On 9/16/2011 2:14 PM, Ben Howell wrote: > From the website: > > Known Issues: > On Windows 7 and Windows Server 2008 R2, it is not possible to execute > an application out of AFS under the following conditions: > *The path is a drive letter mapping > *The application requires elevated privileges > Workaround: use SUBST instead of NET USE to assign drive letters to UNC > paths. > > So running as a different user/elevation to admin doesn't carry over the > existing credentials? Is there a way to forward open credentials or > generate temporary credentials when elevating? Or is this simply a > limitation/security function in Windows?
Elevated processes in the same authentication group share the tokens in the authentication group. That is not the problem described above. The above problem is specific to mapped drive letters (aka NPAddConnection) whether by NET USE or Explorer Shell. SUBST drive letters to UNC paths are not affected. UNC paths themselves are not affected. Executing the software from a command prompt is not affected. Jeffrey Altman
signature.asc
Description: OpenPGP digital signature
