TLDR: A Microsoft confirmou um caso em que o EnableLinkedConnections não funcionará. Isso ocorrerá se o UAC exigir uma senha antes de executar um programa elevado (por exemplo, executar como administrador).
Symptoms
This issue occurs when the following conditions are true:
You use Group Policy Preference (GPP) or logon scripts to map network drives during logon.
User Account Control (UAC) is enabled.
The following UAC Group Policy setting is configured to Prompt for credentials:
- User Account Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode
The EnableLinkedConnections registry entry is configured. See the detail to configure the registry entry.
Under these conditions, you experience the following situation:
- When you log on, mapped drives are available as expected. When you run an elevated command prompt as administrator, the mapped drives are unavailable in the elevated command prompt.
Note This issue also affects other applications that run in an elevated context (run as administrator) and use drive letters to access mapped drives.
Cause
When UAC is enabled, the system creates two logon sessions at user logon. Both logon sessions are linked to one another. One session represents the user during an elevated session, and the other session where you run under least user rights.
When drive mappings are created, the system creates symbolic link objects ("DosDevices") that associate the drive letters to the UNC paths. These objects are specific for a logon session and are not shared between logon sessions.
Note The EnableLinkedConnections registry entry forces the symbolic links to be written to both linked logon sessions that are created, when UAC is enabled.
When the UAC policy is configured to Prompt for credentials, a new logon session is created in addition to the existing two linked logon sessions. Previously created symbolic links that represent the drive mappings will be unavailable in the new logon session.
Workaround
To work around this issue, follow the steps in one of the following methods:
Method 1
In Local Group Policy Editor, locate the following Group Policy path:
Local Computer Policy\Windows Settings\Security Settings\Local Policies\Security Options
Configure the following policy to Prompt for consent:
User Account Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode
Method 2
Map the required drives again in the elevated session, for example, by using a .bat script file.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Um link para um boletim semelhante foi fornecido em um comentário acima, mas não parece ser para usuários de inglês; o link nesta resposta deve ser para o idioma inglês.