Problem with "net use" under "as administrator"

  • Thread starter Thread starter =?iso-8859-1?Q?Markus_G=F6mmel?=
  • Start date Start date
?

=?iso-8859-1?Q?Markus_G=F6mmel?=

Hello,

when I'm connecting to some share in the network under my normal account
(admin account with UAC enabled), and I'm looking in to a shell, I see the
following:

Status Local Remote Network

-------------------------------------------------------------------------------
OK M: \\zaphod\mgoemmel Microsoft Windows Network
OK S: \\zaphod\data Microsoft Windows Network
OK T: \\zaphod\trash Microsoft Windows Network
OK X: \\zaphod\work Microsoft Windows Network
The command completed successfully.

Looks fine. But now I have some programs which need an admistrator
environment, so I have to start them with "As Administrator". But these
programs are not able to use these drive letters (M:, S:, T:, X:). When I'm
starting a shell also using "As Administrator", it looks like the following:

Status Local Remote Network

-------------------------------------------------------------------------------
Unavailable M: \\zaphod\mgoemmel Microsoft Windows
Network
Unavailable S: \\zaphod\data Microsoft Windows
Network
Unavailable T: \\zaphod\trash Microsoft Windows
Network
Unavailable X: \\zaphod\work Microsoft Windows
Network
The command completed successfully.

Using a "net use" command again in this shell switches the status from
"Unavailable" to "OK" again, but after a machine restart they went to
"Unavailable" again.

Any idea what I have to do to also register these drive letters under Admin
environment too?

Thanks for helping

Markus Gömmel
(e-mail address removed)
 
I don't have a solution specifically, but here's a couple of suggestions.

1. many applications (programs) don't work with a "normal" user account
merely because, as part of normal operation, they update data files in
folders normal users don't have permission to update. Typically, this is
the application's installation folder under Program Files. For these
applications, granting the "Users" group Modify permission to the
application's folder under Program Files, or in some cases, only certain
subfolders, makes it possible for normal users to use the application.
Sometimes, the same thing applies specific registry entries in the
HKEY_LOCAL_MACHINE hive as well.

Unfortunately, despite the fact that this has been "bad design" since
Windows 95 or earlier, there are still many applications out there that have
this requirment.

The tools, "filemon" and "regmon" from Microsoft (System Internals was
recently purchased by Microsoft) at
http://www.microsoft.com/technet/sysinternals/systeminformationutilities.mspx
can help track down which folders or registry entries an application is
trying to create or change that the user does not have Modify permission
for.

2. logon using an account that is not a member of the local Administrators
group, then use the "runas" command to launch the application. Or create a
..cmd file that includes the required net use commands then launches the
application and run that command file from a Command Prompt window that has
been "elevated".

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.
 
Hm, that's all clear, but I think there must be a solution to bring network
shares into the admin environment which lives longer than a reboot...

Any more ideas?

Markus
 
create a .cmd file with the needed net use commands (no password) and use
the Srvany.exe command to create/name and then specify the account with the
appropriate permissions to run the command... I would place a sleep call
in the .cmd file that would have it run again every few hours/minutes ??

http://support.microsoft.com/kb/137890
 
Wow, the ideas increases in strangeness ;-) But nevertheless thanks for it,
cause it would work, you are right.

But to make it really clear to me, cause I cannot believe it, is some MVP
here who can confirm that this is not possible with system methods???

Thanks a lot!

Markus
 
It's pretty hard to prove a negative! However, there are some glitches
(design flaws? bugs?) with UAC when Vista is in a Domain and you need local
Administrative rights/permissions. I've found, in general, things work
better/easier in a Domain if I logon with a Domain user account that is NOT
a local Administrator and use Run as Administrator when required and supply
another Domain user account that is a local Administrator.

Definitely a bit of a workaround, but seems to work better than logging on
with a Domain user account that is a member of the local Adminstrators group
and using the "elevation" to get the administrative rights/permissions when
needed.

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.
 
Thanks for answering again!

I'm not working in a domain, my machine is only connected by a workgroup
name. But I will try if the problem will change if I login with an account
not part of Local Administrator.

Thanks

Markus
 
Back
Top