none
User Account Control with Mapped Network Drive and Line of Business Software

    Question

  • I have a new server running Windows Small Business Server 2011 Essentials with two (2) local desktop workstations (one XP and one Win7),  three (3) Win7 laptops which sometimes run locally and sometimes remotely (planning to set up VPN or buy Multipoint).  Once my main office problems are resolved there will be a satellite office running 1 desktop and 2+ laptops that will also be mapped to the main office server.

    My new line of business software (Eclipse by Galactek) runs from a mapped drive (source drive on server) and requires the root of the drive to be shared (I have a partition "D:\" for this on the server which is separate from the OS).  The path on the client must be Z:\MPN to run the software.

    My problem is that on the Windows 7 machines I have to turn User Account Controls to "Off" for the Line of Business software to recognize that the mapped drive is set up properly.  If UAC is not "off", the software sees the path to the Line of Business software as \\Server\Eclipse\MPN and will spit out errors.  Here is the workstation setup guide that comes with the LOB software (http://www.galactek.com/supportarea/howto/docs/eclnet.pdf). Is there a way to configure UAC to "off" only for activities which involve the mapped drive? All users who need it have full read/write permissions on the server's D:\ drive which is mapped on the workstations but not all users are admins locally or on the domain.

    There was a suggestion to someone else with a similar UAC / mapped drive problem to use a "net share" command but I would need some guidance on how and where to set that up.

    Any thoughts or suggestions here would be appreciated as I tend not to like removing layers of security on all of the workstation computers (especially the laptops which wander into untrusted networks and could be used to access HIPPA protected confidential information).

    Thank you in advance for your suggestions.

    FYI - My Knowledge Base/Skills
    Computer building/repair - moderate
    Computer software & troubleshooting - moderate
    Networking and Admin - newbie/only what I can read online
    Wednesday, February 15, 2012 10:09 PM

All replies

  • Are you running the application via the shortcut that their documentation says to create? Does it work if you just run Z:\MPN\exclipse32.exe directly?


    Regards qSilverx

    Thursday, February 16, 2012 3:31 PM
  • Thank you for your response qSilverx.  Apparently I did not state my problem clearly

    The line of business application (Eclipse Practice Management) works properly from either a desktop shortcut or directly from Z:\MPN\Eclipse32.exe with UAC set to OFF.  The problem lies in the fact that the only way to make the program work properly is to turn User Account Control levels to OFF and I don't like setting all of the client PC's to UAC "OFF" (especially the laptops).  I wanted a workaround to keep UAC on default except when running the Eclipse software. Any help with this would be greatly appreciated!

    When UAC is at the default level, regardless of whether it is launched from the desktop or from the Z:\MPN location it reads the file path as the UNC path \\servername\Eclipse\MPN.  I don't know why UAC affects the software in this way but apparently it is a known error that Galactek (makers of Eclipse) have no immediate plans to correct.  

    (ALSO, Please don't suggest that I should choose a different 3rd party software as a solution)

    I look forward to more suggestions.


    FYI - My Knowledge Base/Skills Computer building/repair - moderate Computer software & troubleshooting - moderate Networking and Admin - newbie/only what I can read online

    Thursday, February 16, 2012 8:57 PM
  • To resolve this issue, please refer to:

    Some Programs Cannot Access Network Locations When UAC Is Enabled
    http://technet.microsoft.com/en-us/library/ee844140(v=ws.10).aspx


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

    • Proposed as answer by qsilverx Friday, February 17, 2012 11:15 AM
    • Unproposed as answer by PDLFPCC Friday, February 17, 2012 6:09 PM
    Friday, February 17, 2012 11:01 AM
    Moderator
  • Thanks Arthur,

    I appreciate you pointing me in the right direction.  I have a follow-up questions/assumptions...

    This solution should work seamlessly for me (domain admin) but how will it work for users who do not have admin priveledges?  Those users will not have the dual tokens correct?  So I would still need a script to run the program as an admin with an autosignin every time?  If my assumptions are correct can I get a walkthrough on how to set this script up for non admin users?


    FYI - My Knowledge Base/Skills Computer building/repair - moderate Computer software & troubleshooting - moderate Networking and Admin - newbie/only what I can read online

    Friday, February 17, 2012 6:09 PM
  • To resolve this issue, please refer to:

    Some Programs Cannot Access Network Locations When UAC Is Enabled
    http://technet.microsoft.com/en-us/library/ee844140(v=ws.10).aspx


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

    Well, I tested the technet post and it DOES NOT solve the line of business software's problem with UAC being turned on.  With the registry edit and UAC turned back to recommended settings I launched Eclipse but the data path Eclipse showed in the title bar was \\servername\Eclipse\MPN which does not allow the software to run properly.  It MUST show Z:\MPN reflecting the mapped network drive to run properly. 

    I am back to looking for a work around that changes the UAC setting for one program only.  Please let me know if this is possible.


    FYI - My Knowledge Base/Skills Computer building/repair - moderate Computer software & troubleshooting - moderate Networking and Admin - newbie/only what I can read online

    Saturday, February 18, 2012 3:38 PM
  • I'm wondering if this has something to do with the way that Windows attempts to resolve shortcuts. I performed the following

    1) Mapped network drive Z: to \\server\share

    2) created shortcut to executable Z:\ABC.exe

    3) ran shortcut - everything works

    4) disconnected Z: drive

    5) ran shortcut - everthing worked and shortcut changes to UNC paths

    Enabled the following GPO settings

    User Configuration\Administrative Templates\Start Menu and Taskbar\Do not use the search-based method when resolving shell shortucts
    User Configuration\Administrative Templates\Start Menu and Taskbar\Do not use the tracking-based method when resolving shell shortucts 
    User Configuration\Administrative Templates\Windows Components\Windows Explorer\Do not track Shell shortcuts during roaming

    Performed the same tests as above except this time step 5 failed as it could not find executable (e.g. could no resolve to UNC)

    You might find that you only need one of the above GPO settings to get the same effect.

    No I know this is not exactly an accurate test but it might work.

    Subsequently, from your post, it sounds as if this executable needs to run with Admin priviledges and the only way that you can do this is for the user to have the ability to run an executable evevated (either by having admin rights or another account they could use). If the app does need admin rights, do you know why? Could something either be relaxed or could file/registry virtualisation allow the application to work.


    Regards qSilverx

    Friday, February 24, 2012 10:57 AM
  • Thanks again qSilverx,

    I have Win7 Home Premium which does not have a group policy editor.  I have been planning to upgrade to Win7Pro so this is a good excuse.  It will probably be a couple of weeks before I get around to it though.  I will keep you posted.


    FYI - My Knowledge Base/Skills Computer building/repair - moderate Computer software & troubleshooting - moderate Networking and Admin - newbie/only what I can read online

    Friday, February 24, 2012 7:59 PM