Windows 8.1 and NET USE

Started by mcvpjd3, December 05, 2013, 07:36:53 AM

Previous topic - Next topic

mcvpjd3

Hi all, I've written our login script in Winbatch and it works fine on all out XP and Win7 PC. I've got a Win8.1 PC and I'm having some issues.

Basically there is some sort of issue with the NET USE command in Windows 8.1 which I seem to have come up against. The Net use command doesn't allways work when run as an administrator. I've tested this on the PC I have and bacially if I open an administrator command prompt and try to map a drive with the net use command, it tells me it worked, but nothing happens. If I do the same with a non-admin CMD then it works fine and I get the drive mapped.

My login script basically maps the drive using these few line (the login script is actually very large and complex, but the drive mapping bit is quite simple):


adminvol="\\myserver\Myshare"
qparam=strcat("/c net use q: ",adminvol," /persistent:no")
runhide(Environment("COMSPEC"),qparam)


So it's not as if it's calling cmd as admin, but all users are administrators of their PC's, is there some way around this?

Thanks

td

Every user process on a system has a security id associated with its access token. Administrators have 2 access tokens. One is the elevated token used when the admin is elevated and other is a restricted token used when the admin is not elelvated.  The two access tokens have different security ids.  This is important when mapping drives because by default the OS associates a mapped drive with a security id and only permits processes with the same id to see the mapped drive.  The difference between Windows 8 and previous versions of Windows is that on 8.1 an admin account uses the restricted token even when UAC prompting is turned off unless the process's executable is manifest to run elevated or the process is explicitly started as elevated.

Here is a tech. supt. article with some possible solutions to your problem

http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/tsleft.web+WinBatch/UAC+Mapped~Drives~Issue~with~UAC.txt
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

td

Another interesting feature of 8.1 is that logon scripts are by default delayed so they don't run immediately when the user logs on.  Obviously, this can have an impact, if a user attempts to access a mapped drive immediately after login.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

ChuckC

A question to the O.P. regarding the code snippet from the login script:

Why shell out and execute the NET USE command in an instance of CMD.EXE when you can simply connect a network drive letter directly from within your WinBatch script by using the functions in the Win32 Network [a.k.a "NT"] extender?  Keeping the functionality entirely within the script allow for much better error handling, etc..., and simplifies things.

mcvpjd3

Just to let you know, using the registry change  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections =(dword)1 worked for me. Thanks

@ ChuckC

I wrote this quite a while ago, I'm sure I must have had a reason for using the net use command - just can't remember why. Next time I need to make some big changes to it - I'll probably try get rid of the net use commands. :-)

Thanks

DAG_P6

Another weakness of NET USE is that it fails if the resource is already mapped, leaving the original mapping intact. For example, if I first do NET USE J: \\MyServer1\MyShare1, and later do NET USE J: \\MyServer2\MyShare2, without an intervening NET USE J: /delete. While the error can be trapped by the shell script, there is no foolproof way to tear down the existing mapping. If anything else is using the mapped resource,  NET USE J: /delete halts with a prompt that requires a response from the keyboard. I am unaware of any practical means to automatically answer this prompt, even if you are willing to risk doing so.
David A. Gray
You are more important than any technology.