• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 706
  • Last Modified:

Mapped drive GPO not working

Ok,
I have used GPOs before, but I cannot get one to map a network driver for me using a luser ogin script.
1. I have run gpupdate on the target machine
2. The Event Viewer on the target machine indicates Event ID 1704, Security Policy in the Group Policy Objects container has been applied successfully.
3. The  Group Policy Management's Group Policy Results indicates that the login script GPO was Applied Successfully.
4. The network share is available, as I manuall tested it from the target GPO machine.
5. The permissions are ok to establish the share.
6. I ran the userenv debug by making Registry changes, and I get the following text, indicating success:
USERENV(6a0.fc0) 17:02:12:637 ProcessGPO:  User has access to this GPO.
USERENV(6a0.fc0) 17:02:12:647 ProcessGPO:  GPO passes the filter check.
USERENV(6a0.fc0) 17:02:12:647 ProcessGPO:  Found functionality version of:  2
USERENV(6a0.fc0) 17:02:12:647 ProcessGPO:  Found file system path of: ......(ETC)

But I cannot get it to map a network drive!

When I type in the drive, that is supposed to be mapped via the GPO, I get the following error message: The system cannot find the drive specified.

Here is the script:
@echo off
if exist t:\ net use t: /delete
net use t: \\ris\cliffshare /persistent:no >nul
exit

Thanks!
0
cliffordgormley
Asked:
cliffordgormley
  • 6
  • 5
  • 2
  • +1
3 Solutions
 
Netman66Commented:
This is all you should need.  If T does not exist, it's silently ignored.



@echo off
net use t: /delete
net use t: \\ris\cliffshare
exit

This needs to be in a Logon script under User Configuration.  The users must be in the inheitance path of the policy.

If \\ris doesn't work, use the FQDN instead.

0
 
cliffordgormleyAuthor Commented:
tried that Netman...still does not work...
0
 
Netman66Commented:
If you go to Start>Run and enter \\ris (the ENTER) does the server open up in Explorer?  Will it open with \\ris.domain.com?  Is your share hidden? - if so, it should be \\ris\cliffshare$

Let me know.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
Netman66Commented:
..should be (then ENTER) - sorry!

0
 
cliffordgormleyAuthor Commented:
Yep, I can get to it via  Start>Run and enter \\ris (the ENTER) does the server open up in Explorer?  
0
 
Netman66Commented:
So is cliffshare visible on \\ris when you did that?
0
 
cliffordgormleyAuthor Commented:
yes, it is visible using just \\ris.
I was able to manually map a drive to it too.
The script is not working, even though the Group Policy Mgt says it was applied.  I am stumped.

I tried another GPO that would disable IE's Connection page, and that didnt work either, even thought Group Policy Mgt says it is.
0
 
Netman66Commented:
So, if you put this in a .cmd file and run it, does it work?

@echo off
net use t: /delete
net use t: \\ris\cliffshare
exit

If it does, then the next step is to tell me where you added this in a GPO - where it was linked, if the user accounts are below the policy, and where you saved the script.  

You should store the script for the policy here:

\\{domain}\SysVol\{domain}\Policies\{9D377432-3AC1-449D-BC02-6E25B7C79957}\User\Scripts\Logon

If you select User Config>Windows Settings>Scripts(logon/logoff)>Logon, then hit the "Show Files" button it will take you right to the folder that this script needs to be copied to.  Then use the Add button above and select it by Browsing to it.



0
 
cliffordgormleyAuthor Commented:
hello Netman
I have left work for the day, but I will try running the .cmd file directly.
The script is stored exactly where you say:  \\{domain}\SysVol\{domain}\Policies\{9D377432-3AC1-449D-BC02-6E25B7C79957}\User\Scripts\Logon

i will let you know the results of running the .cmd directly; that is a good idea.
0
 
artthegeekCommented:
Before I go further -

I remember sweating out a similar issue a while ago, only to find that a different logon script was manually entered in the profile tab of the AD user properties.  
You may kick yourself (or whoever entered it), but what a relief.
0
 
cliffordgormleyAuthor Commented:
let me check that tomorrow Art.  So does a login script in the profile tab prevent application of any GPOs?  I wouldnt think so, but I am learning all the time.
0
 
essaydaveCommented:
Clifford, can you check the OU the GPO is applied to?  I had a similar problem, and was struggling with it for ages.  Then I realised I was applying the policy to a CN, not an OU.  If you apply it to a container, you won't get policies applying.  

Can you also please run GPRESULT from the command line, with the /V option, that should tell you on the client machine exactly what policies its actually getting.  
0
 
Netman66Commented:
No it doesn't prevent it, it will run concurrently.

What I'm walking you through is a step by step process of determining where the fault lies.  We know the share exists, and you can see it and map to it manually.  We will now check your script.

If that works, then the next step is to see where your GPO is linked and whether the correct elements are configured.
Next will be Security on the GPO.

Lastly, we will disable fastboot here:

Computer Configuration>Admin Templates>System>Logon :: Always wait for network at computer startup and logon = ENABLED

This will make all XP clients wait for the network stack to initialize before logging in.  Right now, they use cached credentials - which allow a faster logon, but tend to skip group policies that you may need to fire off the first time.

0
 
artthegeekCommented:
Also -
Suggest you do a quick download and install of the Group Policy Management Console, it is much more helpful in identifying where GPOs are linked
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

Also, we use RSOP (Resultant Set of Policy) to drill down to exactly which policies are applying to an object.  It's a little geeky, but if you have the time you can get THE answer there.  It also interfaces with the GP management console:
http://support.microsoft.com/default.aspx?scid=kb;en-us;323276

To your earlier question:
Yes, the profile script will supercede any other with the same name.  The rule of thumb is that GPOs add up unless they conflict.  When they conflict the closer to the object itself (the user) applies.

The exceptions are:
There are additional settings to force or block GPO inheritance, which are not in place by default.
Permissions - users must have read permissions to the GPO itself (security tab of the GPO) for it to apply.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

  • 6
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now