Tech or Treat! Write an article about your scariest tech disaster to win gadgets!Learn more

x
?
Solved

Not the usual Group Policy Preferences - Drive Map issue

Posted on 2010-09-17
4
Medium Priority
?
1,047 Views
Last Modified: 2012-06-27
Hello

I have an AD DS server running Win 2k8 R2.   I have a GPO for Drive Mapping through Windows Preferences, linked/enforced at the domain level, and security filtering is performed by group.  I have a user who is a member of said group.  I have no problem using GPO Preferences to map drives which exist on a Windows Server.  However, I have several network shares which reside on an IBM i Series server and one Linux server.  When I try to deploy these drives through GPO Preferences, the drive icons do show up on the client computers.  When I log in as said user, the drives always show as disconnected.  The drives which point to shares on Windows servers are fine.  When I double-click the icons, I receive an error message that the username is not found with error code "The user could not be found 2221".  It seems like it's trying to authenticate to the foreign servers with a domain account.  I can manually map these drives, but they show disconneted at next logon.  If I specify a username/password in the "Connect as" fields in the Drive Map Preferences GPO, it seems to have no effect.   It doesn't matter if I use replace, create, or update in the GPO, the result is the same.  All client systems are Win XP SP3 w/ XMLLite and GPO client side preferences update installed.

GPResult on the client systems shows that the GPO is applied with no problems.  I'd really like to avoid using Logon scripts to achieve drive mapping for these shares, but increasingly it appears this is my only option.  Can anyone shed some light on this??

Thank you

Pete


0
Comment
Question by:PSeb_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 9

Accepted Solution

by:
rfportilla earned 2000 total points
ID: 33711179
This is kind of quirky.  I found this one article that might be useful: http://forums.techarena.in/server-dns/75255.htm
It mentions something about using the IP address for the share instead of the netbios name.  The issue they had was related to cached permissions set in the user profile.  I don't know what the mechanism is that MS is using, but try connecting using the IP address and see if that clears it up.  Even if this works, it is not the best solution, but it is still worth checking.

Btw, I like the idea of using the logon script for this.  It is reliable and predictable.  
0
 

Author Comment

by:PSeb_
ID: 33715888
Thank you for the response.  I did try deleting any saved credentials under the Manage Passwords applet in Control Panel, this had no effect.  Also I'm using IP address to map to the network shares, and there is no change using hostnames instead.  
0
 
LVL 9

Expert Comment

by:rfportilla
ID: 33717440
This may be related to other registry entries.  There are registry entries that define the minimum authentication level for different connections.  If that is the case you might be able to fix this using the Compatws.inf security template. Otherwise, it may come down to hunting through the registry for the magic setting.  If nothing else, blame Microsoft and call it a bug.  

From a security standpoint, I would prefer to not install the Compatws.inf template.  I would leave the security as it is and just use the logon script.  JMHO
0
 

Author Comment

by:PSeb_
ID: 33725672
Ok, thanks for the insight.  I've decided to stick with logon scripts to take care of the drive mapping for the shares on the nix systems.  
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

647 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question