Solved

GPO Drive Mappings

Posted on 2011-03-02
17
1,229 Views
Last Modified: 2012-05-11
I am a having tremendous problems mapping drives for my company. We bought a subsidery and The powers that be will not give us the OK for a one way trust, therefore everything is extra hard. I have a generic question about GPO. If a drive mapping is configured in a GPO , but no "Targeting" is set, will the users in the OU still get the drive mapped? also If I end up having to use a batch file to do these drive mappings, is it possible with a batch file to call "@net use u: \\file-server\homearea$\%username%" from a batch file? We have tried VB scripts as well as GPO and Batch files. The mappings are not consistent (here today, gone tomorrow). I need to fix this once and for all. I do not have the luxury of Desktop Authority, so please leave that out of the equation

Thanks in advanced.

 
0
Comment
Question by:cyberchrisrock
  • 6
  • 6
  • 3
  • +2
17 Comments
 
LVL 11

Expert Comment

by:willettmeister
ID: 35019869
I don't know the answer to your gpo question but from a abtch file you can use "net use /home".  As long as the home directory is set in the users profile in AD then it should consistently msap the drive for you.
  If the Home directory isn't set you can highlight all the users click properties and set it by selecting the drive you want to map to and the unc.  So to use the exmaple above the drive woudl be u: and the unc \\file-server\homearea$\%username%.  

0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 35019894
Targetting in GPO preferences is used to limit the users that will apply the preference. So if you set up targetting to apply the drive to the administrators group, only members of that group will have the drive mapped. If no targetting is set, everyone will have the drive mapped. Note that if you use GPO Preferences with Windows XP machines, you may need to install the Client Side Extensions for Group Policy Preferences.

As for your second question, yes, you can use %username% in a net use command.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 35019907
Correction, with no targetting, everyone in the OU the GPO is applied to will have the mapping applied.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 4

Accepted Solution

by:
EshuunDara earned 500 total points
ID: 35019915
Your NET USE commands will work just fine in a batch file.  If they need to access a resource in your domain the problem will be how they authenticate to the resource without a trust relationship.

If they need access to something within their own domain, I'd just use group policy preferences on their domain controller.  (Or batch file login scripts set in a GPO on their DCs if they're on 2003)
0
 
LVL 11

Expert Comment

by:RickSheikh
ID: 35020270
From the original question, it appears that the desired end goal via GPP is for the trusted domain's users and as well as the native users in the domain where the GPO lives, not sure if there is a solution for that.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 35020310
You would have to have a Preference set in each domain that pushes the drive map and ensure that the users that need access in the trusted domain are given necessary access permissions in the resource's domain to allow users in the trusted domain to access files in the resource domain. The one way trust, if the resource domain trusts the account domain, will allow you to assign a global or universal group in the trusted domain to a domain local domain in the resource domain. If you put the users that need access in the global/universal group that exists in the trusted domain, and assign permissions to the domain local group in the resource domain, the trusted domain's users should then have access to the files. (A little confusing, but it does work).
0
 

Author Comment

by:cyberchrisrock
ID: 35020811
I tried a batch file that included

@net use w: \\file-server\trss_users$\%username%
@net use u: \\file-server\homearea$\%username%
@net use k: \\file-server2\atf
@net use v: \\file-server\eua$
@net use m: \\other-domain\mword
@net use j: \\other-domain\sl

Only the v: and k: mappings came through the others did not. I am trying to gain some sort of logic but as I progress it gets worse. so it seems that the w: and u:, because of the %username% directive is not mapping? I am only guessing

Thanks iin advanced.
0
 
LVL 11

Expert Comment

by:willettmeister
ID: 35020934
Try to make sure nothing is mapped first.  Generally a good idea.

net use w: /delete

ETC
0
 

Author Comment

by:cyberchrisrock
ID: 35021264
acbrown2010:

If what you said bout targeting is correct, then how come i created a new user, dropped the account in the OU and logged on but mappings set in the GPO did not occur for the test users... Also two days ago I put together a test mapping and called it "Test Map" yesterday I Deleted it, today it is one one of the mappings that is showing in the test users profile. Is there a way to cleanup the a GPO other than what I have done, which is to delete the unwanted mappings that are still showing up?

Thanks in advanced
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 35021358
You'll probably need to run a GPUpdate on the system that the user is logging in to. If the GPO has been unlinked from the OU, it may continue to be active in the profile until you run GPUpdate /force.
0
 

Author Comment

by:cyberchrisrock
ID: 35021418
acbrown2010:

I am sorry I should have mentioned that I did do the "gpupdate /force" and the process aked me to log off and I did, when I logged back on the situation was still the same. ....
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 35021464
Oh I gotcha now. The drive map in the Test Map GPO was still there, not the GPO itself was listed in rsop.msc...That's because once a drive map has been established, it will remain until you disconnect it (using net use Drive: /d) or configure it not to map. On the other issue of the Group Policy Preference drive map not showing up, where did you configure the the drive map in your gpo? Was it under computer configuration or user configuration? Is it a Windows XP machine? What type of objects were in the OU you linked it to? Computers or Users?
0
 

Author Comment

by:cyberchrisrock
ID: 35021658


The test map was never part of the new test user's config or profile(The test map was deleted yesterday) and the new users was created today.

The test machine is XP Pro

Any targeting that I do, is always to a security group

The Drive Map was configured in the GPO

It is under user configuration section(Not Computer Configuration)

Thanks in advanced

0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 35021704
You might try just disconnecting the mapped drive and see if it shows up again when you reboot. If it does, there may still be a remnant of the script running somewhere.

So with Windows XP, you need to have the GP Preferences Client Side Extensions installed for drive maps to work through there. You can get them here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e60b5c8f-d7dc-4b27-a261-247ce3f6c4f8&displaylang=en

XP service pack 3 is *supposed* to have it installed already, but I've seen a lot of workstations that have SP3 and still don't work with preferences until you install the GPP Client Side Extensions, so that's the best first step on that.
0
 

Author Comment

by:cyberchrisrock
ID: 35021900
It Does haxe SP3

And just to be sure I just ran "Windows-en-US-KB943729.exe"

I doconnetd the mapped drive from the test user profile

I ran gpupdate /force

It asked me to log off and I did

everytime I run gpupdate and try to log back on, it give me a message that "local policy does not permit me to logon locally" so I always logon as an admin user and add the test user back to the local admin group so that I can RDP to the XP box to TS( the test box is located at the sub site)


0
 

Author Comment

by:cyberchrisrock
ID: 35028075
acbrown2010: (or anyone)

I have decided to go with a batch file to fix this issue at least temporarily. I am having an issue that you might be able to help me with please. I am trying to utilize the "%username%" directive to map drives in the batch,but is is not working, for example "\\file-server\folder1\%username%" does not work but "\\file-server\folder1" does work.. As long as I do not use the "%username%" switch it will work.. have you ever successfully used that directive (%username%) in a batch file to map a drive resource? If so how! Can you please provide me with an example. I need to know if I am missing something.

Thanks in advance

0
 
LVL 11

Expert Comment

by:willettmeister
ID: 35147071
Can you may the drive using that command outside of a batch file(just from the command line)?  What does echo %username% return?

0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Disabling null sessions on domian controllers 15 30
Problems with GPO registry settings 7 43
Windows Password recovery 7 35
Application Crash 2 21
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question