Solved

My Network Drives dont show up after login when not on server

Posted on 2009-04-06
16
401 Views
Last Modified: 2012-06-21
Hello,
On our office desktops, whenever I login as myself (a domain admin), my entire profile loads except my network drives (which are set to map via a vbs login script in group policy), which are not mapped unless I manually find the script and run it (vbs script). However, on these same desktops, whenever domain users login, their profiles and network drives are all correctly mapped. Whenever I login to citrix severs, my profile and network drives are properly mapped, and the so are domain users' are able to login to citrix fine and have their profile and network drives maps. How can I fix this so that my group policy login script will run?

Note: MY group policy login script is different from the domain user's group policy login script, which may explain why theirs always runs no matter where they login and mine only seems to run on the servers.
0
Comment
Question by:jeffschick
16 Comments
 
LVL 10

Expert Comment

by:sublifer
ID: 24080601
I bet your problem is that your vbscript is set to run off of a mapped or local drive location.  

Can you change the reference to a generic network share e.g. \\192.168.100.1\share\script1.vbs
0
 

Author Comment

by:jeffschick
ID: 24080629
Sublifer- I am not sure what you mean? However, all of the scripts are in the sysvol folder of the SBS server, but they still run when on any of the other 3 servers, but do not run on  the non-server desktops. Does this change anything?
0
 
LVL 7

Expert Comment

by:Christopher Nienaber
ID: 24080646
Can you provide more details on your Active Directory infrastructure for example what policies are tied to what OU's. A diagram of your Active directory infrastucture woould be great.

Thanks
0
 
LVL 8

Accepted Solution

by:
A2the6th earned 500 total points
ID: 24080675
Check to confirm that your domain admin gpo is linked to the desktop you are using to logon.  You may have only deployed your admin script against a server container in your AD.

Cheers
0
 

Expert Comment

by:n1wgk2
ID: 24080986
and also make sure that it's not set to exclude admins...terminal services use a different profile. Based upon what you wrote, though, I would think that A2the6th has it correctly, though.
0
 

Author Comment

by:jeffschick
ID: 24081017
My OU is set to aaad.local

It has no mention of any servers or desktops- here is whats weird:
The login script is inside the scripts part of the group policy named admin policy. The folder redirection and everything in the GP runs except for the login script. I have tried GPUPDATE/foce and GPUPDATE on the desktop machines to no avail. Also, opening and then saving the GP does nothing to change anything.
0
 

Author Comment

by:jeffschick
ID: 24081101
Actually, I have been wanting to change some things.  With the office being relatively quiet this week, wouldn't mind completely rebuilding the active directory and  Group policy and deleting everything else to accomplish the following:
1. Have a set of policies to run for domain admins when the logon to a server.
2. Have a set of policies which apply to domain users when they logon to a server.
3. Have a set of policies which apply to domain users when they logon to a desktop.
4. Have a set of policies which apply to domain admins when they logon to a desktop.
5. Have a set of policies which apply to everyone no matter what they are logging on to.

Is this possible to setup? I need to learn how to setup the Active Directory structure so that it has computers grouped by desktop and by server. RIght now they are just kind of not grouped i guess? Can you help me figure out how to set this up?
0
 

Expert Comment

by:n1wgk2
ID: 24081164
Try adding another script, one that simply creates a text file on the C:\ drive or something. Find out if it's applying the scripts portion. Have it in the same location as your login script. Does THAT one execute correctly?

As I re-read your message, you have a different GP for admins vs. regular users...are you calling the script differently between the users GP and the admin GP? (i.e, in one, you have cscript login.vbs and the other simply has login.vbs, etc.

Silly question, could there be a mis-spelling in the login script name? Did you verify the file you are looking at on the server? By default, the location of the login script would be in a GUID {2394873-204789234098-02947823408}, etc. (no, not actually those numbers)

I realize there's a lot of questions there, hope it points you in a good direction.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Expert Comment

by:n1wgk2
ID: 24081203
Just got the updated screen...
Set up a GPO for the servers, you can filter them on group membership
Set up a GPO for everyone else, you can exclude this one by group membership (minimize the use of DENY, it gets hairy when troubleshooting)
Remember, there are 2 parts to a GPO...the COMPUTER portion and the USER portion. The COMPUTER portion must be applied to the COMPUTER (in other words, if you have a GPO with just computer settings, make sure it's being applied at the OU that contains the machines in question), the same holds true for the USER portion.
0
 

Author Comment

by:jeffschick
ID: 24081258
I know this sounds stupid, but...
how can I setup the GPO for the server and filter them on group membership?
And how do I setup OUs in active directory - right now I dont really have any ous being utilized and am not sure how to do this. Could you give instructions for what you were saying above?

More specifically, could you help me implement my questions in comment 24081101

0
 

Author Comment

by:jeffschick
ID: 24081279
If you could help walk me through as if I had a brand new installation, I would appreciate it.
Thanks so much!
0
 

Expert Comment

by:n1wgk2
ID: 24081303
I actually have to head out right now...my wife has a doc appointment...if I get a chance tonight, I will try to respond from home.

Please let me know a bit about your AD structure...2k3, NT, 2k, 2k8?
How much do you know about Active Directory?
What tools do you use to edit your GPO's?
0
 

Expert Comment

by:n1wgk2
ID: 24082347
If you are running 2k3 and aren't using GPMC, download it and run it. It's much better and once you get a feel for it, you get a better handle on how and where GPO's are being applied.

Assuming you are running the GPMC, take a look at the Group Policy Objects "folder" on the left side, expand it and click on a GPO. Looking on the right, you should see (and forgive me, I am working from memory here because I am on my Mac right now at my in-laws) a split high/low window. On the top, it should show the linked locations where the GPO is applied. On the bottom, you will see the group filtering. I THINK by default, it's showing Domain Users but it is editable.

I would suggest that you draw out what your plans are (the layout you had above looked like a really good start) and figure out which groups will work, then remove Domain Users and add in the groups you want it to apply to...(domain admins, domain users, runthisgpogroup, etc.)

Once you know who you want to apply it, you can edit it...then link it to the correct GPO. There are lots of on-line tutorials/faq's on Active Directory Group Policy...just Google it... (sorry, bad English, there)

Hope this gets you started.
0
 

Author Comment

by:jeffschick
ID: 24082459
I am running 2k3 with GPMC - however, I am not sure what the linked location at the top should say - it seems to default as aaad.local
i was able to get the network to work with ad using SBS, but i am not an expert on AD - I have basically learned thru trial and error.
0
 

Author Comment

by:jeffschick
ID: 24082505
Could you recommend some sites for creating OUs and GPOs?
0
 

Expert Comment

by:n1wgk2
ID: 24082828
Shows how to create an OU in Active Directory. It also shows how to create a GPO (the old way)
http://www.youtube.com/watch?v=KgxhrNjx2QI

GPMC
http://www.youtube.com/watch?v=upXUXJtCc-g

other than that, use Google to answer your specific questions...also, I would highly recommend a good book on Active Directory...perhaps written by Minasi, put out by Microsoft Press, put out by QUE. There are lots of helpful books out there. If you check with Amazon, you can see what they say about particular books.

Hope this helps...
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now