[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Mapped drive GPO not working

Posted on 2006-04-18
14
Medium Priority
?
703 Views
Last Modified: 2008-02-01
Ok,
I have used GPOs before, but I cannot get one to map a network driver for me using a luser ogin script.
1. I have run gpupdate on the target machine
2. The Event Viewer on the target machine indicates Event ID 1704, Security Policy in the Group Policy Objects container has been applied successfully.
3. The  Group Policy Management's Group Policy Results indicates that the login script GPO was Applied Successfully.
4. The network share is available, as I manuall tested it from the target GPO machine.
5. The permissions are ok to establish the share.
6. I ran the userenv debug by making Registry changes, and I get the following text, indicating success:
USERENV(6a0.fc0) 17:02:12:637 ProcessGPO:  User has access to this GPO.
USERENV(6a0.fc0) 17:02:12:647 ProcessGPO:  GPO passes the filter check.
USERENV(6a0.fc0) 17:02:12:647 ProcessGPO:  Found functionality version of:  2
USERENV(6a0.fc0) 17:02:12:647 ProcessGPO:  Found file system path of: ......(ETC)

But I cannot get it to map a network drive!

When I type in the drive, that is supposed to be mapped via the GPO, I get the following error message: The system cannot find the drive specified.

Here is the script:
@echo off
if exist t:\ net use t: /delete
net use t: \\ris\cliffshare /persistent:no >nul
exit

Thanks!
0
Comment
Question by:cliffordgormley
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 16483331
This is all you should need.  If T does not exist, it's silently ignored.



@echo off
net use t: /delete
net use t: \\ris\cliffshare
exit

This needs to be in a Logon script under User Configuration.  The users must be in the inheitance path of the policy.

If \\ris doesn't work, use the FQDN instead.

0
 

Author Comment

by:cliffordgormley
ID: 16483378
tried that Netman...still does not work...
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16483396
If you go to Start>Run and enter \\ris (the ENTER) does the server open up in Explorer?  Will it open with \\ris.domain.com?  Is your share hidden? - if so, it should be \\ris\cliffshare$

Let me know.
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
LVL 51

Expert Comment

by:Netman66
ID: 16483407
..should be (then ENTER) - sorry!

0
 

Author Comment

by:cliffordgormley
ID: 16483470
Yep, I can get to it via  Start>Run and enter \\ris (the ENTER) does the server open up in Explorer?  
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16483541
So is cliffshare visible on \\ris when you did that?
0
 

Author Comment

by:cliffordgormley
ID: 16483553
yes, it is visible using just \\ris.
I was able to manually map a drive to it too.
The script is not working, even though the Group Policy Mgt says it was applied.  I am stumped.

I tried another GPO that would disable IE's Connection page, and that didnt work either, even thought Group Policy Mgt says it is.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16483613
So, if you put this in a .cmd file and run it, does it work?

@echo off
net use t: /delete
net use t: \\ris\cliffshare
exit

If it does, then the next step is to tell me where you added this in a GPO - where it was linked, if the user accounts are below the policy, and where you saved the script.  

You should store the script for the policy here:

\\{domain}\SysVol\{domain}\Policies\{9D377432-3AC1-449D-BC02-6E25B7C79957}\User\Scripts\Logon

If you select User Config>Windows Settings>Scripts(logon/logoff)>Logon, then hit the "Show Files" button it will take you right to the folder that this script needs to be copied to.  Then use the Add button above and select it by Browsing to it.



0
 

Author Comment

by:cliffordgormley
ID: 16483814
hello Netman
I have left work for the day, but I will try running the .cmd file directly.
The script is stored exactly where you say:  \\{domain}\SysVol\{domain}\Policies\{9D377432-3AC1-449D-BC02-6E25B7C79957}\User\Scripts\Logon

i will let you know the results of running the .cmd directly; that is a good idea.
0
 
LVL 3

Assisted Solution

by:artthegeek
artthegeek earned 200 total points
ID: 16483961
Before I go further -

I remember sweating out a similar issue a while ago, only to find that a different logon script was manually entered in the profile tab of the AD user properties.  
You may kick yourself (or whoever entered it), but what a relief.
0
 

Author Comment

by:cliffordgormley
ID: 16484247
let me check that tomorrow Art.  So does a login script in the profile tab prevent application of any GPOs?  I wouldnt think so, but I am learning all the time.
0
 
LVL 6

Assisted Solution

by:essaydave
essaydave earned 200 total points
ID: 16485706
Clifford, can you check the OU the GPO is applied to?  I had a similar problem, and was struggling with it for ages.  Then I realised I was applying the policy to a CN, not an OU.  If you apply it to a container, you won't get policies applying.  

Can you also please run GPRESULT from the command line, with the /V option, that should tell you on the client machine exactly what policies its actually getting.  
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 1600 total points
ID: 16486556
No it doesn't prevent it, it will run concurrently.

What I'm walking you through is a step by step process of determining where the fault lies.  We know the share exists, and you can see it and map to it manually.  We will now check your script.

If that works, then the next step is to see where your GPO is linked and whether the correct elements are configured.
Next will be Security on the GPO.

Lastly, we will disable fastboot here:

Computer Configuration>Admin Templates>System>Logon :: Always wait for network at computer startup and logon = ENABLED

This will make all XP clients wait for the network stack to initialize before logging in.  Right now, they use cached credentials - which allow a faster logon, but tend to skip group policies that you may need to fire off the first time.

0
 
LVL 3

Expert Comment

by:artthegeek
ID: 16490018
Also -
Suggest you do a quick download and install of the Group Policy Management Console, it is much more helpful in identifying where GPOs are linked
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

Also, we use RSOP (Resultant Set of Policy) to drill down to exactly which policies are applying to an object.  It's a little geeky, but if you have the time you can get THE answer there.  It also interfaces with the GP management console:
http://support.microsoft.com/default.aspx?scid=kb;en-us;323276

To your earlier question:
Yes, the profile script will supercede any other with the same name.  The rule of thumb is that GPOs add up unless they conflict.  When they conflict the closer to the object itself (the user) applies.

The exceptions are:
There are additional settings to force or block GPO inheritance, which are not in place by default.
Permissions - users must have read permissions to the GPO itself (security tab of the GPO) for it to apply.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question