Using Group Policy Preferences to Map Drives Based on Group Membership

quickslvr
quickslvr used Ask the Experts™
on
i created a GPO which allows our clients to connet with three different drives at logon.

i created those three shares on a server and gave domain users and everyone "read" rights.

after a gpupdate /force, those drives still do not connect.
what could be the reason for this?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Victor TarasovHead of system administration department

Commented:
try reboot system.

My script:
'========================================================================== 
' 
' VBScript Source File 
' 
' NAME: MapDrives.vbs 
' 
' COMMENT: ¿¿¿¿¿¿¿¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿ ¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿ ¿ EventLog 
' 
'========================================================================== 
 
Option Explicit 
On Error Resume Next 
 
Dim WshShell, WshNetwork 
 
Set WshShell = WScript.CreateObject("WScript.Shell") 
 
' MapDrv "L:", "\\SRV\Users\" & WshShell.ExpandEnvironmentStrings("%USERNAME%") 
 MapDrv "z:", "\\srv\FileServer" 
' MapDrv "W:", "\\SRV\Work" 
' MapDrv "P:", "\\SRV\SUPPORT$" 
 
'========================================================================== 
' 
' Function MapDrv(DrvLet, UNCPath) 
' 
' DrvLet -  ¿¿¿¿¿ ¿¿¿¿¿¿¿¿¿¿ 
' UNCPath - ¿¿¿¿¿¿¿ ¿¿¿¿ 
' 
' COMMENT: ¿¿¿¿¿¿¿¿¿¿¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿ ¿ ¿¿¿¿¿¿¿ ¿¿¿¿¿¿ ¿ EventLog 
' 
'========================================================================== 
 
 
Function MapDrv(DrvLet, UNCPath) 
 
    Dim WshNetwork         ' Object variable 
    Dim Msg 
 
    Set WshNetwork = WScript.CreateObject("WScript.Network") 
 
    On Error Resume Next 
    WshNetwork.RemoveNetworkDrive DrvLet 
    WshNetwork.MapNetworkDrive DrvLet, UNCPath 
     
    Select Case Err.Number 
        Case 0            ' No error 
 
        Case -2147023694  
            WshNetwork.RemoveNetworkDrive DrvLet 
            WshNetwork.MapNetworkDrive DrvLet, UNCPath 
              
        Case -2147024811  
            WshNetwork.RemoveNetworkDrive DrvLet 
            WshNetwork.MapNetworkDrive DrvLet, UNCPath 
 
        Case Else 
 
            Msg = "Mapping network drive error: " & _  
                   CStr(Err.Number) & " 0x" & Hex(Err.Number) & vbCrLf & _ 
                  "Error description: " & Err.Description & vbCrLf 
            Msg = Msg & "Domain: " & WshNetwork.UserDomain & vbCrLf 
            Msg = Msg & "Computer Name: " & WshNetwork.ComputerName & vbCrLf 
            Msg = Msg & "User Name: " & WshNetwork.UserName & vbCrLf & vbCrLf 
            Msg = Msg & "Device name: " & DrvLet & vbCrLf 
            Msg = Msg & "Map path: " & UNCPath  
 
            WshShell.LogEvent 1, Msg ', "\\oradb" 
    End Select 
 
End Function 

Open in new window

Author

Commented:
i did reboot already.

tis is a nice script, but i want to do this without.

how long does it normally take until a GPO catches up?
Victor TarasovHead of system administration department

Commented:
After reboot GPO updated, check eventlog to view update status.
After "gpupdate /force" and restart the drives should be mapped. Otherwise check event log for any errors.
You wrote that you have done this based on group membership. Is this user member of correct group?
Do RSOP on this workstation and see if GPO is applied.
Can you map the drive for the user without the GPO?

If you want the GPO to apply to your session with any necessary log off or reboot, run this:

gpupdate /force /logoff /boot

Author

Commented:
yes,i can map them manually.

the GPO has been linked to the OU clients.

Author

Commented:
i assume that this is a user GPO and i have to link it to a user group. is that correct?

here the result:

The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Drive Mapping GPO
            Filtering:  Not Applied (Empty)
Since this is a user configuration, yes, you would have to bind this an OU with users or apply security filtering to a specific user/group.

Author

Commented:
domain users would work,right? however,its not an OU,its a group.does it matter?
Your policy would be applied to an OU. The security filtering applies to a user or security group.

Where are you linking the GPO?

Author

Commented:
to the domain users security group
Let's back up.

For security filtering on your GPO remove authenticated users and add something more specific like a security group.

Right click on the Domain and link your GPO.

Author

Commented:
ok,added the domain users group.

did it,now waiting
Any luck?

Author

Commented:
ill check tomorro, enough with tampering around with it ;-)
Sounds like a plan.

Author

Commented:
ok,removed the authenticated users and added domain users.

gpupdate /force /boot /logoff ,

now waiting...

Author

Commented:
no success
Did you check event log? Are there any errors relating Gruop policy. Also like motnahp00 asked, did you link this GPO to any OU? The GPO must be linked somewhere otherwise this won't work.

Author

Commented:
yes,its linked to the OU clients
Please log on workstation and collect event log files, you can post them here. Also do RSOP and post result here.
With this SS's you gave me nothing :S Only ps6 shows some info, but I still dont understand. How did you setup drive maping? With GPP or with logon script? In which GPO did you setup this?

Author

Commented:
its the drive mapping GPO in user configuration
dcddd.png
And which GPO is that? Name of the GPO.

Author

Commented:
drive maps
Now if you look ps6.png file, you'll see that there is no "Drive Maps" GPO applied. This is reason that's not working. Now you must figure out why this GPO isn't applied.
Is linked to correct OU? How did you set security filtering?

Author

Commented:
i have linked that GPO to the clients OU. pls see attachment
drm.png

Author

Commented:
the drive maps GPO is linked to the OU clients.

item-level targeting is set to a security group. in this case domain users
And in "Clients" OU are which objects? User or computer object or both?

Author

Commented:
just the computers.

Author

Commented:
i also checked the NIC settings and set them exactly as the switch and DC does.

100 mbps full duplex.
Look you linked GPO to computers OU, but you have in this GPO just user settings. Link this GPO to OU with user accounts, that you like to have this drives mapped.

Author

Commented:
ok. i just simply create an OU,put the domain users in it and thats it?

i also did a gpresult and it says:

"The Following Gpos Were Not Applied Because They Were Filtered Out"
If is not secret can you do gpresult /h result.html and post result.html here. So I can see full report and that don't we post so many posts here.

Author

Commented:
no problem,pls see here
GPReport.html
Hi. If you look report you will see that you still have "Drive Mapping GPO" linked to OU with "test-mc36" computer accunt, but is denied because is Computer Configuration empty.
On the other side look like that "Drive Mapping GPO" still isn't linked to correct OU because isn't even processed. Therefore is not applied or denied.

Author

Commented:
ok,it works now. i have created a OU and moved some user accounts in there.

that OU works perfectly now.

the software delivery GPO`arent working
Ok, then this problem around mapping drives is solved.
About software install GPO's, did you link GPO's to newely created OU? But maybe is better that you open new question about that.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial