[Webinar] Learn how to a build a cloud-first strategyRegister Now


Server 2003 Group Policy, Not functioning correctly.

Posted on 2012-08-14
Medium Priority
Last Modified: 2012-10-29
I have a single Server 2003 R2 SP2 that is acting as a DC.

Two weird things are occurring that I'm not familiar with:

1) I have a GPO that maps a few drives. I edited the mapdrive.bat that this points to to remap the F: drive to another shared location. We manually went to each workstation and changed the F: drive to the new shared location. Upon restarting or logging off and logging back on any of the computers they somehow remapped the F: drive to the old location. I double checked the mapdrive.bat that the GPO was pointed to and it did not have the old location in it. Its as if the old mapdrive.bat is somehow stuck in limbo in the GPO or the old F: drive map is stuck in limbo and keeps getting mapped even though its not defined.

I even denied the GPO to one user and when restarting her computer after disconnecting the old share it reconnected itself to the old share under F:!!! running RSOP.msc showed that the mapdrive.bat startup script GPO was not effecting the computer anymore, however, somehow F: was being automatically mapped? I checked for startup and tasks on the user profile and there's nothing defined.

I checked the DC event log and there's no errors or problems. I'm stumped.

2) In Group Policy Management, when creating a new Organizational Unit, it is not automatically using senior GPOs linked to senior OUs. For example, I have an "Employees" GPO right under the domain which has the "Default Domain Policy". I edited the default domain policy to enable RDP on all workstations. It wouldn't take effect until I manually linked the "Default Domain Policy" GPO to that OU. That OU only has a "mapdrive" GPO so there's no GPO conflicting with "Default Domain Policy". Its as if inheritance is blocked but its not? I had to manually right click the OU and link the "Default Domain Policy" to it to make the RDP map work. I'm used to it just inheriting the changes.
Question by:RFVDB
  • 2
LVL 81

Expert Comment

ID: 38295834
The drive might have been mapped by the user with the option to reconnect at logon. The exstence of a mapped F: drive will error out when a new location tries to be mapped over an existing drive letter.

Does your mapdrive.bat include the net use F: /delete to clear out a mapped drive prior to mapping a new one on the same drive letter?

Usually it is recommended that changes should be added in their own gpos unless settings such as password policy which can only be managed from the default domain GPO on win2k3.

Check the OU definition to make sure you did not exclude the OU from inheriting top level policies.
LVL 26

Expert Comment

by:Leon Fester
ID: 38296296
What arnold says is true, if persistent drives have been mapped with either /persistent:yes option or "Remember connection" then you first need to delete the drive mapping before restarting.

It's safe to do: net use f: /d /y
alternatively you can delete all drive mappings using:
net use * /d /y

Accepted Solution

RFVDB earned 0 total points
ID: 38365901
Agggh, I found out what the issue was, I was being stupid and had missed it.

Previous IT company was using profile maps instead of GPOs.

Under the user's Active Directory Properties on the Profile Tab each user had a login script configured. I removed these for each user.

Author Closing Comment

ID: 38544514
After digging in I found the solution myself - it was pretty simple.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question