Solved

Group Policy nightmare

Posted on 2008-06-25
9
191 Views
Last Modified: 2010-03-17
This is something for everyone to think on because i'm not really sure if there is an answer.  I have one group policy that runs (default domain policy) and i have a batch file that maps all the drives for those in each OU.  For the most part it works great but the problem is with the HOME USER folder.  I have everyone set the same way in active dir users and comps ( \\server\users\login_name ) but randomly i have usrs that are getting mapped to the folder before their home folder  U:=\\server\users.  

If i have them log off and log back in it seems to be fine.  The next day it might be a couple different users.  It appears to happen to  the same person/s more than one time though.  Users are also having hte issue that sometimes their drive mapping aren't complete (some maps are missing).   I've looked at GPRESULT and all lookss good.  Just can't figure out why some are fine and others are not.  If anyone has any ideas i would love to hear them.  Thanks in advance.

Perry
0
Comment
Question by:prutter
9 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 21865845
I would always suggest you not to apply any settings on the Default domain policy. Now create a new policy and define the policy setting to map the drive and link and enforce the policy to the OU...do remember to remove the map drive settings on the default domain policy.....  post the logon script also....

Also make sure that this policy is applied to all "authenticated users"....
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 21867199
Why are you mapping the home drive via a login script?  This is better configured within the user's account properties in AD, most easily visible on the Profile tab in ADUC.
0
 
LVL 5

Expert Comment

by:minvis
ID: 21867851
Use RSOP (MMC -> Resultant set of policy) on the client computer to find out wich settings are applied.
0
 

Author Comment

by:prutter
ID: 21875920
LauraEHunterMVP,

I understand what you are saying but if i did run the login script would or should there be any issues?  It's been running fine for quite some time until we migrated data to our new Filer.  All rights are correct and everything we looked at seems fine.  I will try to take out the home dir from the login script and see what happens.  
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 21875933
Depends on how you're mapping it in the script.  'net use' is such an old command by now that it can act quirky on new client OS's, for example.
0
 

Author Comment

by:prutter
ID: 21876323
Is there a better command to use than net use?  i'm not a script writer that's why i keep it simple.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 21876454
VBScript has the MapNetworkDrive method, but the fact remains that to avoid unpredictable behavior, home drive mappings should be done via user properties in Active Directory and not via script.
0
 

Author Comment

by:prutter
ID: 21899230
Laura,

Something still isn't quite right.  Now if i let ADUC map the drive it mappes most (not all) to the folder above their username.  Any thouhgts?  Ther eis nothing consistant about this whole issue and that's what makes it so hard for me to troubleshoot.
0
 

Accepted Solution

by:
prutter earned 0 total points
ID: 22028710
I'm still working on this with Microsoft and with the time they spent on this i can say this is a real problem.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now