Access Denied When Using .vbs to Map Drives Through Group Policy

Posted on 2008-10-02
Medium Priority
Last Modified: 2012-06-21
I am attempting to map a drive through a startup script using group policy and Windows 2003 AD. We are using .vbs files, creating a group policy object and then applying this to a computer group. Unfortunately, an error message is displaying and the drive is not mapping.

Error: Access Denied
Code: 80070005
Any input would help...thanks
Question by:tcat169
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
LVL 67

Expert Comment

ID: 22629121
Can you post the script you're using?
LVL 19

Expert Comment

by:Jeremy Weisinger
ID: 22629784
Yes, posting the script would be helpful.
But you say you're applying it to a computer group. A computer cannot map a drive. You need to apply it to users and it need to run as a logon script if you are to push it out through Group Policy.

If that is what you're doing then have a look at this to see if any of these problems and solutions apply to your situation http://www.computerperformance.co.uk/Logon/code/code_80070005.htm
LVL 39

Expert Comment

ID: 22631132
I ran into the same error and found the link that My Username provided was quite helpful:
MY ERROR stemmed from Internet Explorer Enhanced Security preventing me from running VBS files from a remote location. As a test, I added the UNC path to the DC as a trusted site. I know it sounds odd, but it worked for me.

Though VBS wasn't metioned in the files that are signled out, it is one of the group:

If IEES is your issue, like it was mine here are the workarounds and fixes:
What's effected:

You have a couple choices:
Choice 1) Go to Add/remove programs and remove Internet Explorer Enhanced Security.
Choice 2) Tells you how to add your intranet sites as a trusted sites. UNC paths can use the *.* (meaning all) for a qualifier.

By IP block: (anything on this subnet is trusted)

By FQDN: (All on the fully qualified domain)

By netbios name: (All shares are this computer are trusted)


I hope this helps.

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 22634780
Thanks for the responses. I have attached the code that is run.  I believe you should be able to run a startup script on a computer vs.  user through group policy.  It is then applied to the computer (regardless of who logs in) .  

The first part of the code is what is applied through GP and the second part is the actual file that is run.  I am able to run the file once I am logged in.  The failure occurs at startup.  I will follow up on the IE suggestions and let you know.

Any additional help is appreciated.
Set objNetwork = CreateObject("Wscript.Network")
	objNetwork.MapNetworkDrive "Y:", "\\sbcp.com\public\veronaexpedite"

Open in new window

LVL 19

Expert Comment

by:Jeremy Weisinger
ID: 22635009
The issue is that you're running the script as a Startup script. The computer cannot map a drive and that is the issue. To make the script apply to every user that logs on to it you need to put the script in the logon section (under User Configuration\Windows Settings\Script) and then enable loopback processing using the Merge option (Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy loopback processing mode).

Author Comment

ID: 22635457
I am not certain that you are correct, because we can map a drive to a computer (Startup Script) under Computer Configuration using \\servername\share, but the drive appears as "disconnected" and users with IE 7.0 have difficulty running executables from this "shared" drive.  We implemented DFS and are trying to map via \\domain\public.
LVL 19

Expert Comment

by:Jeremy Weisinger
ID: 22635569
Mapped drives are in the HKCU\Network key. Unless the script specifically modifies the HKU\ on the machine it is impossible for a startup script to map a drive.
LVL 39

Expert Comment

ID: 22635936
Try putting the UNC path in trusted sites. I know it sounds odd, but it is a good test of IEES.

Author Comment

ID: 22636981
I totally disabled IEES on my DCs and put the UNC ..still no luck .
LVL 19

Accepted Solution

Jeremy Weisinger earned 1000 total points
ID: 22637054
Mapping network drives much be done under a user context. This means that you cannot map a drive with a startup script. You will continue to not have any luck until you start running it as a logon script.

In my post above I gave the general steps on how to apply a logon script to users based on computer. http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23783348.html?cid=238#a22635009

I can tell you how to apply a logon script to a specific computer in more detail if you need. Let me know.

Author Closing Comment

ID: 31502579
The Loopback/Merge option worked.  Thanks for your help...I will not doubt again....

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question