0

I always accessed a network location, using UNC path (with Hidden-Share) using normal Set-Location cmdlet (see example below) which works fine, but when I run the PS session as Admin, the UNC path becomes inaccessible, can someone please explain why?

Example:

In Non-admin session:

PS C:\> cd \\srv01\c$\Temp\
PS Microsoft.PowerShell.Core\FileSystem::\\srv01\c$\Temp>  *notice: prompt changed to show remote location*

Elevated PowerShell session (Run as Administrator):

PS C:\> cd \\srv01\c$\Temp\
cd : Cannot find path '\\srv01\c$\Temp\' because it does not exist.

Thanks in advance.

Eddie Kumar
  • 1,216
  • 18
  • 20
  • 1
    See [my answer](https://stackoverflow.com/a/53396923/6811411) to a recent similar question. –  Nov 20 '18 at 16:14
  • Possible duplicate of [Vista UAC - Trouble Mapping Network Drives](https://stackoverflow.com/questions/1267085/vista-uac-trouble-mapping-network-drives) –  Nov 20 '18 at 16:14
  • Thanks for your comment, however, why do I need to alter the Windows registry to access a path that is accessible for a normal non-admin user, doesn't make sense for Admin to have more restrictive access. By default, does admin's "LinkedConnections" kept blocked? Is there a more elegant approach (other than altering the registry key? Thanks. – Eddie Kumar Nov 20 '18 at 17:22
  • 1
    Mappings you create as a user aren't by default also usable when elevating. This registry entry changes this behaviour. Maybe this can also be done with a GPO. –  Nov 20 '18 at 17:29

1 Answers1

1

Just for clarification, say your user account is member of Domain-Admin group, who has access to certain network-resources (including Hidden-shares e.g. "c$" as in UNC paths), but when you start an elevated session (i.e. an Admin-Prompt), you actually are impersonating a local-admin account, i.e. you are not seen/treated as your user account, therefore the network resources that were shared with you become inaccessible in that elevated-session (and only the resources that are accessible to the local-admin will remain available). This behaviour can be altered using the Windows registry as below:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableLinkedConnections =(dword)1

Hope this helps others.

Eddie Kumar
  • 1,216
  • 18
  • 20