Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 417
  • Last Modified:

My Network Drives dont show up after login when not on server

On our office desktops, whenever I login as myself (a domain admin), my entire profile loads except my network drives (which are set to map via a vbs login script in group policy), which are not mapped unless I manually find the script and run it (vbs script). However, on these same desktops, whenever domain users login, their profiles and network drives are all correctly mapped. Whenever I login to citrix severs, my profile and network drives are properly mapped, and the so are domain users' are able to login to citrix fine and have their profile and network drives maps. How can I fix this so that my group policy login script will run?

Note: MY group policy login script is different from the domain user's group policy login script, which may explain why theirs always runs no matter where they login and mine only seems to run on the servers.
1 Solution
I bet your problem is that your vbscript is set to run off of a mapped or local drive location.  

Can you change the reference to a generic network share e.g. \\\share\script1.vbs
jeffschickAuthor Commented:
Sublifer- I am not sure what you mean? However, all of the scripts are in the sysvol folder of the SBS server, but they still run when on any of the other 3 servers, but do not run on  the non-server desktops. Does this change anything?
SCCMCanuckNetwork AnalystCommented:
Can you provide more details on your Active Directory infrastructure for example what policies are tied to what OU's. A diagram of your Active directory infrastucture woould be great.

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Check to confirm that your domain admin gpo is linked to the desktop you are using to logon.  You may have only deployed your admin script against a server container in your AD.

and also make sure that it's not set to exclude admins...terminal services use a different profile. Based upon what you wrote, though, I would think that A2the6th has it correctly, though.
jeffschickAuthor Commented:
My OU is set to aaad.local

It has no mention of any servers or desktops- here is whats weird:
The login script is inside the scripts part of the group policy named admin policy. The folder redirection and everything in the GP runs except for the login script. I have tried GPUPDATE/foce and GPUPDATE on the desktop machines to no avail. Also, opening and then saving the GP does nothing to change anything.
jeffschickAuthor Commented:
Actually, I have been wanting to change some things.  With the office being relatively quiet this week, wouldn't mind completely rebuilding the active directory and  Group policy and deleting everything else to accomplish the following:
1. Have a set of policies to run for domain admins when the logon to a server.
2. Have a set of policies which apply to domain users when they logon to a server.
3. Have a set of policies which apply to domain users when they logon to a desktop.
4. Have a set of policies which apply to domain admins when they logon to a desktop.
5. Have a set of policies which apply to everyone no matter what they are logging on to.

Is this possible to setup? I need to learn how to setup the Active Directory structure so that it has computers grouped by desktop and by server. RIght now they are just kind of not grouped i guess? Can you help me figure out how to set this up?
Try adding another script, one that simply creates a text file on the C:\ drive or something. Find out if it's applying the scripts portion. Have it in the same location as your login script. Does THAT one execute correctly?

As I re-read your message, you have a different GP for admins vs. regular users...are you calling the script differently between the users GP and the admin GP? (i.e, in one, you have cscript login.vbs and the other simply has login.vbs, etc.

Silly question, could there be a mis-spelling in the login script name? Did you verify the file you are looking at on the server? By default, the location of the login script would be in a GUID {2394873-204789234098-02947823408}, etc. (no, not actually those numbers)

I realize there's a lot of questions there, hope it points you in a good direction.
Just got the updated screen...
Set up a GPO for the servers, you can filter them on group membership
Set up a GPO for everyone else, you can exclude this one by group membership (minimize the use of DENY, it gets hairy when troubleshooting)
Remember, there are 2 parts to a GPO...the COMPUTER portion and the USER portion. The COMPUTER portion must be applied to the COMPUTER (in other words, if you have a GPO with just computer settings, make sure it's being applied at the OU that contains the machines in question), the same holds true for the USER portion.
jeffschickAuthor Commented:
I know this sounds stupid, but...
how can I setup the GPO for the server and filter them on group membership?
And how do I setup OUs in active directory - right now I dont really have any ous being utilized and am not sure how to do this. Could you give instructions for what you were saying above?

More specifically, could you help me implement my questions in comment 24081101

jeffschickAuthor Commented:
If you could help walk me through as if I had a brand new installation, I would appreciate it.
Thanks so much!
I actually have to head out right wife has a doc appointment...if I get a chance tonight, I will try to respond from home.

Please let me know a bit about your AD structure...2k3, NT, 2k, 2k8?
How much do you know about Active Directory?
What tools do you use to edit your GPO's?
If you are running 2k3 and aren't using GPMC, download it and run it. It's much better and once you get a feel for it, you get a better handle on how and where GPO's are being applied.

Assuming you are running the GPMC, take a look at the Group Policy Objects "folder" on the left side, expand it and click on a GPO. Looking on the right, you should see (and forgive me, I am working from memory here because I am on my Mac right now at my in-laws) a split high/low window. On the top, it should show the linked locations where the GPO is applied. On the bottom, you will see the group filtering. I THINK by default, it's showing Domain Users but it is editable.

I would suggest that you draw out what your plans are (the layout you had above looked like a really good start) and figure out which groups will work, then remove Domain Users and add in the groups you want it to apply to...(domain admins, domain users, runthisgpogroup, etc.)

Once you know who you want to apply it, you can edit it...then link it to the correct GPO. There are lots of on-line tutorials/faq's on Active Directory Group Policy...just Google it... (sorry, bad English, there)

Hope this gets you started.
jeffschickAuthor Commented:
I am running 2k3 with GPMC - however, I am not sure what the linked location at the top should say - it seems to default as aaad.local
i was able to get the network to work with ad using SBS, but i am not an expert on AD - I have basically learned thru trial and error.
jeffschickAuthor Commented:
Could you recommend some sites for creating OUs and GPOs?
Shows how to create an OU in Active Directory. It also shows how to create a GPO (the old way)


other than that, use Google to answer your specific questions...also, I would highly recommend a good book on Active Directory...perhaps written by Minasi, put out by Microsoft Press, put out by QUE. There are lots of helpful books out there. If you check with Amazon, you can see what they say about particular books.

Hope this helps...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now