Solved

Windows Server 2012 RDP session - map network drive with GPO?

Posted on 2013-12-18
5
7,410 Views
Last Modified: 2014-03-24
This should be so easy!  But it's not working for me and I haven't (so far) worked out why.

I have a domain controller (Server 2012) on which I've set a Group Policy Preference to map a drive letter to a share on the server.  Works fine for ordinary client PCs on the LAN.  However, on the LAN we also have a second server running Remote Desktop Services under Server 2012.  If I connect to a desktop session on that using RDP, the drive is not mapped.

gpresult /r says the policy should run.  I've run gpupdate /force on the RDP server.

I've tried using an old-style batch file with a "net use" command, kicked off as a Group Policy logon script, instead of the GP Preference.  But that doesn't work either.

Not sure why.  Permissions look OK.

Any ideas, please?
0
Comment
Question by:wakatashi
5 Comments
 
LVL 10

Expert Comment

by:acbxyz
ID: 39728067
Does the net use command work if it is executed within the RDP session?

If this works, you can redirect the output of the net use in gpo login script using > C:\Temp\netuse.log (or anywhere a user is allowed to write).
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39728907
0
 
LVL 1

Author Comment

by:wakatashi
ID: 39731612
acbxyz, thanks - the output was "The command completed successfully."

MaheshPM, thanks to you too - there was a link by StevenW on the first of the pages you linked to, which pointed to a page on this there was this post by BeeRay:

The answer is to do the following:
Set explorer windows to open in a new process.
Do this by:
1. Open windows explorer.
2. Click View tab, click Options (right hand side of ribbon)
3. Click View tab in options window
4. Scroll down in the "Advanced settings" area and check "Launch folder windows in a separate process"
5. Click Apply. Then click Apply to Folders.
Close your explorer window(s), then reopen and you should see your mapped drives. (unless you opted for the "un-check reconnect option" previously mentioned --- go re-check that!)
The reason this is happening is because, when group policies are applied to the user account, if the user has admin privileges (ie: they are a member of some domain admin group and/or they are a member of the local administrators group) the group polices are applied with administrative privileges.
So, when you log in, open an explorer window and you see no mapped drives, this is because by default, windows explorer does not run/open with admin privileges. Thus, you do not see any mapped drives. So, the "fix" (if you will) is to always open explorer windows with your user's admin privileges. (Launching in a separate process will do this.)
So, I believe it is working by design. One of the problems is that it's not documented. Also, it used to work in all previous windows versions. :)
Maybe Microsoft will patch it, I don't know.
For the record, un-checking the "Reconnect" option in the group policy mapped drive settings is NOT a good option. The reason I say this is because if you start your laptop unconnected to your network, you're drives will not show up AND if you use offline files, you have to do some fancy searching to find them.
Spread the news.

I tried logging on as a non-administrative user, and lo! There was the mapped drive.  So I tried BeeRay's solution above, but it didn't work for me when I logged on as an administrator.  However, we're a step forward - it works for a normal user, but not as an administrative one.

Further Googling took me to this Microsoft update, which purports to fix this problem: http://support.microsoft.com/kb/2795944. However, it's already installed!

Any other ideas how I might proceed from here, please?
0
 
LVL 1

Accepted Solution

by:
iowasolutions earned 500 total points
ID: 39848874
If you are running an application elevated (run as administrator), that application won’t be able to translate the mapped network drives you have on your account due to it TECHNICALLY running the application as a different user. This handy little fix allows those drives to be shared between your account and the admin account. Useful for those applications that don’t allow you to use UNC paths.

Go to: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System
Add DWORD KEY: EnableLinkedConnections
Change value to: 1

Reference article:
http://www.winability.com/how-to-make-elevated-programs-recognize-network-drives/
0
 
LVL 1

Author Comment

by:wakatashi
ID: 39859599
Thanks, iowasolutions - this looks really promising!  Will be back in touch once I've had a chance to give it a go.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question