Solved

drive map gpo gpp not applying correctly.

Posted on 2010-09-05
19
2,089 Views
Last Modified: 2012-06-21
i have defined a new GPO at the domain level. server 2008

defined in this policy is the new "drives maps" group policy preferences policy (user comfig\preferences\windows settings\drive maps), action used is "replaced"

when the policy does apply it maps everything as designed that is not the issue. the issue is for ex. i have 8 servers. i log on to multiple servers but the new drive mappings aren't taking place unless i manually run "gpupdate /force" on that machine.

i dont know if this will be the same for all the clients, is there anything i can do to ensure the policy applies every time. i dont want evry client to have to run a gpupdate /force command to get the new drive mappings.

0
Comment
Question by:dirkdigs
  • 7
  • 4
  • 3
  • +3
19 Comments
 
LVL 15

Expert Comment

by:Dave_AND
ID: 33607869
Each PC will apply the GPO on reboot (or every 90 mins) so you should be ok.
0
 
LVL 12

Expert Comment

by:naykam
ID: 33609912
Did you previously use a script to map the drives? Before moving to a group policy based approach?
0
 
LVL 6

Expert Comment

by:robbe
ID: 33610273
You should configure the GPO's to run at logon time. You can find some more information over here:

http://support.microsoft.com/kb/314488
0
 
LVL 6

Expert Comment

by:robbe
ID: 33610288
Sorry wrong link, here is the policy location:
Computer Config/Admin Templates/System/Logon/Always wait for the network at computer startup and logon:Enabled.
0
 
LVL 6

Expert Comment

by:Gary Stevens
ID: 33610316
One issue which may have been overlooked: If you had previously Mapped the same Drive Letters with a Login Script which Mapped them :persistently then they won't clear until you do it manually or force the GPO Update. I suggest you include a "map x /d" where "x" is the previously mapped drive as part of a logon script for all users. It should only be necessary to leave it in place for a day or 2 until people have logged on and the GPO will take over correctly from there.
GS
0
 

Expert Comment

by:Er1cL
ID: 33612524
0
 

Author Comment

by:dirkdigs
ID: 33612636
@naykam: yes
0
 

Author Comment

by:dirkdigs
ID: 33612647
@GaryStevens:

do you mean delete all mapped drives first ?
0
 
LVL 6

Expert Comment

by:robbe
ID: 33612659
Dirkdigs,

Did you removed/checked the script? Maybe there is still some lines of code that delete all mappings when logging on? Are there any events regarding the GPO extensions in the eventlog ?

Regards,
Robin
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:dirkdigs
ID: 33612711
@GaryStevens: should i create a new gpo for this and apply it to the domain level? should i do a computer policy or a user level policy ?
0
 
LVL 12

Expert Comment

by:naykam
ID: 33613973
I experienced the same problem.

It took me a while but I found a work around.

If you are trying to use GPO to apply mapped drives, that were previously mapped with a script, you need to remove the reference points that still exist in the registry:

Delete any references in:
KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

Restart your computer.

Maybe write a script to delete theses (after testing) then you should find your group policy will work.
0
 
LVL 6

Accepted Solution

by:
Gary Stevens earned 500 total points
ID: 33614071
dirkdigs
I suggest you use your old script to remove the residual mapped drives.
Where you had map X: \\server\etc change it to map X: /d
I would put a test in the script to check if one of the old mapped drives exists
then map X: /d
and at the bottom of the script add gpupdate /force
That will clear the old ones and then refresh the GPO
GS
0
 

Author Comment

by:dirkdigs
ID: 33632278
Does a logon script run before the Drive maps GPP ?

I inserted a logon script to delete al lthe mapped drives using NET USE * /DELETE /Y

i run gpupdate /force

when i log back on i have no drives.
0
 
LVL 12

Expert Comment

by:naykam
ID: 33632292
Try removing the mount points as mentioned
0
 

Author Comment

by:dirkdigs
ID: 33632298
that has nothign to do with why the gpp is not mapping the drives now ...
0
 
LVL 12

Expert Comment

by:naykam
ID: 33632309
try it
As I said, exactly the same problem I was having. Because the mount points still existed group policy would not map the previously scripted drives.
0
 

Author Comment

by:dirkdigs
ID: 33632379
i built this server after removing the vbs script.
0
 

Author Comment

by:dirkdigs
ID: 33632388
if i take out the delate all mapped drives script from my GPO it is fine. if i keep the logon script in place and map the drives using GPP the drives never get mapped.
0
 
LVL 6

Expert Comment

by:Gary Stevens
ID: 33632588
Dirkdigs
A couple of further things to consider.
The Logon Script will delete the drives (X: /D) but is often slow to complete the task before the GPO is refreshed.
Traditionally what I do to solve the problem is create a small file with a couple of characters in it. What they are doesn't matter.
Put this file in the \sysvol\folder (Call it MapDel.txt)
in your logon script add the following:

if exist == c:\mapdel.txt then goto DONE
Copy \\servername\sysvol\mapdel.txt c:\
map X: /d
and the other map ..... /d
:DONE
gpupdate /force
wait /30
essentially what this will do is check for the file on C:\ local. If it exists then it steps over the remaining script.
otherwise it copies the file to C:\ for the next login check.
the wait /30 slows the process down to allow the gpupdate /force to complete
It often a matter of timing. See how you go.
Gary
ps: please check the commands and syntax before use.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

OfficeMate Freezes on login or does not load after login credentials are input.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now