Solved

Windows Server 2012 RDP session - map network drive with GPO?

Posted on 2013-12-18
5
7,496 Views
Last Modified: 2014-03-24
This should be so easy!  But it's not working for me and I haven't (so far) worked out why.

I have a domain controller (Server 2012) on which I've set a Group Policy Preference to map a drive letter to a share on the server.  Works fine for ordinary client PCs on the LAN.  However, on the LAN we also have a second server running Remote Desktop Services under Server 2012.  If I connect to a desktop session on that using RDP, the drive is not mapped.

gpresult /r says the policy should run.  I've run gpupdate /force on the RDP server.

I've tried using an old-style batch file with a "net use" command, kicked off as a Group Policy logon script, instead of the GP Preference.  But that doesn't work either.

Not sure why.  Permissions look OK.

Any ideas, please?
0
Comment
Question by:wakatashi
5 Comments
 
LVL 10

Expert Comment

by:acbxyz
ID: 39728067
Does the net use command work if it is executed within the RDP session?

If this works, you can redirect the output of the net use in gpo login script using > C:\Temp\netuse.log (or anywhere a user is allowed to write).
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39728907
0
 
LVL 1

Author Comment

by:wakatashi
ID: 39731612
acbxyz, thanks - the output was "The command completed successfully."

MaheshPM, thanks to you too - there was a link by StevenW on the first of the pages you linked to, which pointed to a page on this there was this post by BeeRay:

The answer is to do the following:
Set explorer windows to open in a new process.
Do this by:
1. Open windows explorer.
2. Click View tab, click Options (right hand side of ribbon)
3. Click View tab in options window
4. Scroll down in the "Advanced settings" area and check "Launch folder windows in a separate process"
5. Click Apply. Then click Apply to Folders.
Close your explorer window(s), then reopen and you should see your mapped drives. (unless you opted for the "un-check reconnect option" previously mentioned --- go re-check that!)
The reason this is happening is because, when group policies are applied to the user account, if the user has admin privileges (ie: they are a member of some domain admin group and/or they are a member of the local administrators group) the group polices are applied with administrative privileges.
So, when you log in, open an explorer window and you see no mapped drives, this is because by default, windows explorer does not run/open with admin privileges. Thus, you do not see any mapped drives. So, the "fix" (if you will) is to always open explorer windows with your user's admin privileges. (Launching in a separate process will do this.)
So, I believe it is working by design. One of the problems is that it's not documented. Also, it used to work in all previous windows versions. :)
Maybe Microsoft will patch it, I don't know.
For the record, un-checking the "Reconnect" option in the group policy mapped drive settings is NOT a good option. The reason I say this is because if you start your laptop unconnected to your network, you're drives will not show up AND if you use offline files, you have to do some fancy searching to find them.
Spread the news.

I tried logging on as a non-administrative user, and lo! There was the mapped drive.  So I tried BeeRay's solution above, but it didn't work for me when I logged on as an administrator.  However, we're a step forward - it works for a normal user, but not as an administrative one.

Further Googling took me to this Microsoft update, which purports to fix this problem: http://support.microsoft.com/kb/2795944. However, it's already installed!

Any other ideas how I might proceed from here, please?
0
 
LVL 1

Accepted Solution

by:
iowasolutions earned 500 total points
ID: 39848874
If you are running an application elevated (run as administrator), that application won’t be able to translate the mapped network drives you have on your account due to it TECHNICALLY running the application as a different user. This handy little fix allows those drives to be shared between your account and the admin account. Useful for those applications that don’t allow you to use UNC paths.

Go to: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System
Add DWORD KEY: EnableLinkedConnections
Change value to: 1

Reference article:
http://www.winability.com/how-to-make-elevated-programs-recognize-network-drives/
0
 
LVL 1

Author Comment

by:wakatashi
ID: 39859599
Thanks, iowasolutions - this looks really promising!  Will be back in touch once I've had a chance to give it a go.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question