When UAC is enabled, what vulnerabilities does the EnableLinkedConnections registry edit cause
Hello. I am in the process of adding windows 7 machines to a 2008 domain. I ran into a problem with my drives not mapping via a vbs logon script once I enabled UAC. I found a Microsoft article with a workaround here:http://support.microsoft.com/kb/937624 The workaround they suggest works, but right above the workaround is the ominous message:"Important This workaround may make your system unsafe. Microsoft does not support this workaround. Use this workaround at your own risk."Even after editing the registry and making this change, I am still being prompted by UAC anytime I try to install a program, change certain network settings, etc (in the GPO setting: computer configuration > windows settings > security settings > security options > User Account Control: Only elevate UIAaccess applications that are installed in secure locations - I changed the setting to disabled, so I get prompted often, which is how I want it).What exactly does this registry edit do? How does it make Windows 7 less secure? What potential vulnerability does it create?Thanks,
November 18th, 2009 8:35am

Seriously Microsoft guys, please answer this question.
Free Windows Admin Tool Kit Click here and download it now
November 19th, 2009 12:16pm

+1 I would like to know the answer to this as well.
March 3rd, 2010 6:19pm

Awaken22, Bungle,If this GPO is enabled => Applications executed from ..\Program Files\ (and subfolders) ..\Program Files (x86)\ (and subfolders, in 64-bit versions of Windows only) ..\Windows\System32\ can use UIAaccess function.If this GPO is disabled.=> applications executed anywhere can use the UIAaccess functionWhat is UIAaccess function?This article covers some great information about the UIAaccess.http://netsecurity.about.com/od/secureyourwindowspc/qt/uacuiaccess.htmBut try a GPO Preferences to map your drives this is a more easier and secure way.http://blogs.technet.com/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspxKind RegardsDFTIM me - TWiTTer: @DFTER
Free Windows Admin Tool Kit Click here and download it now
March 4th, 2010 10:21am

Thanks, that is what I wanted to know. Unfortunately, GPO Preferences is only available in server editions of Windows and/or when you are working on a domain, right? I'm on Win7 Ultimate x64 and when I type gpme.msc I just get an error. According to this link I need to download a 400Mb installer to get this feature...
March 7th, 2010 12:21am

+1 I'm interested too.My idea of a party is a virtualization server and a room of TechNet DVDs
Free Windows Admin Tool Kit Click here and download it now
March 8th, 2010 7:15pm

There is very little information/documentation regarding this setting (http://support.microsoft.com/kb/937624). But in this discussion (http://channel9.msdn.com/Shows/Going+Deep/UAC-What-How-Why#c633305694960000000) a Microsoft employee says this: Technically, it opens a small loophole since non-elevated malware can now "pre-seed" a drive letter + mapping into the elevated context -- that should be low-risk unless you end up with something that's specifically tailored to your environment.
May 15th, 2012 4:51am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics