Solved

Windows Server 2012 RDP session - map network drive with GPO?

Posted on 2013-12-18
5
7,332 Views
Last Modified: 2014-03-24
This should be so easy!  But it's not working for me and I haven't (so far) worked out why.

I have a domain controller (Server 2012) on which I've set a Group Policy Preference to map a drive letter to a share on the server.  Works fine for ordinary client PCs on the LAN.  However, on the LAN we also have a second server running Remote Desktop Services under Server 2012.  If I connect to a desktop session on that using RDP, the drive is not mapped.

gpresult /r says the policy should run.  I've run gpupdate /force on the RDP server.

I've tried using an old-style batch file with a "net use" command, kicked off as a Group Policy logon script, instead of the GP Preference.  But that doesn't work either.

Not sure why.  Permissions look OK.

Any ideas, please?
0
Comment
Question by:wakatashi
5 Comments
 
LVL 10

Expert Comment

by:acbxyz
ID: 39728067
Does the net use command work if it is executed within the RDP session?

If this works, you can redirect the output of the net use in gpo login script using > C:\Temp\netuse.log (or anywhere a user is allowed to write).
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39728907
0
 
LVL 1

Author Comment

by:wakatashi
ID: 39731612
acbxyz, thanks - the output was "The command completed successfully."

MaheshPM, thanks to you too - there was a link by StevenW on the first of the pages you linked to, which pointed to a page on this there was this post by BeeRay:

The answer is to do the following:
Set explorer windows to open in a new process.
Do this by:
1. Open windows explorer.
2. Click View tab, click Options (right hand side of ribbon)
3. Click View tab in options window
4. Scroll down in the "Advanced settings" area and check "Launch folder windows in a separate process"
5. Click Apply. Then click Apply to Folders.
Close your explorer window(s), then reopen and you should see your mapped drives. (unless you opted for the "un-check reconnect option" previously mentioned --- go re-check that!)
The reason this is happening is because, when group policies are applied to the user account, if the user has admin privileges (ie: they are a member of some domain admin group and/or they are a member of the local administrators group) the group polices are applied with administrative privileges.
So, when you log in, open an explorer window and you see no mapped drives, this is because by default, windows explorer does not run/open with admin privileges. Thus, you do not see any mapped drives. So, the "fix" (if you will) is to always open explorer windows with your user's admin privileges. (Launching in a separate process will do this.)
So, I believe it is working by design. One of the problems is that it's not documented. Also, it used to work in all previous windows versions. :)
Maybe Microsoft will patch it, I don't know.
For the record, un-checking the "Reconnect" option in the group policy mapped drive settings is NOT a good option. The reason I say this is because if you start your laptop unconnected to your network, you're drives will not show up AND if you use offline files, you have to do some fancy searching to find them.
Spread the news.

I tried logging on as a non-administrative user, and lo! There was the mapped drive.  So I tried BeeRay's solution above, but it didn't work for me when I logged on as an administrator.  However, we're a step forward - it works for a normal user, but not as an administrative one.

Further Googling took me to this Microsoft update, which purports to fix this problem: http://support.microsoft.com/kb/2795944. However, it's already installed!

Any other ideas how I might proceed from here, please?
0
 
LVL 1

Accepted Solution

by:
iowasolutions earned 500 total points
ID: 39848874
If you are running an application elevated (run as administrator), that application won’t be able to translate the mapped network drives you have on your account due to it TECHNICALLY running the application as a different user. This handy little fix allows those drives to be shared between your account and the admin account. Useful for those applications that don’t allow you to use UNC paths.

Go to: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System
Add DWORD KEY: EnableLinkedConnections
Change value to: 1

Reference article:
http://www.winability.com/how-to-make-elevated-programs-recognize-network-drives/
0
 
LVL 1

Author Comment

by:wakatashi
ID: 39859599
Thanks, iowasolutions - this looks really promising!  Will be back in touch once I've had a chance to give it a go.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question