问题
我在 VMWare 中安装了 Windows XP SP3,是全新安装的,只安装了一堆应用程序(浏览器、Office)。
当我:
- 以本地管理员身份登录
- 使用 Explorer 的 GUI,我以 X 身份连接远程服务器:
- 通过“开始”菜单链接启动“命令提示符”,方法如下:
a) 手动启动链接
b) 右键单击链接,选择“以...身份运行”并填写同一用户的凭据
前一种情况工作正常,但在后一种情况下,cmd.exe无法访问X::
C:\Documents and Settings\Administrator>net use
New connections will be remembered.
Status Local Remote Network
-------------------------------------------------------------------------------
Unavailable X: \\server\share\folder Microsoft Windows Network
The command completed successfully.
C:\Documents and Settings\Administrator>x:
The system cannot find the drive specified.
C:\Documents and Settings\Administrator>dir x:\
The system cannot find the path specified.
C:\Documents and Settings\Administrator>
预分析
我比较了我能找到的有关进程的各种属性(我不确定它们是否所有相关):环境、打开的句柄、打开的 DLL、进程资源管理器中的“安全”选项卡,它们都是相同的。
我发现的一件事是,当使用进程监视器观察尝试时,后续尝试又执行了四个步骤:
"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"10:55:33.4784227 AM","cmd.exe","2792","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed"
"10:55:33.4785212 AM","cmd.exe","2792","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"10:55:33.4785569 AM","cmd.exe","2792","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"10:55:33.4786210 AM","cmd.exe","2792","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"10:55:33.4786650 AM","cmd.exe","2792","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
"10:55:33.4787131 AM","cmd.exe","2792","RegCloseKey","HKCU","SUCCESS",""
"10:55:33.4912359 AM","cmd.exe","2792","CreateFile","X:","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"10:55:33.4924104 AM","cmd.exe","2792","QueryNameInformationFile","X:","SUCCESS","Name: \server\share\folder"
"10:55:33.4924860 AM","cmd.exe","2792","QueryInformationVolume","X:","SUCCESS","VolumeCreationTime: 9/6/2005 2:05:04 PM, VolumeSerialNumber: 109F-0912, SupportsObjects: True, VolumeLabel: DATA"
"10:55:33.4932539 AM","cmd.exe","2792","CloseFile","X:","SUCCESS",""
"10:55:33.4937810 AM","cmd.exe","2792","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed"
"10:55:33.4939097 AM","cmd.exe","2792","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"10:55:33.4939451 AM","cmd.exe","2792","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"10:55:33.4940098 AM","cmd.exe","2792","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"10:55:33.4940548 AM","cmd.exe","2792","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
"10:55:33.4941023 AM","cmd.exe","2792","RegCloseKey","HKCU","SUCCESS",""
失败的日志中缺少 CreateFile、Query* 和 CloseFile 步骤。
问题
什么原因导致这种差异?这是一个错误吗?
答案1
从 Windows XP 开始,每个LSA 登录会话(不相关的到终端服务会话)有自己的一套驱动器号分配。如果您使用以...身份运行– 无论帐户相同还是不同 – 该功能仍会使用给定的凭据创建单独的登录会话。
从 Windows 8 或 Server 2012(大约)开始,您可以启用EnableLinkedConnections注册表值以HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System允许 UAC 提升的应用程序共享常规驱动器映射。
更多的:
- MS KB 937624(2011-06-24):在 Windows Vista 或 Windows 7 中打开用户帐户控制后,程序可能无法访问某些网络位置
- MS KB 3035277:当 UAC 在 Windows 中配置为“提示输入凭据”时,无法通过提升的提示符使用映射驱动器
答案2
因为映射驱动器是基于!每个用户!的,所以其他用户(您以该用户身份运行)看不到它!
要想获胜,您需要首先尝试以用户身份运行的批处理中映射驱动器。