Group Policy nightmare

Posted on 2008-06-25
Last Modified: 2010-03-17
This is something for everyone to think on because i'm not really sure if there is an answer.  I have one group policy that runs (default domain policy) and i have a batch file that maps all the drives for those in each OU.  For the most part it works great but the problem is with the HOME USER folder.  I have everyone set the same way in active dir users and comps ( \\server\users\login_name ) but randomly i have usrs that are getting mapped to the folder before their home folder  U:=\\server\users.  

If i have them log off and log back in it seems to be fine.  The next day it might be a couple different users.  It appears to happen to  the same person/s more than one time though.  Users are also having hte issue that sometimes their drive mapping aren't complete (some maps are missing).   I've looked at GPRESULT and all lookss good.  Just can't figure out why some are fine and others are not.  If anyone has any ideas i would love to hear them.  Thanks in advance.

Question by:prutter
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 18

Expert Comment

ID: 21865845
I would always suggest you not to apply any settings on the Default domain policy. Now create a new policy and define the policy setting to map the drive and link and enforce the policy to the remember to remove the map drive settings on the default domain policy.....  post the logon script also....

Also make sure that this policy is applied to all "authenticated users"....
LVL 30

Expert Comment

ID: 21867199
Why are you mapping the home drive via a login script?  This is better configured within the user's account properties in AD, most easily visible on the Profile tab in ADUC.

Expert Comment

ID: 21867851
Use RSOP (MMC -> Resultant set of policy) on the client computer to find out wich settings are applied.
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Author Comment

ID: 21875920

I understand what you are saying but if i did run the login script would or should there be any issues?  It's been running fine for quite some time until we migrated data to our new Filer.  All rights are correct and everything we looked at seems fine.  I will try to take out the home dir from the login script and see what happens.  
LVL 30

Expert Comment

ID: 21875933
Depends on how you're mapping it in the script.  'net use' is such an old command by now that it can act quirky on new client OS's, for example.

Author Comment

ID: 21876323
Is there a better command to use than net use?  i'm not a script writer that's why i keep it simple.
LVL 30

Expert Comment

ID: 21876454
VBScript has the MapNetworkDrive method, but the fact remains that to avoid unpredictable behavior, home drive mappings should be done via user properties in Active Directory and not via script.

Author Comment

ID: 21899230

Something still isn't quite right.  Now if i let ADUC map the drive it mappes most (not all) to the folder above their username.  Any thouhgts?  Ther eis nothing consistant about this whole issue and that's what makes it so hard for me to troubleshoot.

Accepted Solution

prutter earned 0 total points
ID: 22028710
I'm still working on this with Microsoft and with the time they spent on this i can say this is a real problem.

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question