問題
我在 VMWare 中安裝了 Windows XP SP3,完全全新安裝,只安裝了一堆應用程式(瀏覽器、Office)。
當我:
- 以本機管理員身分登入
- 使用 Explorer 的 GUI 我以 X 身份連接遠端伺服器:
- 透過“開始”功能表連結啟動“命令提示字元”,方法是:
a) 手動啟動連結
b) 右鍵單擊該鏈接,選擇“運行方式...”並填寫相同使用者的憑證
前一種情況工作得很好,但在後一種情況下,cmd.exe無法訪問X::
C:\Documents and Settings\Administrator>net use
New connections will be remembered.
Status Local Remote Network
-------------------------------------------------------------------------------
Unavailable X: \\server\share\folder Microsoft Windows Network
The command completed successfully.
C:\Documents and Settings\Administrator>x:
The system cannot find the drive specified.
C:\Documents and Settings\Administrator>dir x:\
The system cannot find the path specified.
C:\Documents and Settings\Administrator>
預分析
我比較了我能找到的有關進程的各種屬性(我不確定它們是否全部相關):環境、打開句柄、打開 DLL、Process Explorer 中的“安全性”選項卡,所有這些都是相同的。
我發現的一件事是,當使用 Process Monitor 觀察嘗試時,後續的嘗試又執行了四個步驟:
"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"10:55:33.4784227 AM","cmd.exe","2792","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed"
"10:55:33.4785212 AM","cmd.exe","2792","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"10:55:33.4785569 AM","cmd.exe","2792","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"10:55:33.4786210 AM","cmd.exe","2792","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"10:55:33.4786650 AM","cmd.exe","2792","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
"10:55:33.4787131 AM","cmd.exe","2792","RegCloseKey","HKCU","SUCCESS",""
"10:55:33.4912359 AM","cmd.exe","2792","CreateFile","X:","SUCCESS","Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened"
"10:55:33.4924104 AM","cmd.exe","2792","QueryNameInformationFile","X:","SUCCESS","Name: \server\share\folder"
"10:55:33.4924860 AM","cmd.exe","2792","QueryInformationVolume","X:","SUCCESS","VolumeCreationTime: 9/6/2005 2:05:04 PM, VolumeSerialNumber: 109F-0912, SupportsObjects: True, VolumeLabel: DATA"
"10:55:33.4932539 AM","cmd.exe","2792","CloseFile","X:","SUCCESS",""
"10:55:33.4937810 AM","cmd.exe","2792","RegOpenKey","HKCU","SUCCESS","Desired Access: Maximum Allowed"
"10:55:33.4939097 AM","cmd.exe","2792","RegOpenKey","HKCU\Software\Policies\Microsoft\Control Panel\Desktop","NAME NOT FOUND","Desired Access: Read"
"10:55:33.4939451 AM","cmd.exe","2792","RegOpenKey","HKCU\Control Panel\Desktop","SUCCESS","Desired Access: Read"
"10:55:33.4940098 AM","cmd.exe","2792","RegQueryValue","HKCU\Control Panel\Desktop\MultiUILanguageId","NAME NOT FOUND","Length: 256"
"10:55:33.4940548 AM","cmd.exe","2792","RegCloseKey","HKCU\Control Panel\Desktop","SUCCESS",""
"10:55:33.4941023 AM","cmd.exe","2792","RegCloseKey","HKCU","SUCCESS",""
失敗的日誌中缺少 CreateFile、Query* 和 CloseFile 步驟。
問題
什麼會導致這樣的差異?這是一個錯誤嗎?
答案1
從 Windows XP 開始,每個LSA 登入會話(不相關的到終端機服務會話)有自己的一套驅動器號分配。如果你使用運行為...– 無論帳戶相同或不同 – 此功能仍會使用給定的憑證建立單獨的登入工作階段。
從 Windows 8 或 Server 2012(大約)開始,您可以啟用EnableLinkedConnections登錄值以HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System允許 UAC 提升的應用程式共用常規磁碟機對應。
更多的:
- MS 知識庫 937624 (2011-06-24):在 Windows Vista 或 Windows 7 中開啟使用者帳戶控制權後,程式可能無法存取某些網路位置
- MS 知識庫 3035277:當 UAC 在 Windows 中設定為「提示輸入憑證」時,無法透過提升的提示使用映射磁碟機
答案2
因為映射驅動器位於!基本上,其他用戶(您作為 RUN AS 執行的用戶)看不到它!
要獲勝,您需要嘗試先以使用者身分執行的批次中對應磁碟機。