UAC strikes again!

If you use Group Policy to push logon scripts to your workstations AND your users are local administrators AND you just upgraded to Windows 7, you may have noticed that your scripts don’t work. You may have also noticed there are a plethora of suggested fixes out on the internet. Most ask you to enable or disable some obscure GPO settings – and if you see 1058 GroupPolicy errors in the Event Viewer, you may need to do some of that. However, the reality is – even if you tweak the GPO to death – your scripts still will not run. The problem is not on the server side – it is with the Windows 7 workstation. Even though you have elevated your users to local admin status, Windows still treats them like Standard Users over the network. Therefore, UAC wants to prompt the user for permission to run the script but since they are not fully logged in they never get a prompt and the script is bypassed. Nice job, Microsoft.

I think they are a little embarrassed because I could only find one tiny MS reference to the issue which, fortunately, included a fix:

Some Programs Cannot Access Network Locations When UAC Is Enabled

The fix is simple and involves adding a registry key and DWORD value:

Open REGEDIT and find this key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

And create a DWORD value:

EnableLinkedConnections  and set it a value of “1”

That’s it. Reboot, and if there are no other network issues, your logon script should run as expected.

Enjoy!