pss_it
asked on
Windows Server 2008 R2 Group Policy Drive Map Problem
We are using the Windows Server 2008 R2 Drive Map group policy feature to map our network drives for our end users. The feature works great for the most part, except for one problem. We utilize the Item Level Targeting feature to assign specific security groups so the particular drives will be mapped or not be mapped depending on the user's security group membership. Our specific problem occurs when we have a drive that needs to be mapped if a user belongs to one security group but also belongs to another security group.
For example:
We have a user that is a member of A_users and also a member of D_Users. We do not want this group policy to map the particular network drive for this user because he/she is a member of the A_users. Though, we have several users that are members of only the D_Users security group that we do want the network drive to be mapped. However for some reason the Item level targeting feature is not working and the network drive is being mapped anyway for the user belonging to both the A_users and D_users groups.
Below is an example of the config in the Targeting Editor:
The user is not a member of security group A_users
AND the user is a member for the security group B_Users
Or the user is a member of the security group C_Users
Or the user is a member of the security group D_Users
If I simply make the Targeting Editor configuration like the following, I get the result that I want:
The user is not a member of the security group A_Users
AND The user is a member of security group D_Users
I would need to make many duplicate group policy objects to map the same network drive for all the different security groups in our organization if the feature only works with only a few Items. Ideally, I would like to have one GPO for the particular network drive mapping that contains all the security groups in our organization.
I have changed the order of the items in the targeting editor with no luck. Is there a limitation on how many Items or items options you can have in the Targeting editor or am I missing something with the Items options configuration?
BTW. We are also experiencing the same problem with Printer connection mappings and I suspect the problem is related to the same cause as the drive mapping feature.
Thanks in advance for anyone that can help.
For example:
We have a user that is a member of A_users and also a member of D_Users. We do not want this group policy to map the particular network drive for this user because he/she is a member of the A_users. Though, we have several users that are members of only the D_Users security group that we do want the network drive to be mapped. However for some reason the Item level targeting feature is not working and the network drive is being mapped anyway for the user belonging to both the A_users and D_users groups.
Below is an example of the config in the Targeting Editor:
The user is not a member of security group A_users
AND the user is a member for the security group B_Users
Or the user is a member of the security group C_Users
Or the user is a member of the security group D_Users
If I simply make the Targeting Editor configuration like the following, I get the result that I want:
The user is not a member of the security group A_Users
AND The user is a member of security group D_Users
I would need to make many duplicate group policy objects to map the same network drive for all the different security groups in our organization if the feature only works with only a few Items. Ideally, I would like to have one GPO for the particular network drive mapping that contains all the security groups in our organization.
I have changed the order of the items in the targeting editor with no luck. Is there a limitation on how many Items or items options you can have in the Targeting editor or am I missing something with the Items options configuration?
BTW. We are also experiencing the same problem with Printer connection mappings and I suspect the problem is related to the same cause as the drive mapping feature.
Thanks in advance for anyone that can help.
Joseph Daly
Question are you doing this as individual items or are you doing this as a collection? I believe you need to do your item level targeting as a collection.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks xxdcmast for the tip. The collection feature worked like a charm!
Glad to hear it. Wasnt sure if the logic was right in the post above but close enough to get you there i guess.
ASKER
I knew I was missing something obvious and the collection function was it! I never knew what it was used for. I wish there was better documentation out there regarding these GPO features. In my Google searching I came up with few results that went into any detail.