One of the significant improvements of Windows OSs (since Vista) is User Account Control (UAC) feature. User Account Control prompts the user for approval each time when the app tries to make any changes to the system settings. One of the side effects of UAC is the inability to access the mapped (over net use) network drives from the applications running in privileged mode (Run As Administrator). This means that when you run the command prompt or a file manager (like Total Commander) with elevated privileges, they won’t display the disk letters of the mounted network shares.
In this article we’ll show how to grant access to network drives from the apps run in elevated mode in Windows 10, Windows 8, Windows 7, or Windows Vista.
Indeed, with UAC enabled you cannot access a network drive mapped in the normal mode from an app run elevated. Let’s see what the problem looks like. For example, let’s make sure that in the command prompt run with no privileges you can access the contents of the connected network drive Z:\.
If under this user you open the command prompt with the administrator privileges, when trying to access the same disk you’ll get the message that the path to the drive has not been found:
This behavior of the system can lead to some inconveniences when trying to run apps elevated often.
Why does it happen? This peculiarity is connected with UAC mechanism for a user with the local administrator privileges. The matter is that when this user signs in, two access tokens are created: the first token provides access without the administrator privileges (the filtered access token, with which most apps are run) and the second is the administrator token with full privileges in the system (all apps approved elevated in UAC are run using it).
When connecting shared network folders, they are associated with the current session for the current process access token and are not available with another token.
There is an easier solution. To implement it, you have to make some changes to the registry:
- Open the registry editor (regedit.exe)
- Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
- Create a new parameter (DWORD type) with the name EnableLinkedConnections and the value 1
Tip. The same can be done with a single command:reg add «HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System» /v «EnableLinkedConnections» /t REG_DWORD /d 0x00000001 /f - Restart your computer
After the computer has been restarted, make sure that you have access to the network drives from the apps run with the administrator privileges.
How it works. After you enable EnableLinkedConnections parameter of the registry, LanmanWorkstation and LSA will check if there is the second access token associated to the session of the current user. If this token is found, the list of the mounted network drives will be copied from one token to another. Thus, the network drives mounted elevated will be seen in the standard mode, and vice versa.
mklink /D c:\docs \\dublin-fs1\docs
The access to this drive is possible both in the standard and in the elevated mode. It should be noted that one of the drawbacks of this method is that you access the shared folder as a current user. You can’t use the account of another user, unlike net use.