OutstandingO
asked on
Group Policy Question
I have recently created a file server in my small duplex. I'm using windows server 2008. The machines are windows 7 machines. I have multiple users at this point, and I would like to create a group that will allow users to log into their profile and have their shared folder mapped automatically to their machine regardless of where they log in.
Ex: I have created a Folder called "File Directories" on my server. I want to create a group called "Legal Dept", that will not only give me access to the "File Directories" folder and/or sub folders, but that will map that directory to any machine I happen to assign my profile to.
I hope that this is clear. Any direction that could be provided would be great.
Ex: I have created a Folder called "File Directories" on my server. I want to create a group called "Legal Dept", that will not only give me access to the "File Directories" folder and/or sub folders, but that will map that directory to any machine I happen to assign my profile to.
I hope that this is clear. Any direction that could be provided would be great.
ASKER
Thanks for the help so far. This has been very helpful.
One small question however, how would I link the created group policy to the created group?
One small question however, how would I link the created group policy to the created group?
You can't link group policies to groups - you link them to Organizational Units. If you want however, you can use Security Filtering so that the policy is only seen by a specific group. I would suggest you use the other method though, which is the Targeting explained above. It's more flexible than using Security Filtering.
Example:
Remove "Authenticated Users" so that other groups or users can see the policy.
Example:
Remove "Authenticated Users" so that other groups or users can see the policy.
ASKER
Okay. Either I've missed something or I don't have things configured correctly.
In the server box that I have there are two 1.5TB drives.
The OS is installed on C: and the second (D:) has the desired folders that I want to share. I've attempted what was suggested in the first screen shot, however, after I run gpupdate /force under the user profile the mapped drive does not appear.
Did I mess up implementing the steps or in understanding the concept?
Thanks again.
In the server box that I have there are two 1.5TB drives.
The OS is installed on C: and the second (D:) has the desired folders that I want to share. I've attempted what was suggested in the first screen shot, however, after I run gpupdate /force under the user profile the mapped drive does not appear.
Did I mess up implementing the steps or in understanding the concept?
Thanks again.
Without knowing more about your environment, I can't hypothesize as to why it doesn't work.
Can you run GPRESULT /V from the command line and see if your policy is being picked up at all?
NOTE: The results may be too large to fit on your screen - you can pipe it to a text file, like so:
Can you run GPRESULT /V from the command line and see if your policy is being picked up at all?
NOTE: The results may be too large to fit on your screen - you can pipe it to a text file, like so:
gpresult /v > gpresult.txt
notepad gpresult.txt
Something that may be hindering your testing - adding a user to a group does not give them that group's rights (yet). The user account probably doesn't know about it's own group memberships - so be sure to update the kerberos token. Do this by logging the user out and back in.
ASKER
Your path is clearly invalid. Please ensure that your path you've chosen is valid and you can connect to it, prior to setting it here.
ASKER
Hmmm. From one of the client machines I'm able to path my way directly to that folder. I simply coped and pasted that path in the location field specified in image 1.
It's impossible. A UNC path cannot contain a semicolon (:)
That Path is invalid from the client point of view. From the client try to browse to the path using Windows Explorer. Start with \\skynet-serv and see where you go from there.
That Path is invalid from the client point of view. From the client try to browse to the path using Windows Explorer. Start with \\skynet-serv and see where you go from there.
ASKER
Excellent, we're getting a little further :)
Now, can you try the GPRESULT I suggested earlier. Look up for comment ID 36973244
Go through the gpresult.txt file, and see that it's found the Group Policy you created. If it hasn't make sure that:
If you're still stuck ZIP up the gpresult.txt file and attach it as a file so that I may review it for you. Give me the name of the Group and the name of the GPO too, so I can match it up.
Now, can you try the GPRESULT I suggested earlier. Look up for comment ID 36973244
Go through the gpresult.txt file, and see that it's found the Group Policy you created. If it hasn't make sure that:
The group policy has been linked to an Organizational Unit which is higher up than where the user sits
The computer that the user is on is a member of the domain
The user is a member of the group you've limited the GPO to (you can see this in her gpresult.txt file)
If you're still stuck ZIP up the gpresult.txt file and attach it as a file so that I may review it for you. Give me the name of the Group and the name of the GPO too, so I can match it up.
ASKER
The name of the GPO is SND File Directory. The name of the Group is SND File Group
gpresult.zip
gpresult.zip
I have one question. If you are using Item level targeting why apply to security fillterimg to the group or vice versa.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
LOL!!! OH MY GOODNESS!! If it was a snake it would have bit me!!!! That fixed it.
I didn't drag it to the domain. SMH. I feel like such a fool. I assumed by the very nature of it being created under the GPO that it would be recognized once the other groups/users were linked to it, because they were in the domain already. SMH.
But I will forever sing the praises of LesterClayton!!! Of his patience, professionalism, and his expertiece. I thank you sir.
I didn't drag it to the domain. SMH. I feel like such a fool. I assumed by the very nature of it being created under the GPO that it would be recognized once the other groups/users were linked to it, because they were in the domain already. SMH.
But I will forever sing the praises of LesterClayton!!! Of his patience, professionalism, and his expertiece. I thank you sir.
1
Create a group in Active Directory2
Assign the NTFS Permissions of the Group in question3
Create a new group policy, and link it to the container which will affect all users4
Edit the policy as follows:5
Click OK, and OK. Add more drive maps as necessary (each drive map can have it's own targeting).Your Group Policy is saved automatically - just close Group Policy Management Editor, and test a user login.