Turns out to be a UAC related issue. As explained in MS KB 937624, with UAC enabled, users with administrative membership are logged in with two access tokens, restricted and administrative. When the logon script runs, it runs with the administrative token. When the desktop starts, it starts with the restricted token. Because the two events were started with different access tokens, it's like two different users logged on. They can't see each others drives.
So, the fix is to enable "EnableLinkedConnections". In the registry, set it this way:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -This "links" the connections made with one access token to another.
EnableLinkedConnections =(dword)1
No comments:
Post a Comment