Access mapped drive when running as user

Question

I have a program that runs Elevated. From this program I launch other executables.

Now by default any process I create will run Elevated. So, for some programs it runs, I want them to run as if they were not elevated, as the standard user who's logged in.

The main Elevated program is running under the user account of the logged in user.

So this is what I tried

var psi = new ProcessStartInfo(Exe.GetExePath());
psi.UseShellExecute = false;
psi.RedirectStandardError = false;
psi.RedirectStandardInput = false;
psi.RedirectStandardOutput = false;
psi.WorkingDirectory = Exe.Version.GetInstallPath();
if(Exe.Elevated == false)
{
    psi.UserName = Global.Username;
    var pass = new SecureString();
    Global.Password.ToCharArray().ToList().ForEach(p => pass.AppendChar(p));
    psi.Password = pass;
}
Process = Process.Start(psi);

That works, as in the started program is not Elevated. However, it at that point loses access to all mapped network drives for some odd reason.

I even tried doing something like this Impersonating a Windows user from within the application that launches, and it also doesn't work.

So I guess I'm wondering, how can I gain back access to these mapped drives (all applications are running under the correct user).

No sorry, as I mentioned both programs are running as the user that logged in. Just the program is elevated. — Kelly Elton, Apr 29 '15 at 20:27
When you run "net use" as the elevated user, what is being returned? — AutomationNation, Jun 15 '15 at 21:27

score 0 · Answer 1 · edited Mar 20 '17 at 10:18

0

By default UAC behaviour, your elevated process runs on a different security context, so it should not be able to access any of the mapped drives, and same goes for any processes you spawn from that process. You can test this simply by running an elevated command prompt in windows; by default you have no access to mapped drives of the non-elevated session.

See these superuser questions for more details on this behaviour and possible workarounds (Changing mapped drive setup, global registry changes etc).

If changing UAC defaults or mapping creation is not an option, a possible (though complicated) workaround could be to launch your application without elevation, wait for code that needs elevation to launch your second, elevated process, and then call back to the original process (the one running in a security context with mapped drives) to do the actual launching of new applications, using an IPC method of choice (for example WCF with named pipes.)

edited Mar 20 '17 at 10:18

Community

1
1

answered Oct 29 '15 at 07:20

Tewr

3,713
1
29
43

I don't believe your answer actually answers the question. – Kelly Elton Oct 29 '15 at 14:56
TL/DR? I believe I adressed your question just after "...a possible (though complicated) workaround..." – Tewr Oct 30 '15 at 15:21
What might be missing in my answer is the fact that once you elevate a process, mappings are lost. No going back. Unless, of course, you run UAC with a non-default behaviour (I cannot know as you didn't answer the comment by @AutomationNation) – Tewr Oct 30 '15 at 15:30

Access mapped drive when running as user

1 Answers1