Knowledge Base


Die folgenden Inhalte sind leider nicht auf Deutsch verfügbar.

Frage / Problem

I cannot see any network drives in TreeSize! How do I enable "Linked Connections" as referred to in your product F.A.Q.?

Antwort / Lösung

The "EnableLinkedConnections" registry entry enables Windows Vista and high to share network connections between the filtered access token and the full administrator access token for a member of the Administrators group. After you configure this registry value, the Local Security Authority (LSA) checks whether there is another access token that is associated with the current user session if a network resource is mapped to an access token. If LSA determines that there is a linked access token, it adds the network share to the linked location.
To configure the EnableLinkedConnections registry value, follow these steps:
1.  Click Start , type regedit in the Start Search box, and then press Enter.
2.  Locate and then right-click the following registry subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
3.  Point to New , and then click DWORD Value .
4.  Type EnableLinkedConnections , and then press Enter.
5.  Right-click EnableLinkedConnections , and then click Modify .
6.  In the Value data box, type 1 , and then click OK .
7.  Exit Registry Editor, and then restart the computer.

Important: Using this workaround is a potential security risk and therefore not recommend by Microsoft. Use the workaround at your own risk.

More details:

Forum posts regarding this issue:
("... cause LSA to copy drives mapped from by either one of the users' tokens into the context of the other token. This allows drives mapped with the elevated token to be visible to the restricted token and the converse. ...")
("... Technically, it opens a small loophole since non-elevated malware can now "pre-seed" a drive letter + mapping into the elevated context -- that should be low-risk unless you end up with something that's specifically tailored to your environment. ... ")
("... Doing that is a really bad idea. You’re merging two different security contexts, and disabling a security feature that Microsoft went out of their way to design. It’s not solving a problem, it’s setting up a huge one for later. ..."