Share via

UAC issue when moving files between shells ?

Reprobus R 21 Reputation points
2022-07-19T03:34:25.203+00:00

I was hoping someone could help me understand with regards to UAC and moving files or copying files. I have mapped a drive as an administrator and I can move and copy a file from a mapped drive to Program Files using Windows File Manager which is usually a restricted folder from a standard user. Although when I try to move or copy a file when logged in as an Administrator using Robocopy or Powershell, PowerShell does not see the mapped network drive, rather it doesn't exist; but as a standard user, it does exist ? Meanwhile Robocopy won't move or copy the file at all as a standard user or administrator user using a UNC path ?

How can I move or copy files using Powershell or Robocopy when logged in as both a standard and administrator user without getting in either case; Access Denied or UnauthorizedAccessException ?

Windows for business Windows Client for IT Pros Networking Network connectivity and file sharing
0 comments

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,916 Reputation points
    2022-07-19T15:30:34.657+00:00

    Hi there,

    When User Account Control (UAC) is enabled, if you run a program as Administrator (elevated), you can't see network drives as user unless a registry setting is changed to allow it. This is because the mapped drives were created under a login different from the administrator login.

    Under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, create or set the EnableLinkedConnections value (a DWORD 32-bit number) to 1.

    I hope this information helps. If you have any questions please let me know and I will be glad to help you out.

    --------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer--

  2. Reprobus R 21 Reputation points
    2022-07-26T02:52:45.393+00:00

    I have this key; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System > EnableLinkedConnections set to 1; although it has made no change ?

  3. Reprobus R 21 Reputation points
    2022-07-27T03:14:50.597+00:00

    Although that is not what the issue is; the issue, the issue is moving a file to Program Files even if prompt for administrator privileges that is otherwise denied. As I mentioned in my original post, I can move a file using File Manager as a standard (local) user but it won't move as an Administrator, that is what I want to resolve.

    0 comments
  4. MotoX80 36,291 Reputation points
    2022-07-27T16:23:13.62+00:00

    I can move a file using File Manager as a standard (local) user but it won't move as an Administrator

    Have you changed permissions on Program Files?

    Here I have launched 2 command prompt windows. Note that one says "Administrator" and the other does not. In the admin window, I am able to create a file named text.txt. In the standard user window, I get access denied. In the permissions I see that Administrator has full control, the "(F)". Users only have read and execute, the "(RX)".

    If you run the same commands that I did and get the same results, then your issue is the permissions on the source file that you are trying to move/copy. In that case you will need to grant access to whatever account cannot access the file.

    If this reply doesn't help you, then please share the permissions (icacls) on the source file and the destination folder.

    In general, I would recommend that you DO NOT put user files in "C:\Program Files". That folder should be reserved for installed applications.

    225393-image.png

    0 comments
  5. Reprobus R 21 Reputation points
    2022-09-09T14:48:53.067+00:00 
    C:\Program Files NT SERVICE\TrustedInstaller:(F)  
                 NT SERVICE\TrustedInstaller:(CI)(IO)(F)  
                 NT AUTHORITY\SYSTEM:(M)  
                 NT AUTHORITY\SYSTEM:(OI)(CI)(IO)(F)  
                 BUILTIN\Administrators:(M)  
                 BUILTIN\Administrators:(OI)(CI)(IO)(F)  
                 BUILTIN\Users:(RX)  
                 BUILTIN\Users:(OI)(CI)(IO)(GR,GE)  
                 CREATOR OWNER:(OI)(CI)(IO)(F)  
                 APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(RX)  
                 APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)  
                 APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(RX)  
                 APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(OI)(CI)(IO)(GR,GE)

    This is the permissions I have for my Program Files folder. I understand it's best not to write to this folder, although; is there any way to which I can temporarily write to this folder or any sub-folder within it. Then disable it within command or even Powershell ?

    I'm attempting to use icacls to change the permission of a sub-folder of Program Files for example; but I get the error, access is denied.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.