Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Access Denied When Using .vbs to Map Drives Through Group Policy

Posted on 2008-10-02
11
1,016 Views
Last Modified: 2012-06-21
I am attempting to map a drive through a startup script using group policy and Windows 2003 AD. We are using .vbs files, creating a group policy object and then applying this to a computer group. Unfortunately, an error message is displaying and the drive is not mapping.

Error: Access Denied
Code: 80070005
Any input would help...thanks
0
Comment
Question by:tcat169
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 22629121
Can you post the script you're using?
0
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 22629784
Yes, posting the script would be helpful.
But you say you're applying it to a computer group. A computer cannot map a drive. You need to apply it to users and it need to run as a logon script if you are to push it out through Group Policy.

If that is what you're doing then have a look at this to see if any of these problems and solutions apply to your situation http://www.computerperformance.co.uk/Logon/code/code_80070005.htm
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22631132
I ran into the same error and found the link that My Username provided was quite helpful:
________________________________________________________________________________
MY ERROR stemmed from Internet Explorer Enhanced Security preventing me from running VBS files from a remote location. As a test, I added the UNC path to the DC as a trusted site. I know it sounds odd, but it worked for me.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23351830.html

Though VBS wasn't metioned in the files that are signled out, it is one of the group:

If IEES is your issue, like it was mine here are the workarounds and fixes:
What's effected:
http://support.microsoft.com/kb/815141

You have a couple choices:
Choice 1) Go to Add/remove programs and remove Internet Explorer Enhanced Security.
Choice 2) Tells you how to add your intranet sites as a trusted sites. UNC paths can use the *.* (meaning all) for a qualifier.

By IP block: (anything on this subnet is trusted)
\\10.10.10.*

By FQDN: (All on the fully qualified domain)
\\*.Fully.Qualified.domain.name

By netbios name: (All shares are this computer are trusted)
\\Computername

http://windowsitpro.com/article/articleid/78049/jsi-tip-6644-how-can-i-use-group-policy-to-add-a-site-to-the-trusted-sites-zone.html

I hope this helps.

0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:tcat169
ID: 22634780
Thanks for the responses. I have attached the code that is run.  I believe you should be able to run a startup script on a computer vs.  user through group policy.  It is then applied to the computer (regardless of who logs in) .  

The first part of the code is what is applied through GP and the second part is the actual file that is run.  I am able to run the file once I am logged in.  The failure occurs at startup.  I will follow up on the IE suggestions and let you know.

Any additional help is appreciated.
\\sbcp.com\netlogon\verona_pb.vbs 
 
Set objNetwork = CreateObject("Wscript.Network")
	objNetwork.MapNetworkDrive "Y:", "\\sbcp.com\public\veronaexpedite"

Open in new window

0
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 22635009
The issue is that you're running the script as a Startup script. The computer cannot map a drive and that is the issue. To make the script apply to every user that logs on to it you need to put the script in the logon section (under User Configuration\Windows Settings\Script) and then enable loopback processing using the Merge option (Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy loopback processing mode).
0
 

Author Comment

by:tcat169
ID: 22635457
I am not certain that you are correct, because we can map a drive to a computer (Startup Script) under Computer Configuration using \\servername\share, but the drive appears as "disconnected" and users with IE 7.0 have difficulty running executables from this "shared" drive.  We implemented DFS and are trying to map via \\domain\public.
0
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 22635569
Mapped drives are in the HKCU\Network key. Unless the script specifically modifies the HKU\ on the machine it is impossible for a startup script to map a drive.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22635936
Try putting the UNC path in trusted sites. I know it sounds odd, but it is a good test of IEES.
0
 

Author Comment

by:tcat169
ID: 22636981
I totally disabled IEES on my DCs and put the UNC ..still no luck .
0
 
LVL 18

Accepted Solution

by:
Jeremy Weisinger earned 250 total points
ID: 22637054
Mapping network drives much be done under a user context. This means that you cannot map a drive with a startup script. You will continue to not have any luck until you start running it as a logon script.

In my post above I gave the general steps on how to apply a logon script to users based on computer. http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23783348.html?cid=238#a22635009

I can tell you how to apply a logon script to a specific computer in more detail if you need. Let me know.
0
 

Author Closing Comment

by:tcat169
ID: 31502579
The Loopback/Merge option worked.  Thanks for your help...I will not doubt again....
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question