I'm finding that the "Enumerate Disk Drives" function is not returning
drive letters mapped to network drives under Vista, but does under XP.

I guess there is a trick to this???<G>


John Newman
Software Partners Australia

John,

Welcome to Vista <g> This is a "feature" of the User Access Control (UAC)
in both Vista and Windows 2008.

Mapped drives are associated with a logon session. All devices are
associated with an locally unique identifier (LUID) generated for each logon
session. Because mapped drives are associated with LUID, and because
elevated applications are using a different LUID generated during a separate
login event, the elevated application will no longer see any mapped drives
for this user.

The elevated and non-elevated administrator accounts have different logon
tokens and can therefore have different drive mappings.

http://support.microsoft.com/kb/937624

Hope this helps.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder 6.7
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

> Hope this helps.

I'll have to think about it<G>

Thanks


John Newman
Software Partners Australia

>> Hope this helps.
>
> I'll have to think about it<G>

:-) <g>

Friedrich

I have tried the Microsoft 'resolution', setting the appropriate
registry setting and asking the user to restart windows and try again.

This works OK for Administrator users, but not for Users elevated to
Administrator by the install. I thought this was odd, but there you go.

There seems to be no way to access the network mappings of Users.

I've been trying to detect the operator's actual status (so I can tell
them they need an Administrator, and exit), but I can only find the
function 'Installer Elevation Type', which returns 1 in both cases.

Is there a way I can determine if the current operator is in the
Administration group?

Thanks once more,

John Newman
Software Partners Australia

John,

"Get System Information (Installer Elevation Type)" returns 1 if the
installer runs elevated. That is the case if your Requested Execution Level
is set to requireAdministrator.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder 6.7
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

> installer runs elevated. That is the case if your Requested Execution Level
> is set to requireAdministrator.


Is there a way I can find out what group the operator is in?

Thanks,

John Newman
Software Partners Australia

Hi John,

>
> Is there a way I can find out what group the operator is in?
>

Again, welcome to Vista <g>. The feature is called "over-the-shoulder"
authentication. An Administrator can grant elevated privileges to a program
while a Standard User is currently logged onto the system. In other words,
Vista displays the elevation prompt and then the application operates with
the credentials of the Administrator account!! The "operator" in this case
is the Admin ;-)

Does this help?

Friedrich

> Does this help?

Not really. "The operator is the admin" doesn't seem to be entirely
correct. As I said, when I log in as an Admin operator and run the
script I get a different result (with respect to the visibility of
mapped network drives) than when I elevate to Admin.

So I wondered if I can tell these two situations apart from SB. Maybe
not.

Maybe I'll have to let the operator figure it out!

best regards,

John Newman
Software Partners Australia

>> Does this help?
>
> Not really. "The operator is the admin" doesn't seem to be entirely
> correct. As I said, when I log in as an Admin operator and run the
> script I get a different result (with respect to the visibility of
> mapped network drives) than when I elevate to Admin.
>
> So I wondered if I can tell these two situations apart from SB. Maybe
> not.
>
> Maybe I'll have to let the operator figure it out!

You have to forget about the "Login as Admin" under Vista and Windows
2008!!! There is a fundamental difference between XP and Vista/2008.
Windows Vista changes the way we use Standard Users and the Administrators
group.

When an administrative user logs on in Windows Vista (with UAC enabled), the
network drives get mapped as a "Standard User" rather than as an
"Administrative User." An application that gets launched as an
administrator may not see those mapped drives. The following happens under
Vista and Windows Server 2008. The administrator logs in and the full
administrator access token is split into two access tokens: a full
administrator and a standard user access token. The Administrator account
has significantly changed since Windows XP was released. Previously, all
processes launched by a member of the Administrators group were given
administrative privileges. Now in Vista/2008, authorization and access
control components that identify an administrator are removed during the
logon process. All processes execute with Standard User privileges, unless
specifically elevated by an administrator! The standard user access token
is used to start the desktop, the explorer.exe process, etc. Privilege
elevation allows administrators to run the majority of their applications at
a safe privilege level, but also allow processes and operations that require
administrative privileges. When an administrator "elevates" to perform some
kind of action which requires administrative access, their "split token" is
temporarily replaced with a full administrative token. They now have a
different user context and the drive mappings are also changed.

Hope this makes sense.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder 6.7
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

> Hope this makes sense.

It does, and I think I understand it in general terms, but it doesn't explain (to me!)
why I get different results depending on what user I start out logged in as.

After setting the EnableLinkedConnections value in regsitry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\System
I can display network drives in the install script when I log in as an Admin user, and
not when I log in as a 'Standard User'. There is a difference in behaviour.

Nothing I have read explains it, as far as I can see. So I just live with it I guess.

Best regards, and thanks,

John Newman
Software Partners Australia

John,

>> Hope this makes sense.
>
> It does, and I think I understand it in general terms, but it doesn't
> explain (to me!) why I get different results depending on what user I
> start out logged in as.
>
> After setting the EnableLinkedConnections value in regsitry key
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\System
> I can display network drives in the install script when I log in as an
> Admin user, and not when I log in as a 'Standard User'. There is a
> difference in behaviour.
>
> Nothing I have read explains it, as far as I can see. So I just live with
> it I guess.

I would not use the "workaround" described in the Microsoft KB937624 because
it is mentioned that it is only a fix for Administrators. And it seems not
to work for all Vista versions (it depends on a specific Vista update patch
level). But the main problem is that Vista SP1 changed the rules again so
that registry modification does not work.

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder 6.7
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

> I would not use the "workaround" described in the Microsoft KB937624 because
> it is mentioned that it is only a fix for Administrators. And it seems not
> to work for all Vista versions (it depends on a specific Vista update patch
> level). But the main problem is that Vista SP1 changed the rules again so
> that registry modification does not work.

!! Who would have guessed, the problem is Microsoft!

Thank you once more for you indefatigable assistance!

John Newman
Software Partners Australia

> I would not use the "workaround" described in the Microsoft KB937624 because

...of course this does leave me with a collossal problem. How to use a mapped
network drive in an install??


John Newman
Software Partners Australia