?
Solved

Need 2003 terminal server to ignore group policy, active directory domain, mapping drives.........

Posted on 2004-11-23
9
Medium Priority
?
334 Views
Last Modified: 2012-05-05
Hello All, Hope you can help!!!

     I have a single windows 2003 active directory domain spread accross 3 sites using 3 servers (1 at each site). I use group policy to run .vbs scripts to map users drives to the relevant servers/directories. I have build a 2003 terminal server joined to the domain as a member server that users will need to access using thier normal domain username/passwd. For the users to run the application I am running on the terminal server they need a specific drive mapped, unfortunatley when they log on to the terminal server thier usuall group policy is running, forcing thier normal .vbs scripts to run causing errors as the drive letter I need to map on the terminal server is mapped in thier normal login but to a different place. I cannot change the drive letters so I need a way to get the terminal server to ignore thier group policy settings or some magic .vbs script that can determin what server they are loggin onto & act accordingly.
0
Comment
Question by:PhotronicsBridgend
  • 6
  • 3
9 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 12656661

I'm not sure how well it works with scripts...

But if you move the Terminal Server into it's own Organisation Unit. Then create a Group Policy object for that OU which enabled Loopback Policy Processing in Replace Mode.

To do that, create a group policy, go to Computer Configuration, Administrative Templates, System and Group Policy. Then set "User Group Policy loopback processing mode" to Enabled and Replace.

Now policies set on the Terminal Server OU will overwrite any settings defined on the users policies which should allow you to apply a different script setting. All other user policies will apply as normal.

Any good?
0
 

Author Comment

by:PhotronicsBridgend
ID: 12656701
Had looked at his but wasn`t quite sure about how to implement it on the terminal server. Will give it a try..Cheers
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12656794

If it doesn't I have another way (which is via script). Which I'll post as soon as I've finished messing around with it ;)
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 12656931

Probably the easiest way to handle the script is via the Computer Name - so when you have someone log onto a specific computer you can do things differently.

There are other options such as the Operating System name, but since I don't have a Terminal Server to test it on I'm not sure that's going to be reliable.

Now to grab the computer name we have several options, it can be read from the Windows Management Instrumentation or from the list of Environmental Variables. We'll use the Environmental Variables for this example:

' This script uses the Windows Shell object to read in the Environmental Variable for
' the Computer Name

Dim objShell, objEnvVar

' Create a Shell Object

set objShell = CreateObject("Wscript.Shell")

' Read in the variables

Set objEnVar = objShell.Environment("PROCESS")

' Then check against one

If (objEnVar.Item("ComputerName") = "The-Terminal-Server") Then
    <This is where the things we want to do goes>
End If

Now how you want to implement that depends on what you have in place at the moment. One crude method is simply to tag it onto the end of your existing scripts with the script below - which basically deletes the existing mapping and makes a new one:

If (objEnVar.Item("ComputerName") = "The-Terminal-Servers-Name") Then    
    strDrive = "L:"
    strSharePath = "\\<Server>\<Share>"

    bolDrive = objFileSystem.DriveExists(strDrive)
    If (bolDrive = FALSE) Then
        objNetwork.MapNetworkDrive strDrive, strSharePath
    Else
        objNetwork.RemoveNetworkDrive strDrive
        objNetwork.MapNetworkDrive strDrive, strSharePath
    End If

End If


And just for clarity (if that's at all possible at this stage), that gives the full section of code as:

Dim objShell, objEnvVar, objFileSystem, objNetwork
Dim strDrive, strShare
Dim bolDrive

' Initialize Objects

Set objFileSystem = CreateObject("Scripting.FilesystemObject")
Set objNetwork = CreateObject("WScript.Network")
Set objShell = CreateObject("Wscript.Shell")

' Read in the list of variables

Set objEnVar = objShell.Environment("PROCESS")

' Re-map the drive if the Computer Name is the Terminal Server

If (objEnVar.Item("ComputerName") = "The-Terminal-Servers-Name") Then    
    strDrive = "L:"
    strSharePath = "\\<Server>\<Share>"

    bolDrive = objFileSystem.DriveExists(strDrive)
    If (bolDrive = FALSE) Then
        objNetwork.MapNetworkDrive strDrive, strSharePath
    Else
        objNetwork.RemoveNetworkDrive strDrive
        objNetwork.MapNetworkDrive strDrive, strSharePath
    End If

End If
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12656948

Let me know if you have any problems with that lot or need any further details. :)
0
 

Author Comment

by:PhotronicsBridgend
ID: 12664824
hay Chris, haven`t forgotten about you. Just trying to find time to test this with some (live) users. I have used the GPO route which seems to have worked well with the single test user I tried this morning . As I said need to get some actual users to test this with me which will be this afternoon.. Will let you know how it goes..PS Probably gonna use your script anyway but for something else...   ;-)  if thats OK..Cheers
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12665717

No problem at all.

Yell if the script doesn't work as you expect or it needs changing (or fixing) in any way.
0
 

Author Comment

by:PhotronicsBridgend
ID: 12673485
Worked a treat, thanks Chris ! ! You are a Gent.. Wiil sort your points out now,
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 12674043

Glad it helped :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question