Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Map Network Drives do not always Map through Group Policy Site Policy

Posted on 2007-11-29
17
Medium Priority
?
749 Views
Last Modified: 2008-06-13
We have 3 different sites/locations and recently changed the way users map network drives.  Depending on what site a user is in, determines the logon script that will run.  However, sometime the logon script does not run.  WHY?

This is how I set it up...

In GPMC, I assigned a policy to each Active Directory Site.  For each policy I enabled a logon script for that site/location under...
User Configuration -->Windows Settings -->Scripts --> Logon
The logon script is a VBS.

For some reason, I have been getting calls from users saying that their drives are not mapping.  All of these users experiencing the issue are running windows XP.  Any Ideas?
0
Comment
Question by:ohmErnie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
  • 2
17 Comments
 
LVL 12

Expert Comment

by:bhnmi
ID: 20376322
Are you sure the script itself is not running? Or is it not completing due to an error?
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 20376445
After looking in the event log -- application I can tell it is looking for the script, but failing with these errors:

Event Type:      Error
Event Source:      UserInit
Event Category:      None
Event ID:      1000
Date:            11/29/2007
Time:            1:58:40 PM
User:            N/A
Computer:      COMP
Description:
Could not execute the following script \\domain.com\NETLOGON\logon.vbs. Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied.



Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1058
Date:            11/29/2007
Time:            1:58:15 PM
User:            domain\user
Computer:      COMP
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=home,DC=domain,DC=com. The file must be present at the location <\\domain.com\sysvol\domain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. ). Group Policy processing aborted.

Sometimes if the user restarts their computer a couple times it works.  do I have something configured incorrectly?
0
 
LVL 12

Expert Comment

by:bhnmi
ID: 20376495
Is the script located locally at each site? and is each site the same domain or do you have a top level and child domains?
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 16

Accepted Solution

by:
Kevin Hays earned 2000 total points
ID: 20376964
have yet set this setting perhaps?  It seems as though the network may not be fully loaded when the user logs in.  Something that xp does, fast user login.

computer configuration/administrative templates/system/logon/always wait for the network at computer startup and logon.

0
 
LVL 1

Author Comment

by:ohmErnie
ID: 20377000
Bhnmi, yes the script is located at each site and we only have 1 domain.

Kshays, I have not set that setting. Think that will help?
0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 20377013
It wouldn't hurt that's for sure.  Instead of the user getting the login screen really quick they are forced until everything is loaded (network wise).  This is why some single site domains will not run login scripts.

This is for xp machines only.

Kevin
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 20377046
Kevin, What will happen to laptops that users take off the network?  Will they still be able to logon when they are disconnected from the network?
0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 20377132
Nothing should happen if you apply that policy.  It just waits for the network connections to get fully load(part of OS) is all.  Let me see if I can find you a link :)

0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 20377149
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 20457998
Kevin,

Any ideas why all of a sudden this issue is happening.  I know have about 10-15 people that are complaining about having to restart a couple times daily to maybe get the drives to map.  Nothing in my organization has changed accept possible windows updates that may have installed.
0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 20459413
Not right off hand I don't.  It sounds like it just isn't making sure the network connections are available before running the login scripts.  Are the DC's replicated with each other (i assume so).  Are these the same people over and over?

Have you tried having them login to a different workstation or tried a different user on their workstation.
In the meantime I would probably create a small batch file that the user can just launch from their desktop to map their drives if the login scripts don't run.

There shouldn't be a permissions issue since it was all working fine before.

Have you ran netdiag /v on each dc assuming it's hosting dns service to test funcionality of your DNS service?

Kevin
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 20459452
I now remember the following group policy setting was changed about the time the issue began...

Network security: LAN Manager authentication level

Symantec Endpoint Protection recommended changing it to: "Send NTLMv2 response only"
0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 20460149
Ahhhhh.  I've got mine set at "send LM & NTLM responses"
Why did they suggest you just use NTLM responses for?
0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 20460165
0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 20460354
Much better explanation.

http://kb.iu.edu/data/atvn.html

Kevin
0
 
LVL 1

Author Comment

by:ohmErnie
ID: 20460392
Im trying to find the symantec article that recommended the change, but I cannot.  They probably removed it because it was causing problems.  I changed my setting back to default and will monitor for the next day or so and will post back.
0
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 20461026
Ok, good luck!

Kevin
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question