[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Simple group policy not applying...

Posted on 2011-10-22
Medium Priority
Last Modified: 2012-05-12
Trying to add a group policy on a windows 2008 domain controller (we have mixed 2003 and 2008 domain controllers in the domain).

Simple policy to map a drive... a batch file that contains:
net use z: "\\fileserver2\Data"

Plain and simple.  I put the batch file in the scripts folder in sysvol.  I can double click the script as the user, and the drives are mapped no problem.  Also, I can call the script as part of the user's profile (the 'login script' part in his profile) and everything works well.  BUT when i try to call it with group policy, with the "logon" in windows settings of the group policy, i get nothing.  I know the user has rights to the folder it's in, and can navigate to that folder and run it manually, but group policy isn't running it.

Anyone got any troubleshooting steps I can try?  
Question by:Mystical_Ice
LVL 11

Accepted Solution

Ackles earned 2000 total points
ID: 37011205
Sure, here are the tips:

1) Check the user is in correct OU.
2) Check the policy is applied to user side & nothing is disabled.
3) Check that Authenticated users are in the applied policy & nothing is denied.
4) Switch off the machined & start again, run gpresult /force, just to be sure.
4) Switch off the firewall on client machine where user has logged on once & run RSOP from GPMC on the server.
5) Run gpresult /v on the client & see if the RSOP said that the user is getting policy, it's applied on the machine.

If you see that RSOP says policy is applied & gpresult doesn't show, then starts troubleshooting.
Best place, go to Event Viewer & check GroupPolicy Operational logs.

Let know if you need something more.

LVL 44

Expert Comment

ID: 37011270
one more simple solution to add file server path in the user profile and map it. It can be done manually or via using admodify tool if you need to do it for bulk user.
LVL 57

Expert Comment

by:Mike Kline
ID: 37011353
Have you thought about using group policy preferences to map drives


Helps reduce login scripts.


Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 37012714
Amitkul - that's good, but only room for one mapping. Definitely not a fix, more of a band aid. I appreciate the idea though.

Mkline - that option only applies to vista and 7 clients, not xp, unless you install a hotfix, which adds way more overhead.

Ackles - what do you mean make sure authenticated users are in the policy?
LVL 12

Expert Comment

by:Vaseem Mohammed
ID: 37013209
You are configuring the script on "Computer configuration" or "user configuration".
if its on computer configuration, it will not work as when the computer restarts, the script is running on behalf of computer account and it will not have rights on the share.

Author Comment

ID: 37015189
It's under the user configuration
LVL 11

Expert Comment

ID: 37016152
I mean when you configured GPO did you make it for some special group or used the default?
Did you run RSOP?

Author Comment

ID: 37097360
RSOP figured out the issue
LVL 11

Expert Comment

ID: 37097378
Glad that helped

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question