0

I am running Windows 10.

This is the way I understood Windows UAC:

A normal admin user has one access token for his admin account and one access token from which most of the special privileges are removed. The admin token is only used when the user explicitly confirms, that he/she wants to run an application as administrator.

My question is:

Does a program that I execute with elevated privileges really always use the same access token?

I started to doubt that because things I did as an administrator (mapping network drives) did not last after I logged off and on again. Might this be because of a mechanism in UAC that somehow prevents my elevated actions to be remembered, like that the access token always changes and therefore can't be recognized after logoff for example.

Snowfire
  • 9
  • Did you check "Reconnect after logon" or supply /PERSISTENT:YES for mounting a drive? Aside from the token it would depend on the software that actually utilizes it. – Seth Dec 05 '16 at 12:22
  • Yes, I supplied /Persistent:yes – Snowfire Dec 05 '16 at 12:24
  • Maybe consider checking whoami to see which ID you have on the elevated prompt. As far as I know the ID should always be the same. This could/would be different from the token but such things are usually not bound by the individual token. Does this always happen for your user? Is it a Domain user? – Seth Dec 05 '16 at 13:42
  • Yes it is a domain user. I tested it on a different (virtual) machine with WIndows 7 and ran into the same issue, so I think it is not only a problem with my user/machine. And yes, the ID is the same as expected – Snowfire Dec 05 '16 at 13:45
  • configure this setting: http://superuser.com/a/973650/174557 – magicandre1981 Dec 05 '16 at 17:11

0 Answers0