Question

Mapping Network Drives In Vista With UAC Turned On

Asked by: 2003domainadmin

I am trying to get a script to map network drives in Windows Vista with UAC turned on.  The domain is a 2003 domain, but the group policies exist for Vista.  I have tried the launchapp.wsf script from Microsoft, and it doesn't map the network drives for local admin accounts on the WIndows Vista machines.  UAC is a requirement for our security policy, and is enforced at the Group Policy Domain level.  Any help is greatly appreciated.  Thanks

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-02-11 at 20:40:50ID24136088
Tags

UAC

,

Windows Vista

,

Network Drive

,

Map

Topics

Windows Vista

,

Active Directory

,

Windows 2003 Server

Participating Experts
2
Points
500
Comments
10

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Vista UAC
    Hi, I developed an application under XP. Now, new users run it on Vista and I have problems with Vista UAC. My app saves to registry and create a small files. If I turn UAC off or right click the icon of my app the set it as administrator, it works fine. if I do nothing, the...
  2. How to enforce UAC Security thru GPO on Vistas in a Dom…
    We want to centrally configure the 10 UAC related GPO settings so that Vista users in the domain may not override the default UAC security by modifying local GPO. (A screen-shot of these 10 GPO entries in enclosed and it shows our current settings.) We are most unsure about t...
  3. turn off uac
    vbs code to turn off UAC in vista
  4. Vista home and the UAC
    Fellow Experts, I need some assistance. I have recently been told that we are going to switch from Vista Business to Vista Home premium becuase of the cost. I think its a bad idea but hey..Im not the Boss. My question is.. How can I lock down the user so they cant install ...
  5. How to detect UAC
    How can I detect if UAC is enabled or disabled?

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: hypercatPosted on 2009-02-12 at 10:10:26ID: 23624831

I've run across the same problem, also tried the .wsf script with no luck.  It's sort of a cop-out/workaround, but what I've done for users who have to have local admin rights - i.e., only myself and other network admin accounts - is to put a copy of the login script in the Startup folder in their user profile. I absolutely do NOT allow regular users to have local admin rights.  This makes it a little harder to work with some 3rd party apps, but I use the Microsoft Application Compatibility program to fix most of those problems. If that doesn't work, I give the user a separate account with local admin rights so that they can log on as themselves but use their local admin login only when they get a message from the UAC that they need admin rights to run one of their programs.

 

by: hypercatPosted on 2009-02-12 at 10:11:28ID: 23624845

Just a clarification - the account with local admin rights that the user has is a workstation local-only account, not a domain account.

 

by: 2003domainadminPosted on 2009-02-16 at 17:42:18ID: 23655729

It's a domain user account, with local admin priviledges.,

 

by: hypercatPosted on 2009-02-17 at 09:30:49ID: 23662022

That wasn't a question. I was merely adding a clarification to my comment about the workaround. The admin account we create for the user to have for running apps with admin privileges is a local account only, not a domain account. This is to ensure that they don't get any privileges on the domain that they shouldn't have.  All they need is local admin privileges to run the programs, so that's why we give them a local account.

 

by: 2003domainadminPosted on 2009-02-17 at 10:15:22ID: 23662483

The problem is that the scripts run at the elevated level when logging in so the maps appear invisible to admin users (domain or local) when they view explorer with the standard user elevation.  UAC is an evil invention.  I have it turned off right now, but that prevents run as administrator from prompting standard users for credentials when they need to elevate something, so I need to log someone off, and log myself in in order to do something.  The override breaks when UAC is off, and the maps break when it is on.

 

by: hypercatPosted on 2009-02-17 at 12:08:15ID: 23663586

I'm have a bit of a problem understanding exactly what you are getting at.  Please clarify which description fits your situation:

1.  Users log on with local admin rights, so the domain login script doesn't run properly. You need users to log on with local admin rights for some reason, so you don't want to change this, but you need to have the mapped drives work for these users.

2.  Users log on with local user rights and get their mapped drives.  However, when they get an elevation prompt and use a local admin login, the mapped drives do not appear for that login.

 

by: 2003domainadminPosted on 2009-02-17 at 12:59:45ID: 23664121

When a user logins in in Vista/7 if they have admin irghts of any kind they are given standard user rights until admin rights are needed.  That's when the UAC prompt appears.  However login scripts are run at the admin level so any network maps run at login are not visible to the user because they are running at a higher security level.  The solution to this issue is to turn UAC off, but then when a standard user needs to perform an admin task, instead of being prompted for an admin to enter his password, they just get an access denied message.

 

by: hypercatPosted on 2009-02-17 at 14:00:09ID: 23664724

OK - I think I understand now.  Below is an explanation of how we get around this issue.  There are still problems, but it works better as far as I am concerned.

I have two basic classes of users - regular users and admin users.  

1. I have set group policies for the ADMIN users so that they always have elevated privileges, without having to respond to prompts from the UAC.  This is done only for users that have a high level of access to everything and are completely trustworthy both in their handling of admin rights and privileges and in their knowledge of truthworthy computing behavior. IOW, they are trusted not to inadvertently download bad stuff from the Internet as well as trusted to know what they are doing with their elevated permissions.  The way to do this is to set the policies for the UAC under the Computer Configuration/Policies/Windows Settings/Security Settings/Local Policies/Security Options as follows:

User Account Control: Behavior of the elevation prompt for administrators.....etc. - set to Elevate without prompting
User Account Control: Run all administrators in Admin Approval Mode - set to Enabled

The problem with this is that the domain login script will not run for these admin users for some reason - I think it's a "feature" not a "bug."  IOW, it works that way on purpose. This is what I tried to fix with the launchapp.wsf script, but it didn't work and maybe I misunderstood what it was supposed to do. Anyway, to get around this, I put a login script in the Startup folder of the users' profiles to map drives, etc.

2. All other users have only local User level rights to their workstations.  If a user has an application that needs to be run with administrative-level access, we create a local account on their workstation with local admin rights.  When they run that program, they will get a UAC prompt and then they use that admin account to give them elevated privileges to run that particular program. If we just need to have occasional elevated privileges when doing something on the user's workstation (i.e., installing a program for them), we respond to the elevation prompt with a domain-level administrative login.

 

by: 2003domainadminPosted on 2009-02-17 at 14:03:40ID: 23664768

Ah, so those are the two GPO items that need to be configured.  I'll have to test that.  I'll let you know the results when the GPO is updated.

 

by: SteveGTRPosted on 2009-06-24 at 08:02:51ID: 24701772

I know this solution is closed, but I ran into the same problem with Vista and here's a wonderful solution that works great:

http://support.microsoft.com/kb/937624

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...