cliffordgormley
asked on
Mapped drive GPO not working
Ok,
I have used GPOs before, but I cannot get one to map a network driver for me using a luser ogin script.
1. I have run gpupdate on the target machine
2. The Event Viewer on the target machine indicates Event ID 1704, Security Policy in the Group Policy Objects container has been applied successfully.
3. The Group Policy Management's Group Policy Results indicates that the login script GPO was Applied Successfully.
4. The network share is available, as I manuall tested it from the target GPO machine.
5. The permissions are ok to establish the share.
6. I ran the userenv debug by making Registry changes, and I get the following text, indicating success:
USERENV(6a0.fc0) 17:02:12:637 ProcessGPO: User has access to this GPO.
USERENV(6a0.fc0) 17:02:12:647 ProcessGPO: GPO passes the filter check.
USERENV(6a0.fc0) 17:02:12:647 ProcessGPO: Found functionality version of: 2
USERENV(6a0.fc0) 17:02:12:647 ProcessGPO: Found file system path of: ......(ETC)
But I cannot get it to map a network drive!
When I type in the drive, that is supposed to be mapped via the GPO, I get the following error message: The system cannot find the drive specified.
Here is the script:
@echo off
if exist t:\ net use t: /delete
net use t: \\ris\cliffshare /persistent:no >nul
exit
Thanks!
I have used GPOs before, but I cannot get one to map a network driver for me using a luser ogin script.
1. I have run gpupdate on the target machine
2. The Event Viewer on the target machine indicates Event ID 1704, Security Policy in the Group Policy Objects container has been applied successfully.
3. The Group Policy Management's Group Policy Results indicates that the login script GPO was Applied Successfully.
4. The network share is available, as I manuall tested it from the target GPO machine.
5. The permissions are ok to establish the share.
6. I ran the userenv debug by making Registry changes, and I get the following text, indicating success:
USERENV(6a0.fc0) 17:02:12:637 ProcessGPO: User has access to this GPO.
USERENV(6a0.fc0) 17:02:12:647 ProcessGPO: GPO passes the filter check.
USERENV(6a0.fc0) 17:02:12:647 ProcessGPO: Found functionality version of: 2
USERENV(6a0.fc0) 17:02:12:647 ProcessGPO: Found file system path of: ......(ETC)
But I cannot get it to map a network drive!
When I type in the drive, that is supposed to be mapped via the GPO, I get the following error message: The system cannot find the drive specified.
Here is the script:
@echo off
if exist t:\ net use t: /delete
net use t: \\ris\cliffshare /persistent:no >nul
exit
Thanks!
ASKER
tried that Netman...still does not work...
If you go to Start>Run and enter \\ris (the ENTER) does the server open up in Explorer? Will it open with \\ris.domain.com? Is your share hidden? - if so, it should be \\ris\cliffshare$
Let me know.
Let me know.
..should be (then ENTER) - sorry!
ASKER
Yep, I can get to it via Start>Run and enter \\ris (the ENTER) does the server open up in Explorer?
So is cliffshare visible on \\ris when you did that?
ASKER
yes, it is visible using just \\ris.
I was able to manually map a drive to it too.
The script is not working, even though the Group Policy Mgt says it was applied. I am stumped.
I tried another GPO that would disable IE's Connection page, and that didnt work either, even thought Group Policy Mgt says it is.
I was able to manually map a drive to it too.
The script is not working, even though the Group Policy Mgt says it was applied. I am stumped.
I tried another GPO that would disable IE's Connection page, and that didnt work either, even thought Group Policy Mgt says it is.
So, if you put this in a .cmd file and run it, does it work?
@echo off
net use t: /delete
net use t: \\ris\cliffshare
exit
If it does, then the next step is to tell me where you added this in a GPO - where it was linked, if the user accounts are below the policy, and where you saved the script.
You should store the script for the policy here:
\\{domain}\SysVol\{domain} \Policies\ {9D377432- 3AC1-449D- BC02-6E25B 7C79957}\U ser\Script s\Logon
If you select User Config>Windows Settings>Scripts(logon/log off)>Logon , then hit the "Show Files" button it will take you right to the folder that this script needs to be copied to. Then use the Add button above and select it by Browsing to it.
@echo off
net use t: /delete
net use t: \\ris\cliffshare
exit
If it does, then the next step is to tell me where you added this in a GPO - where it was linked, if the user accounts are below the policy, and where you saved the script.
You should store the script for the policy here:
\\{domain}\SysVol\{domain}
If you select User Config>Windows Settings>Scripts(logon/log
ASKER
hello Netman
I have left work for the day, but I will try running the .cmd file directly.
The script is stored exactly where you say: \\{domain}\SysVol\{domain} \Policies\ {9D377432- 3AC1-449D- BC02-6E25B 7C79957}\U ser\Script s\Logon
i will let you know the results of running the .cmd directly; that is a good idea.
I have left work for the day, but I will try running the .cmd file directly.
The script is stored exactly where you say: \\{domain}\SysVol\{domain}
i will let you know the results of running the .cmd directly; that is a good idea.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
let me check that tomorrow Art. So does a login script in the profile tab prevent application of any GPOs? I wouldnt think so, but I am learning all the time.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also -
Suggest you do a quick download and install of the Group Policy Management Console, it is much more helpful in identifying where GPOs are linked
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
Also, we use RSOP (Resultant Set of Policy) to drill down to exactly which policies are applying to an object. It's a little geeky, but if you have the time you can get THE answer there. It also interfaces with the GP management console:
http://support.microsoft.com/default.aspx?scid=kb;en-us;323276
To your earlier question:
Yes, the profile script will supercede any other with the same name. The rule of thumb is that GPOs add up unless they conflict. When they conflict the closer to the object itself (the user) applies.
The exceptions are:
There are additional settings to force or block GPO inheritance, which are not in place by default.
Permissions - users must have read permissions to the GPO itself (security tab of the GPO) for it to apply.
Suggest you do a quick download and install of the Group Policy Management Console, it is much more helpful in identifying where GPOs are linked
http://www.microsoft.com/downloads/details.aspx?FamilyId=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en
Also, we use RSOP (Resultant Set of Policy) to drill down to exactly which policies are applying to an object. It's a little geeky, but if you have the time you can get THE answer there. It also interfaces with the GP management console:
http://support.microsoft.com/default.aspx?scid=kb;en-us;323276
To your earlier question:
Yes, the profile script will supercede any other with the same name. The rule of thumb is that GPOs add up unless they conflict. When they conflict the closer to the object itself (the user) applies.
The exceptions are:
There are additional settings to force or block GPO inheritance, which are not in place by default.
Permissions - users must have read permissions to the GPO itself (security tab of the GPO) for it to apply.
@echo off
net use t: /delete
net use t: \\ris\cliffshare
exit
This needs to be in a Logon script under User Configuration. The users must be in the inheitance path of the policy.
If \\ris doesn't work, use the FQDN instead.