Server 2003 Group Policy, Not functioning correctly.

Posted on 2012-08-14
Last Modified: 2012-10-29
I have a single Server 2003 R2 SP2 that is acting as a DC.

Two weird things are occurring that I'm not familiar with:

1) I have a GPO that maps a few drives. I edited the mapdrive.bat that this points to to remap the F: drive to another shared location. We manually went to each workstation and changed the F: drive to the new shared location. Upon restarting or logging off and logging back on any of the computers they somehow remapped the F: drive to the old location. I double checked the mapdrive.bat that the GPO was pointed to and it did not have the old location in it. Its as if the old mapdrive.bat is somehow stuck in limbo in the GPO or the old F: drive map is stuck in limbo and keeps getting mapped even though its not defined.

I even denied the GPO to one user and when restarting her computer after disconnecting the old share it reconnected itself to the old share under F:!!! running RSOP.msc showed that the mapdrive.bat startup script GPO was not effecting the computer anymore, however, somehow F: was being automatically mapped? I checked for startup and tasks on the user profile and there's nothing defined.

I checked the DC event log and there's no errors or problems. I'm stumped.

2) In Group Policy Management, when creating a new Organizational Unit, it is not automatically using senior GPOs linked to senior OUs. For example, I have an "Employees" GPO right under the domain which has the "Default Domain Policy". I edited the default domain policy to enable RDP on all workstations. It wouldn't take effect until I manually linked the "Default Domain Policy" GPO to that OU. That OU only has a "mapdrive" GPO so there's no GPO conflicting with "Default Domain Policy". Its as if inheritance is blocked but its not? I had to manually right click the OU and link the "Default Domain Policy" to it to make the RDP map work. I'm used to it just inheriting the changes.
Question by:RFVDB
    LVL 76

    Expert Comment

    The drive might have been mapped by the user with the option to reconnect at logon. The exstence of a mapped F: drive will error out when a new location tries to be mapped over an existing drive letter.

    Does your mapdrive.bat include the net use F: /delete to clear out a mapped drive prior to mapping a new one on the same drive letter?

    Usually it is recommended that changes should be added in their own gpos unless settings such as password policy which can only be managed from the default domain GPO on win2k3.

    Check the OU definition to make sure you did not exclude the OU from inheriting top level policies.
    LVL 26

    Expert Comment

    by:Leon Fester
    What arnold says is true, if persistent drives have been mapped with either /persistent:yes option or "Remember connection" then you first need to delete the drive mapping before restarting.

    It's safe to do: net use f: /d /y
    alternatively you can delete all drive mappings using:
    net use * /d /y

    Accepted Solution

    Agggh, I found out what the issue was, I was being stupid and had missed it.

    Previous IT company was using profile maps instead of GPOs.

    Under the user's Active Directory Properties on the Profile Tab each user had a login script configured. I removed these for each user.

    Author Closing Comment

    After digging in I found the solution myself - it was pretty simple.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
    As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now