Can't get User Impersonation to work with network drive

Question

0.00/5 (No votes)

See more:

Ok I'm trying to get the following to work with VS 2010 & Win 2K8 Server:

[Security] - User Impersonation[^]

If I use a local folder it works fine, but when I choose a network mapped drive I get the following:

CSS

Result:
        Failed to open the file, error: 3
        The system cannot find the path specified.

I have coded in the user name, password, domain and file and made the following change in main:

XML

// We support a user name, password, domain (optional) and filename (optional)
if((argc < 3) || (argc > 7))
{
    Usage();
    //return 0;
}

The reason I'm trying to get this to work is we are working on implementing security for our network (There's an idea huh), and our senior programmer likes to have everything is one big giant directory so we are trying to restrict user access to certain folders, but by doing so our applications won't work. So we would like to give the application the "rights to do so" and this seems like the best way, but I can't get it to work on mapped drives.

Not sure if it matters but this is in a terminal services enviroment.
Thanks in advance!!

Posted 1-Sep-11 2:38am

MacRaider4

Updated 1-Sep-11 4:48am

v3

Add a Solution

Comments

MacRaider4 1-Sep-11 12:44pm

Ok, I figured out one issue and that is if I use the UNC path it does work... I forgot to take out the : after the $ before. The big downside is I'd have to change every instance in every application to the UNC vs the mapped drive letter (pretty time consuming). Any one have any other ideas?

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

SSNair · Answer 1 · 2012-10-03T02:28:00

Solution 2

A mapped drive created by a application running under the local system account is visible to all logon sessions. So if you want to the mapped drive to be visible under the impersonated user context create it as mentioned.

Posted 3-Oct-12 2:28am

SSNair

Jason Gleim · Answer 2 · 2011-09-02T03:44:00

Solution 1

UAC is likely your problem. By default, network drives mapped in a user session are NOT mapped into administrative space(or other user space for that matter). You have to enable "linked" connections on the client by setting the following key: (This should work on term server as well)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLinkedConnections"=dword:00000001

Once you do that, drives mapped in user space will be available in admin space and your code should work.

The same sort of thing happens if you try to copy from a mapped drive to another mapped or local location where privilege elevation has to occur. Without the linked connections, you'll get a 'path not found' error and the only way to make the copy go is to switch from a named drive to a UNC path. This key fixes that problem as well.

HTH,
Jason

Posted 2-Sep-11 3:44am

Jason Gleim

Comments

MacRaider4 2-Sep-11 9:57am

I'm not seeing anything about Linked Connections in that part of the registry. I checked both as myself and as the servers administrator account.
It's so much fun doing things wrong for so many years and then trying to do things the right way.

Jason Gleim 2-Sep-11 10:14am

If the key doesn't exist, add it. Copy and paste this into a file and name it "linkedconnections.reg" Then run it from an admin account.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLinkedConnections"=dword:00000001

MacRaider4 14-Sep-11 12:27pm

Sorry been busy with 12,000 different things...
ok so we have kinda gotten this to work. However a lot of what we do uses spawn (wspawnlp) of which we are able to get the application to spawn but that "application" isn't able to see the directory so the spawned process isn't inheriting the permissions.
Does this mean we'll have to have the impersonation in each and everything we write that a user may use? Or is there something we're missing with the impersonation?