Problem with GPO / GPP (drive mapping) when L2 authentication is in place
Issue:
We have problem with Drive Mapping (Group Policy Preference, Item level targetting). Drives are not mapped to users after restart of computer.
Tests proved:
- this problem occurs only on ports where L2 authentication (computer certificate) is enabled
- if user login immediately (if there is 10+s delay with logon then disks are mapped properly)
- from GPO logs (compared logs with and without L2auth) is obvious that when computer is connected to switch with L2 auth then, due to delays, user's GPO is applied BEFORE computer GPO ... this I do not understand at all
Details:
If mapped drives are set to Update ... they are in disconnected state after restart (red X) ... but after 20-30s it is possible to see the content (but red X remain)
If mapped drives are set to Replace ... they are not visible after restart
... if user does Logoff/Logon disks are properly mapped
Settings of drive mapping (example of user policy):
Action: Update
Location: DFS folder
Reconnect: Enable
Use first Available: Disabled
Run in logged on user's security context: Yes
Item level targetting: Security Group
(Computer policy)
Always wait for the network at computer startup and logon: Enabled
Here is description of our environment:
DC: W2k8 R2
Clients: Windows 7 x86
L2 Auth: Computer Authentication, MS Supplicant set in computer policy
Any idea how to solve this issue??? And how user's GPO could be applied before computer GPO??
Thank you.
Michal
We have problem with Drive Mapping (Group Policy Preference, Item level targetting). Drives are not mapped to users after restart of computer.
Tests proved:
- this problem occurs only on ports where L2 authentication (computer certificate) is enabled
- if user login immediately (if there is 10+s delay with logon then disks are mapped properly)
- from GPO logs (compared logs with and without L2auth) is obvious that when computer is connected to switch with L2 auth then, due to delays, user's GPO is applied BEFORE computer GPO ... this I do not understand at all
Details:
If mapped drives are set to Update ... they are in disconnected state after restart (red X) ... but after 20-30s it is possible to see the content (but red X remain)
If mapped drives are set to Replace ... they are not visible after restart
... if user does Logoff/Logon disks are properly mapped
Settings of drive mapping (example of user policy):
Action: Update
Location: DFS folder
Reconnect: Enable
Use first Available: Disabled
Run in logged on user's security context: Yes
Item level targetting: Security Group
(Computer policy)
Always wait for the network at computer startup and logon: Enabled
Here is description of our environment:
DC: W2k8 R2
Clients: Windows 7 x86
L2 Auth: Computer Authentication, MS Supplicant set in computer policy
Any idea how to solve this issue??? And how user's GPO could be applied before computer GPO??
Thank you.
Michal
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Windows Server 2008
Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
Default value of Amount of time to wait is 30s.
When I increased it to 150s the problem was solved.