|CSI_ForceUNCRef: Elevating a Script When It Is Running From a Drive Letter|
Windows 7 does not preserve drive letter mappings when a Protected Admin elevates to their full admin token. This can be a pain when triggering elevation from a script that has started from a network mapped drive letter. Here is a simple VBScript function to get around this problem.As a part of the VBScriptUACKit I have written a function which will cause a script to self-elevate by calling itself using the ShellExecute method of the Shell.Application object. The following code is a simplified version:
If, however, the script is running from a network attached drive letter, the drive letter will no longer be present and the second line of the script will fail.
The new script function CSI_ForceUNCRef takes a path reference and if it is a network mapped drive letter, it will transform it into a UNC. The path can contain a file name or may only contain folder names. If the path is not a network mapped drive letter, then the function will simply return the same path back – this way the function can be used safely on any path without having to validate whether it is a network mapped drive reference or not.
If we amend the code to use this function, would look like this:
As with any script that is running from a UNC, the script cannot depend on a “Current Directory” being established as UNC execution does not establish a current directory.
Another way around this is to set the DWORD registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLinkedConnections" to “1”. The script function has the advantages that your script execution won’t be be dependent on the key being set correctly and you will not need to take the security risks of turning on this setting.