I came across what I deemed a strange behavior while trying to automate a file copy on Windows 7. Perhaps someone could shed some light. Environment: Windows 2008 domain with Windows 7 clients. Scenario and facts: Goal is to copy/replace a single file in the Default profile. Because of newly implemented security configuration on the Default profile folder in Win 7 even the local admin is denied permission to override anything under that folder; not unless the copy operation is being executed under the elevated admin security token or (from my research) under the local SYSTEM account’s security context. This behavior is true when the copy operation is executed locally using either the UNC path or standard path. However the copy/override operation succeeds when it originates from a remote Windows 7 machine via UNC path (ex: \TargetWin7C$UsersDefault...TargetFolder) and this copy operation is executed using the Domain Admin account under standard, non-elevated token (note: Domain Admin account is a Local Admin on the target PC). All of the above is true when using any CLI or programmatical approach – ex: xCopy, VBS FileSystemObject.copyFile method. Question: What is the difference between executing the operation locally and doing so remotely in this case? It seems that when doing it over the network the session is treated as being with UAC “HIGHEST Privileges”. Note: THis is not a question about the missing "Copy To" button in the Profiles of Windows 7. The Default Profile is used as example - I'm only interested in the security aspect of the above.

Software/Hardware used:
Windows 7, Windows 2008 Domain