How to access network shares from an elevated process in Windows 7?

Question

With UAC set to the Default level, it is not possible in Windows 7 to access mapped network folders from an administrative command prompt or any other elevated process.

This leads to unwanted errors, e.g. when trying to import a *.reg file that is located on a network share. Double-clicking results in the following and rather confusing error message after accepting the UAC prompt:

Cannot import M:\sharename\settings.reg: Error opening the file. There may be a disk or file system error.

Is is possible to have the already mapped network shares also available when running with elevation? Or is there a workaround to that behavior?

Update: I know that is works to open an administrative command prompt and mount the drives using net use. This makes the share available to all elevated processes; however, doing so is not persistent and needs to be repeated after each log on.

Answer 1

In short, no. There's no supported way to copy the current set of mapped/authenticated network resources from a non-elevated context to your elevated context. For all intents and purposes, they're separate logins that you just happen to be able to interact with from the same console. Being able to communicate between elevated and non-elevated processes would kind of break the whole security purpose of keeping them separated.

However, if these network drives are mounted using the credentials of your user account (and not a separate login/password), you could try just accessing them with the UNC path instead of an actual drive mapping.

Answer 2

It's not supported, but you can set EnableLinkedConnections in the registry to achieve this. See http://support.microsoft.com/kb/937624

Although Microsoft states that this 'may make your system unsafe', we are still waiting for details on this here: http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/25cb7824-2a8d-4dbd-b802-1c64bed3a5e0?prof=required

Answer 3

I put together a simple VBScript that maps the drives that are mapped in the current session again for the elevated administrator session. After running the script the mapped drives are available to all elevated processes. This works if the current user already is a local administrator:

Option Explicit
Dim objNetwork, objShell
Dim strDriveLetter, strNetworkPath
Dim colDrives, intDrive, strDrives


If WScript.Arguments.length =0 Then
    Set objNetwork = CreateObject("WScript.Network")
    Set colDrives = objNetwork.EnumNetworkDrives

    For intDrive = 0 To (colDrives.Count -1) Step 2
        WScript.Echo colDrives.Item(intDrive) & " is mapped to: " & colDrives.Item(intDrive + 1)
        If Len(strDrives) > 0 Then strDrives = strDrives & " "
        strDrives = strDrives & " " & Chr(34) & colDrives.Item(intDrive) & Chr(34) &  " " & Chr(34) & colDrives.Item(intDrive + 1) & Chr(34) 
    Next

  If Len(strDrives) > 0 Then
      ' re-call script with elevation
      Set objShell = CreateObject("Shell.Application")
      objShell.ShellExecute "cscript.exe", Chr(34) & WScript.ScriptFullName & Chr(34) & strDrives, "", "runas", 1
    Else
        WScript.Echo "No drives Mapped."
    End If

Else
  ' elevated part
  Set objNetwork = CreateObject("WScript.Network")

  For intDrive = 0 To (WScript.Arguments.Count - 1) Step 2
        WScript.Echo WScript.Arguments(intDrive) & " is mapped to: " & WScript.Arguments(intDrive + 1)
        On Error Resume Next ' ignore already mapped drives
        objNetwork.MapNetworkDrive WScript.Arguments(intDrive), WScript.Arguments(intDrive + 1)
        On Error GoTo 0
    Next

End If

Answer 4

The ''EnableLinkedConnections'' registry setting never worked for me on Windows 7 (corporate pc). Tried it in multiple ways to no avail.

It tried the script from 0xA3 and it works flawless. Thanks for that.

To run it automatically, just write the script in a file (like remount-admin.vbs), and save that file in C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.