Administrator view ALL mapped drives

Posted by kskid19 on Server Fault See other posts from Server Fault or by kskid19
Published on 2013-10-29T20:25:45Z Indexed on 2013/10/29 21:59 UTC
Read the original article Hit count: 301

In my understanding of security, an administrator should be able to view all connections to and from a computer - just as they can view all processes/owner, network connections/owning process. However, Windows 8 seems to have disabled this.

As administrator running an elevated in Win Vista+ when you run net use you get back all drives mapped, listed as unavailable. In Windows 8, the same command run from an elevated prompt returns "There are no entries in the list". The behavior is identical for powershell Get-WmiObject Win32_LogonSessionMappedDisk.

A workaround for persistent mappings is to run Get-ChildItem Registry::HKU*\Network*. This does not include temporary mappings (in my particular example it was created through explorer on an administrator account and I did not select "Reconnect at sign-in")

Is there a direct/simple way for Administrator to view connections of any user (short of a script that runs under each user context)? I have read Some Programs Cannot Access Network Locations When UAC Is Enabled but I do not think it particularly applies.

I have seen this answer, but it still does not address non-persistent drives How can I tell what network drives users have mapped?

© Server Fault or respective owner

Administrator view all mapped drives

Posted by kskid19 on Super User See other posts from Super User or by kskid19
Published on 2013-10-29T15:23:01Z Indexed on 2013/10/29 15:59 UTC
Read the original article Hit count: 302

In my understanding of security, an administrator should be able to view all connections to and from a computer - just as they can view all processes/owner, network connections/owning process. However, Windows 8 seems to have disabled this.

As administrator running an elevated in Win Vista+ when you run net use you get back all drives mapped, listed as unavailable. In Windows 8, the same command run from an elevated prompt returns "There are no entries in the list". The behavior is identical for powershell Get-WmiObject Win32_LogonSessionMappedDisk.

A workaround for persistent mappings is to run Get-ChildItem Registry::HKU*\Network*. This does not include temporary mappings (in my particular example it was created through explorer on an administrator account and I did not select "Reconnect at sign-in")

Is there a direct/simple way for Administrator to view connections of any user (short of a script that runs under each user context)? I have read Some Programs Cannot Access Network Locations When UAC Is Enabled but I do not think it particularly applies.

ServerFault has an answer, but it still does not address non-persistent drives How can I tell what network drives users have mapped?

© Super User or respective owner

Related posts about security

Related posts about network-share