none
When UAC is enabled, what vulnerabilities does the EnableLinkedConnections registry edit cause

    Question

  • Hello. I am in the process of adding windows 7 machines to a 2008 domain. I ran into a problem with my drives not mapping via a vbs logon script once I enabled UAC. I found a Microsoft article with a workaround here:

    http://support.microsoft.com/kb/937624

    The workaround they suggest works, but right above the workaround is the ominous message:

    "Important This workaround may make your system unsafe. Microsoft does not support this workaround. Use this workaround at your own risk."

    Even after editing the registry and making this change, I am still being prompted by UAC anytime I try to install a program, change certain network settings, etc (in the GPO setting: computer configuration > windows settings > security settings > security options > User Account Control: Only elevate UIAaccess applications that are installed in secure locations -  I changed the setting to disabled, so I get prompted often, which is how I want it).

    What exactly does this registry edit do? How does it make Windows 7 less secure? What potential vulnerability does it create?

    Thanks,
    Wednesday, November 18, 2009 1:35 PM

All replies

  • Proposed as answer by Mr. Bungle Sunday, March 07, 2010 5:21 AM
Thursday, March 04, 2010 3:21 PM
  • Thanks, that is what I wanted to know.   Unfortunately, GPO Preferences is only available in server editions of Windows and/or when you are working on a domain, right?  I'm on Win7 Ultimate x64 and when I type gpme.msc I just get an error.  According to this link I need to download a 400Mb installer to get this feature...
    Sunday, March 07, 2010 5:21 AM
  • +1 I'm interested too.
    My idea of a party is a virtualization server and a room of TechNet DVDs
    Tuesday, March 09, 2010 12:15 AM
  • There is very little information/documentation regarding this setting (http://support.microsoft.com/kb/937624). But in this discussion (http://channel9.msdn.com/Shows/Going+Deep/UAC-What-How-Why#c633305694960000000) a Microsoft employee says this:

    Technically, it opens a small loophole since non-elevated malware can now "pre-seed" a drive letter + mapping into the elevated context -- that should be low-risk unless you end up with something that's specifically tailored to your environment.

    Tuesday, May 15, 2012 8:51 AM