, but not in the other.

I've been able to get around this problem by using 4NT; it can handle using a UNC path as the current working directory. Want even more fun, however? Try the same test using Windows Explorer instead of CMD. More on that later...

1 comment: