CSI_ForceUNCRef: Elevating a Script When It Is Running From a Drive Letter Print E-mail

Windows 7 does not preserve drive letter mappings when a Protected Admin elevates to their full admin token.  This can be a pain when triggering elevation from a script that has started from a network mapped drive letter.  Here is a simple VBScript function to get around this problem.

As a part of the VBScriptUACKit I have written a function which will cause a script to self-elevate by calling itself using the ShellExecute method of the Shell.Application object.  The following code is a simplified version:

Set oShell = CreateObject("Shell.Application")
oShell.ShellExecute wscript.scriptfullname, “”, “runas”, 2

If, however, the script is running from a network attached drive letter, the drive letter will no longer be present and the second line of the script will fail.

Like this script? Subscribe to our newsletter (without loosing your place in this article).
captcha
(Please ensure that the confirmation email clears your spam filter so that you will see future mailings.)

The new script function CSI_ForceUNCRef takes a path reference and if it is a network mapped drive letter, it will transform it into a UNC.  The path can contain a file name or may only contain folder names.  If the path is not a network mapped drive letter, then the function will simply return the same path back – this way the function can be used safely on any path without having to validate whether it is a network mapped drive reference or not.

If we amend the code to use this function, would look like this:

Set oShell = CreateObject("Shell.Application")
oShell.ShellExecute CSI_ForceUNCRef(wscript.scriptfullname), “”, “runas”, 2

As with any script that is running from a UNC, the script cannot depend on a “Current Directory” being established as UNC execution does not establish a current directory.

Another way around this is to set the DWORD registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLinkedConnections" to “1”.  The script function has the advantages that your script execution won’t be be dependent on the key being set correctly and you will not need to take the security risks of turning on this setting.

Attachments:
Download this file (CSI_ForceUNCRef.zip)CSI_ForceUNCRef.zip[ ]1 Kb