GPO Drive Mappings
I am a having tremendous problems mapping drives for my company. We bought a subsidery and The powers that be will not give us the OK for a one way trust, therefore everything is extra hard. I have a generic question about GPO. If a drive mapping is configured in a GPO , but no "Targeting" is set, will the users in the OU still get the drive mapped? also If I end up having to use a batch file to do these drive mappings, is it possible with a batch file to call "@net use u: \\file-server\homearea$\%u
Thanks in advanced.
Thanks in advanced.
Targetting in GPO preferences is used to limit the users that will apply the preference. So if you set up targetting to apply the drive to the administrators group, only members of that group will have the drive mapped. If no targetting is set, everyone will have the drive mapped. Note that if you use GPO Preferences with Windows XP machines, you may need to install the Client Side Extensions for Group Policy Preferences.
As for your second question, yes, you can use %username% in a net use command.
As for your second question, yes, you can use %username% in a net use command.
Correction, with no targetting, everyone in the OU the GPO is applied to will have the mapping applied.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
From the original question, it appears that the desired end goal via GPP is for the trusted domain's users and as well as the native users in the domain where the GPO lives, not sure if there is a solution for that.
You would have to have a Preference set in each domain that pushes the drive map and ensure that the users that need access in the trusted domain are given necessary access permissions in the resource's domain to allow users in the trusted domain to access files in the resource domain. The one way trust, if the resource domain trusts the account domain, will allow you to assign a global or universal group in the trusted domain to a domain local domain in the resource domain. If you put the users that need access in the global/universal group that exists in the trusted domain, and assign permissions to the domain local group in the resource domain, the trusted domain's users should then have access to the files. (A little confusing, but it does work).
ASKER
I tried a batch file that included
@net use w: \\file-server\trss_users$\
@net use u: \\file-server\homearea$\%u
@net use k: \\file-server2\atf
@net use v: \\file-server\eua$
@net use m: \\other-domain\mword
@net use j: \\other-domain\sl
Only the v: and k: mappings came through the others did not. I am trying to gain some sort of logic but as I progress it gets worse. so it seems that the w: and u:, because of the %username% directive is not mapping? I am only guessing
Thanks iin advanced.
@net use w: \\file-server\trss_users$\
@net use u: \\file-server\homearea$\%u
@net use k: \\file-server2\atf
@net use v: \\file-server\eua$
@net use m: \\other-domain\mword
@net use j: \\other-domain\sl
Only the v: and k: mappings came through the others did not. I am trying to gain some sort of logic but as I progress it gets worse. so it seems that the w: and u:, because of the %username% directive is not mapping? I am only guessing
Thanks iin advanced.
Try to make sure nothing is mapped first. Generally a good idea.
net use w: /delete
ETC
net use w: /delete
ETC
ASKER
acbrown2010:
If what you said bout targeting is correct, then how come i created a new user, dropped the account in the OU and logged on but mappings set in the GPO did not occur for the test users... Also two days ago I put together a test mapping and called it "Test Map" yesterday I Deleted it, today it is one one of the mappings that is showing in the test users profile. Is there a way to cleanup the a GPO other than what I have done, which is to delete the unwanted mappings that are still showing up?
Thanks in advanced
If what you said bout targeting is correct, then how come i created a new user, dropped the account in the OU and logged on but mappings set in the GPO did not occur for the test users... Also two days ago I put together a test mapping and called it "Test Map" yesterday I Deleted it, today it is one one of the mappings that is showing in the test users profile. Is there a way to cleanup the a GPO other than what I have done, which is to delete the unwanted mappings that are still showing up?
Thanks in advanced
You'll probably need to run a GPUpdate on the system that the user is logging in to. If the GPO has been unlinked from the OU, it may continue to be active in the profile until you run GPUpdate /force.
ASKER
acbrown2010:
I am sorry I should have mentioned that I did do the "gpupdate /force" and the process aked me to log off and I did, when I logged back on the situation was still the same. ....
I am sorry I should have mentioned that I did do the "gpupdate /force" and the process aked me to log off and I did, when I logged back on the situation was still the same. ....
Oh I gotcha now. The drive map in the Test Map GPO was still there, not the GPO itself was listed in rsop.msc...That's because once a drive map has been established, it will remain until you disconnect it (using net use Drive: /d) or configure it not to map. On the other issue of the Group Policy Preference drive map not showing up, where did you configure the the drive map in your gpo? Was it under computer configuration or user configuration? Is it a Windows XP machine? What type of objects were in the OU you linked it to? Computers or Users?
ASKER
The test map was never part of the new test user's config or profile(The test map was deleted yesterday) and the new users was created today.
The test machine is XP Pro
Any targeting that I do, is always to a security group
The Drive Map was configured in the GPO
It is under user configuration section(Not Computer Configuration)
Thanks in advanced
You might try just disconnecting the mapped drive and see if it shows up again when you reboot. If it does, there may still be a remnant of the script running somewhere.
So with Windows XP, you need to have the GP Preferences Client Side Extensions installed for drive maps to work through there. You can get them here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e60b5c8f-d7dc-4b27-a261-247ce3f6c4f8&displaylang=en
XP service pack 3 is *supposed* to have it installed already, but I've seen a lot of workstations that have SP3 and still don't work with preferences until you install the GPP Client Side Extensions, so that's the best first step on that.
So with Windows XP, you need to have the GP Preferences Client Side Extensions installed for drive maps to work through there. You can get them here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e60b5c8f-d7dc-4b27-a261-247ce3f6c4f8&displaylang=en
XP service pack 3 is *supposed* to have it installed already, but I've seen a lot of workstations that have SP3 and still don't work with preferences until you install the GPP Client Side Extensions, so that's the best first step on that.
ASKER
It Does haxe SP3
And just to be sure I just ran "Windows-en-US-KB943729.ex
I doconnetd the mapped drive from the test user profile
I ran gpupdate /force
It asked me to log off and I did
everytime I run gpupdate and try to log back on, it give me a message that "local policy does not permit me to logon locally" so I always logon as an admin user and add the test user back to the local admin group so that I can RDP to the XP box to TS( the test box is located at the sub site)
And just to be sure I just ran "Windows-en-US-KB943729.ex
I doconnetd the mapped drive from the test user profile
I ran gpupdate /force
It asked me to log off and I did
everytime I run gpupdate and try to log back on, it give me a message that "local policy does not permit me to logon locally" so I always logon as an admin user and add the test user back to the local admin group so that I can RDP to the XP box to TS( the test box is located at the sub site)
ASKER
acbrown2010: (or anyone)
I have decided to go with a batch file to fix this issue at least temporarily. I am having an issue that you might be able to help me with please. I am trying to utilize the "%username%" directive to map drives in the batch,but is is not working, for example "\\file-server\folder1\%us
Thanks in advance
I have decided to go with a batch file to fix this issue at least temporarily. I am having an issue that you might be able to help me with please. I am trying to utilize the "%username%" directive to map drives in the batch,but is is not working, for example "\\file-server\folder1\%us
Thanks in advance
Can you may the drive using that command outside of a batch file(just from the command line)? What does echo %username% return?
If the Home directory isn't set you can highlight all the users click properties and set it by selecting the drive you want to map to and the unc. So to use the exmaple above the drive woudl be u: and the unc \\file-server\homearea$\%u