Ahh, yesh yesh - I see you point the other way around. -- Espi
On Mon, Nov 21, 2016 at 2:25 PM, Kurt Buff <[email protected]> wrote: > Credentials are in memory while the app running as admin is in memory > - and in some cases (such as X-ing out of an RDP session) are left in > memory after the app is closed. > > Oh, wait - I got it backward. You want an admin to run something as a > standard user. That makes more sense. Never mind. > > Kurt > > On Mon, Nov 21, 2016 at 5:49 AM, Micheal Espinola Jr > <[email protected]> wrote: > > Whats the danger in running something from an admin context in a user > > context? > > > > On Sun, Nov 20, 2016 at 9:28 PM Kurt Buff <[email protected]> wrote: > >> > >> Down that path lies great danger... > >> > >> On Sun, Nov 20, 2016 at 11:44 AM, Micheal Espinola Jr > >> <[email protected]> wrote: > >> > This has always annoyed me. I really wish the runas /trustlevel > switch > >> > could be used to overcome this feature. > >> > > >> > -- > >> > Espi > >> > > >> > > >> > On Sun, Nov 20, 2016 at 10:29 AM, Webster <[email protected]> > >> > wrote: > >> >> > >> >> > >> >> > >> >> https://blogs.technet.microsoft.com/askds/2009/01/ > 07/using-group-policy-preferences-to-map-drives-based-on-group-membership/ > >> >> > >> >> > >> >> > >> >> "I can only get this to work if I disable UAC on the Windows 7 > client. > >> >> Is > >> >> this expected?" > >> >> > >> >> > >> >> > >> >> "This should only happen with administrative user accounts. The drive > >> >> mapping occurs in an elevated user process. The Windows Explorer > >> >> process is > >> >> a non-elevated process. Mapped drives, regardless of how they are > >> >> mapped, > >> >> by default do not span across processes of different elevation. > Normal > >> >> User > >> >> accounts should not have this problem. You can bypass the problem by > >> >> mapping > >> >> the drive as a scheduled task, which would occur under the > non-elevated > >> >> process. Or, you can enable the registry setting in MSKB Article ID: > >> >> 937624." > >> >> > >> >> > >> >> > >> >> Thanks > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> Webster > >> >> > >> >> > >> >> > >> >> From: [email protected] > >> >> [mailto:[email protected]] On Behalf Of Mike Kanfer > >> >> Sent: Sunday, November 20, 2016 9:42 AM > >> >> To: [email protected] > >> >> Subject: Re: [NTSysADM] Windows 2012 R2 GPO Mapping Issue > >> >> > >> >> > >> >> > >> >> Bingo! That's was it. Thank you!! > >> >> > >> >> > >> >> > >> >> On Sun, Nov 20, 2016 at 9:11 AM, Eric Wittersheim > >> >> <[email protected]> wrote: > >> >> > >> >> Are the users local admins? UAC can block mapped drives when the > users > >> >> are > >> >> administrators. You can check this by opening up a cmd prompt and > >> >> switch to > >> >> the mapped drive letter. This shows the gpo is working but it's > mapping > >> >> the > >> >> drive for Administrator instead of the intended user. > >> >> > >> >> Eric > >> >> > >> >> > >> >> > >> >> On Sat, Nov 19, 2016 at 9:00 PM Mike Kanfer <[email protected]> > wrote: > >> >> > >> >> We have a GPO that is applied to Authenticated Users and linked to > our > >> >> domain. In it, we have a mapped drive which isn't work. Looking at > >> >> GPResult shows the policy being applied. Using NET USE, we can map > the > >> >> drive with a user logged in. We have unchecked, reconnect at logon > and > >> >> it > >> >> still doesn't work. The drive map action is Create. We also tried > >> >> Update. > >> >> The GPO does work because other elements- a message on the logon > screen > >> >> is > >> >> displayed. The DC is a Windows 2012 R2 server and the workstation > is a > >> >> Windows 10 Pro version. It also is not working on a Windows 2012 R2 > >> >> terminal server. > >> >> > >> >> > >> >> > >> >> Any help would be appreciated. > >> >> > >> >> > >> > > >> > > >> > >> > > -- > > -- Espi (via mobile) > > >
