Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1053
  • Last Modified:

Access Denied When Using .vbs to Map Drives Through Group Policy

I am attempting to map a drive through a startup script using group policy and Windows 2003 AD. We are using .vbs files, creating a group policy object and then applying this to a computer group. Unfortunately, an error message is displaying and the drive is not mapping.

Error: Access Denied
Code: 80070005
Any input would help...thanks
0
tcat169
Asked:
tcat169
  • 4
  • 4
  • 2
  • +1
1 Solution
 
sirbountyCommented:
Can you post the script you're using?
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Yes, posting the script would be helpful.
But you say you're applying it to a computer group. A computer cannot map a drive. You need to apply it to users and it need to run as a logon script if you are to push it out through Group Policy.

If that is what you're doing then have a look at this to see if any of these problems and solutions apply to your situation http://www.computerperformance.co.uk/Logon/code/code_80070005.htm
0
 
ChiefITCommented:
I ran into the same error and found the link that My Username provided was quite helpful:
________________________________________________________________________________
MY ERROR stemmed from Internet Explorer Enhanced Security preventing me from running VBS files from a remote location. As a test, I added the UNC path to the DC as a trusted site. I know it sounds odd, but it worked for me.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23351830.html

Though VBS wasn't metioned in the files that are signled out, it is one of the group:

If IEES is your issue, like it was mine here are the workarounds and fixes:
What's effected:
http://support.microsoft.com/kb/815141

You have a couple choices:
Choice 1) Go to Add/remove programs and remove Internet Explorer Enhanced Security.
Choice 2) Tells you how to add your intranet sites as a trusted sites. UNC paths can use the *.* (meaning all) for a qualifier.

By IP block: (anything on this subnet is trusted)
\\10.10.10.*

By FQDN: (All on the fully qualified domain)
\\*.Fully.Qualified.domain.name

By netbios name: (All shares are this computer are trusted)
\\Computername

http://windowsitpro.com/article/articleid/78049/jsi-tip-6644-how-can-i-use-group-policy-to-add-a-site-to-the-trusted-sites-zone.html

I hope this helps.

0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
tcat169Author Commented:
Thanks for the responses. I have attached the code that is run.  I believe you should be able to run a startup script on a computer vs.  user through group policy.  It is then applied to the computer (regardless of who logs in) .  

The first part of the code is what is applied through GP and the second part is the actual file that is run.  I am able to run the file once I am logged in.  The failure occurs at startup.  I will follow up on the IE suggestions and let you know.

Any additional help is appreciated.
\\sbcp.com\netlogon\verona_pb.vbs 
 
Set objNetwork = CreateObject("Wscript.Network")
	objNetwork.MapNetworkDrive "Y:", "\\sbcp.com\public\veronaexpedite"

Open in new window

0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
The issue is that you're running the script as a Startup script. The computer cannot map a drive and that is the issue. To make the script apply to every user that logs on to it you need to put the script in the logon section (under User Configuration\Windows Settings\Script) and then enable loopback processing using the Merge option (Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy loopback processing mode).
0
 
tcat169Author Commented:
I am not certain that you are correct, because we can map a drive to a computer (Startup Script) under Computer Configuration using \\servername\share, but the drive appears as "disconnected" and users with IE 7.0 have difficulty running executables from this "shared" drive.  We implemented DFS and are trying to map via \\domain\public.
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Mapped drives are in the HKCU\Network key. Unless the script specifically modifies the HKU\ on the machine it is impossible for a startup script to map a drive.
0
 
ChiefITCommented:
Try putting the UNC path in trusted sites. I know it sounds odd, but it is a good test of IEES.
0
 
tcat169Author Commented:
I totally disabled IEES on my DCs and put the UNC ..still no luck .
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Mapping network drives much be done under a user context. This means that you cannot map a drive with a startup script. You will continue to not have any luck until you start running it as a logon script.

In my post above I gave the general steps on how to apply a logon script to users based on computer. http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23783348.html?cid=238#a22635009

I can tell you how to apply a logon script to a specific computer in more detail if you need. Let me know.
0
 
tcat169Author Commented:
The Loopback/Merge option worked.  Thanks for your help...I will not doubt again....
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now