Whats the danger in running something from an admin context in a user context?
On Sun, Nov 20, 2016 at 9:28 PM Kurt Buff <[email protected]> wrote: > Down that path lies great danger... > > On Sun, Nov 20, 2016 at 11:44 AM, Micheal Espinola Jr > <[email protected]> wrote: > > This has always annoyed me. I really wish the runas /trustlevel switch > > could be used to overcome this feature. > > > > -- > > Espi > > > > > > On Sun, Nov 20, 2016 at 10:29 AM, Webster <[email protected]> > wrote: > >> > >> > >> > https://blogs.technet.microsoft.com/askds/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership/ > >> > >> > >> > >> "I can only get this to work if I disable UAC on the Windows 7 client. > Is > >> this expected?" > >> > >> > >> > >> "This should only happen with administrative user accounts. The drive > >> mapping occurs in an elevated user process. The Windows Explorer > process is > >> a non-elevated process. Mapped drives, regardless of how they are > mapped, > >> by default do not span across processes of different elevation. Normal > User > >> accounts should not have this problem. You can bypass the problem by > mapping > >> the drive as a scheduled task, which would occur under the non-elevated > >> process. Or, you can enable the registry setting in MSKB Article ID: > >> 937624." > >> > >> > >> > >> Thanks > >> > >> > >> > >> > >> > >> Webster > >> > >> > >> > >> From: [email protected] > >> [mailto:[email protected]] On Behalf Of Mike Kanfer > >> Sent: Sunday, November 20, 2016 9:42 AM > >> To: [email protected] > >> Subject: Re: [NTSysADM] Windows 2012 R2 GPO Mapping Issue > >> > >> > >> > >> Bingo! That's was it. Thank you!! > >> > >> > >> > >> On Sun, Nov 20, 2016 at 9:11 AM, Eric Wittersheim > >> <[email protected]> wrote: > >> > >> Are the users local admins? UAC can block mapped drives when the users > are > >> administrators. You can check this by opening up a cmd prompt and > switch to > >> the mapped drive letter. This shows the gpo is working but it's mapping > the > >> drive for Administrator instead of the intended user. > >> > >> Eric > >> > >> > >> > >> On Sat, Nov 19, 2016 at 9:00 PM Mike Kanfer <[email protected]> wrote: > >> > >> We have a GPO that is applied to Authenticated Users and linked to our > >> domain. In it, we have a mapped drive which isn't work. Looking at > >> GPResult shows the policy being applied. Using NET USE, we can map the > >> drive with a user logged in. We have unchecked, reconnect at logon and > it > >> still doesn't work. The drive map action is Create. We also tried > Update. > >> The GPO does work because other elements- a message on the logon screen > is > >> displayed. The DC is a Windows 2012 R2 server and the workstation is a > >> Windows 10 Pro version. It also is not working on a Windows 2012 R2 > >> terminal server. > >> > >> > >> > >> Any help would be appreciated. > >> > >> > > > > > > > -- -- Espi (via mobile)
