?
Solved

Windows Server 2008/Windows 7 Map Drives through GPO

Posted on 2012-08-22
16
Medium Priority
?
1,396 Views
Last Modified: 2012-08-23
I recently added a new Server 2008 R2 DC on our network running on AD 2003. We are starting to roll out Windows 7 64-bit computers. To facilitate Mapping of network drives a created two OU's in our AD  - Windows 7 Laptops and Windows 7 desktops. I created a Group Policy Object on the new Server 2008 R2 to enable the drive mappings. I used the 'create' option to define the new mapping. I then linked the GPO to the newly created OU and moved a test PC to it. When I logged in all drives got mapped but I wanted only certain drives to be mapped based on Group memberships, so I modified the GPO with the 'item-level targeting' option. after this I manually disconnected all the drive mappings and then rebooted the Windows 7 PC. I logged back in but - no drives got mapped. WHAT HAPPENED HERE? PLEASE HELP.
0
Comment
Question by:srinivaskakumanu
  • 8
  • 7
16 Comments
 
LVL 13

Expert Comment

by:xDUCKx
ID: 38320784
http://blogs.technet.com/b/askds/archive/2011/06/14/what-is-the-impact-of-upgrading-the-domain-or-forest-functional-level.aspx

You might need to raise the function level of the domain when all the other 2003 DC's are out.  I couldn't find any supporting documents at this time, but I believe the audience targeting is for Windows 2008/R2 only.
0
 

Author Comment

by:srinivaskakumanu
ID: 38320915
We have three domain controllers which are in production so raising the forest or Domain level is out of question. I am only targeting a certain OU in which I have windows 7 computers.
0
 
LVL 3

Expert Comment

by:Hir0
ID: 38321090
Use update
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 

Author Comment

by:srinivaskakumanu
ID: 38321208
I did but still no good. When I first created the GPO and linked it all worked perfectly. Now nothing works.
0
 
LVL 3

Expert Comment

by:Hir0
ID: 38321334
First to address your immediate concern.  Try creating a GPO that removes the offending drives. Set the link order to process before the GPO that maps the drives.


User Configuration > Preferences > Windows Settings > Drive Maps

General settings:  
Action - Delete
Drive letter (as required)
Hide/Show all drives: no change

Common:
Defaults

Now, you didn't specify what is in the OU's that you are linking your GPO to.  I use a user policy with security filtering for determining who gets what mapped drive.  To map the drive I link a GPO to an OU with the Users I need to apply the GPO to with the following settings:

GPO Settings
User Configuration > Preferences > Windows Settings > Drive Maps

General settings:  
Action - Update
Location - \\server\share
Drive letter - (as required)
You should't need to use connect as options if permissions are setup correctly for users
Hide/Show - Show this Drive
Hid/Show (all drives) - No change

Common:
Defaults

Do the next steps in order:
1 GPO Scope Tab

- Remove "Authenticated Users" from the security filtering
-Add the Group that has the members in it that will get the mapped drive to the security filtering

2GPO Delegation Tab
-Click Advanced
-CLick add
-Type "Authenticated Users"
- Tick the Read permission
-Verify they don't have the apply group policy permission ticked
-Click OK

Link GPO and test
0
 

Author Comment

by:srinivaskakumanu
ID: 38321405
I created a UC - Windows7 and moved a test Windows 7 64-bit PC into it.
0
 

Author Comment

by:srinivaskakumanu
ID: 38321408
I am sorry OU- Windows7
0
 
LVL 3

Expert Comment

by:Hir0
ID: 38321412
How are you mapping the drives in your GPO
0
 

Author Comment

by:srinivaskakumanu
ID: 38321448
We have three 2003 Servers still in production. Our Forest and Domain level is Server 2003. I recently configured a new DC with Server 2008 R2 and enabled AD and DNS on it. We are rolling out new Windows 7 64-bit laptops and I was asked to facilitate mapping of drives based on group memberships. SO on the new Server 2008 I went to GP Management and created a new GPO to map drives and then linked it with this newly created OU called Windows 7. I moved a test PC into it. When I logged in as myself the drive mapping did show up. I manually disconnected it and then logged off and then logged back in and now nothing - no drive mappings.
0
 
LVL 3

Expert Comment

by:Hir0
ID: 38321725
No I mean what settings are you using in the GPO
0
 

Author Comment

by:srinivaskakumanu
ID: 38321838
I followed your steps and it works but I found the real issue. When my test laptop gets authenticated by our new Server 2008 , GPO works and drive mappings show up. If I reboot and log-in again and I get authenticated by one of the old Server 2003 Servers GPO does not work.

We have a total of four domain controllers, three running on Server 2003 and the fourth one on Server 2008 R2. Now if only i can force our new windows 7 laptops to get authenticated by the new server 2008 R2, i think all will work.
0
 
LVL 3

Expert Comment

by:Hir0
ID: 38322629
Sounds like you need to set up a central store for ADMX
0
 

Author Comment

by:srinivaskakumanu
ID: 38325307
How would I do that. Also our current Forest and Domain functional level is at 2003, is that the reason why the new GPO created on the new Server 2008 R2 does not work all the time.
0
 
LVL 3

Accepted Solution

by:
Hir0 earned 2000 total points
ID: 38325389
Central Store

To activate the newest domain features, all the domain controllers must be running the newest Windows Server operating system version in the domain. If this requirement is met, the administrator can raise the domain functional level.
To activate the newest forest-wide features, all the domain controllers in the forest must be running the Windows Server operating system version that corresponds to the desired forest functional level. Additionally, the current domain functional level must already be at the newest level. If these requirements are met, the administrator can raise the forest functional level.

Raise AD domain and forest functional levels
0
 

Author Closing Comment

by:srinivaskakumanu
ID: 38325449
Thanks for your help.
I cannot raise the functional level yet as we are still using 2003 on our primary domain controllers. As we add more 2008 DC's we will demote old DC's and promote the new servers and then finally raise the functional level.
0
 
LVL 3

Expert Comment

by:Hir0
ID: 38325461
Glad to help.  GL with the migration.  If you don't have Jeremy Moskowitz’s Group Policy: Fundamentals, Security, and Troubleshooting check it out.  Its one book that never leaves my side.

Amazon Link
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
MS Outlook undoubtedly is the most widely used email client.Its user-friendliness, cost effectiveness, and availability with Microsoft Office Suite make it the most popular email application.  Its compatibility with Microsoft applications like Exch…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question