Link to home
Start Free TrialLog in
Avatar of Trihimbulus
Trihimbulus

asked on

Applying GPO to OU to map network Drive

I am setting up a terminal server (2003) to give access to an accounting application to a group called TS ACCT. I have created a batch file named mapn.bat which states "net use n: \\server\share\". The policy is not applying. I linked it to the specific OU and it is not blocking inheritance. Security Filtering is to the TS ACCT Group, and they have the delegated rights to read and apply GPO. Any ideas?????
Avatar of glennbrown2
glennbrown2

where in GP have you set the batch file to apply...a login script?

what info do you get when running rsop.msc from the start/run box when a user is logged in
Use a VB Script to map the drive, not a bat file.

Something like this:

Dim net
set net = Wscript.CreateObject("Wscript.Network")
net.MapNetworkDrive "N:", "\\server\share",T


Save that to a file called mapndrive.vbs in your netlogon share. Map your GPO's login script to that VBS.

This sets a "non persistent" share - meaning it runs each time they login, if they are off the network, the mapping won't appear.
ASKER CERTIFIED SOLUTION
Avatar of Netman66
Netman66
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
One thing I forgot about the .vbs

Add the following line to the beginning:

On Error Resume Next

That will make errors invisible to your clients, for example if they already have manually mapped that drive letter to something else.

I like .vbs because you have more control than the batch files.
I debate that, but it's personal preference I guess!

There isn't much I can't accomplish in a batch file that can be done with VBS - and I've used both.

I find vbs files way longer to write for simple operations.

Avatar of Trihimbulus

ASKER

Netman66- I have created a group for the people logging into the Terminal Server and this group is in the Container. Will this work?
Do you just want this to apply to people logging into the TS? and only when they log into the TS?

If so, the way this is done is to put the TS into it's own OU, create the GPO on this OU and enable Loopback processing.

If your TS is not a Domain Controller or File server and only runs TS then this will work.

But to answer your question, GPOs only apply to User and Computer objects not to Groups.

"Do you just want this to apply to people logging into the TS? and only when they log into the TS?
If so, the way this is done is to put the TS into it's own OU, create the GPO on this OU and enable Loopback processing."

Thanks I did this and everything seems to work. I placed the users in the same Container and seems to work. In terminal services Configuration, I specified to run a certain program at logon. The problem now is that the Program does start (meaning the mapped drive batch file does work) BUT the taskbar never displays. I disabled the program from starting (just to test setup) and the taskbar does show. Any ideas? Maybe I need to specifiy time paramaters somewhere (ie. start in 10 seconds of logon???)

You could delay it from starting, yes.  Is the taskbar simply hidden under the window?

Actually I need to start a new question Thanks for answering my original!