Solved

Windows Server 2012 RDP session - map network drive with GPO?

Posted on 2013-12-18
5
7,749 Views
Last Modified: 2014-03-24
This should be so easy!  But it's not working for me and I haven't (so far) worked out why.

I have a domain controller (Server 2012) on which I've set a Group Policy Preference to map a drive letter to a share on the server.  Works fine for ordinary client PCs on the LAN.  However, on the LAN we also have a second server running Remote Desktop Services under Server 2012.  If I connect to a desktop session on that using RDP, the drive is not mapped.

gpresult /r says the policy should run.  I've run gpupdate /force on the RDP server.

I've tried using an old-style batch file with a "net use" command, kicked off as a Group Policy logon script, instead of the GP Preference.  But that doesn't work either.

Not sure why.  Permissions look OK.

Any ideas, please?
0
Comment
Question by:wakatashi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 10

Expert Comment

by:acbxyz
ID: 39728067
Does the net use command work if it is executed within the RDP session?

If this works, you can redirect the output of the net use in gpo login script using > C:\Temp\netuse.log (or anywhere a user is allowed to write).
0
 
LVL 1

Author Comment

by:wakatashi
ID: 39731612
acbxyz, thanks - the output was "The command completed successfully."

MaheshPM, thanks to you too - there was a link by StevenW on the first of the pages you linked to, which pointed to a page on this there was this post by BeeRay:

The answer is to do the following:
Set explorer windows to open in a new process.
Do this by:
1. Open windows explorer.
2. Click View tab, click Options (right hand side of ribbon)
3. Click View tab in options window
4. Scroll down in the "Advanced settings" area and check "Launch folder windows in a separate process"
5. Click Apply. Then click Apply to Folders.
Close your explorer window(s), then reopen and you should see your mapped drives. (unless you opted for the "un-check reconnect option" previously mentioned --- go re-check that!)
The reason this is happening is because, when group policies are applied to the user account, if the user has admin privileges (ie: they are a member of some domain admin group and/or they are a member of the local administrators group) the group polices are applied with administrative privileges.
So, when you log in, open an explorer window and you see no mapped drives, this is because by default, windows explorer does not run/open with admin privileges. Thus, you do not see any mapped drives. So, the "fix" (if you will) is to always open explorer windows with your user's admin privileges. (Launching in a separate process will do this.)
So, I believe it is working by design. One of the problems is that it's not documented. Also, it used to work in all previous windows versions. :)
Maybe Microsoft will patch it, I don't know.
For the record, un-checking the "Reconnect" option in the group policy mapped drive settings is NOT a good option. The reason I say this is because if you start your laptop unconnected to your network, you're drives will not show up AND if you use offline files, you have to do some fancy searching to find them.
Spread the news.

I tried logging on as a non-administrative user, and lo! There was the mapped drive.  So I tried BeeRay's solution above, but it didn't work for me when I logged on as an administrator.  However, we're a step forward - it works for a normal user, but not as an administrative one.

Further Googling took me to this Microsoft update, which purports to fix this problem: http://support.microsoft.com/kb/2795944. However, it's already installed!

Any other ideas how I might proceed from here, please?
0
 
LVL 1

Accepted Solution

by:
iowasolutions earned 500 total points
ID: 39848874
If you are running an application elevated (run as administrator), that application won’t be able to translate the mapped network drives you have on your account due to it TECHNICALLY running the application as a different user. This handy little fix allows those drives to be shared between your account and the admin account. Useful for those applications that don’t allow you to use UNC paths.

Go to: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System
Add DWORD KEY: EnableLinkedConnections
Change value to: 1

Reference article:
http://www.winability.com/how-to-make-elevated-programs-recognize-network-drives/
0
 
LVL 1

Author Comment

by:wakatashi
ID: 39859599
Thanks, iowasolutions - this looks really promising!  Will be back in touch once I've had a chance to give it a go.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question