Windows Server 2012 RDP session - map network drive with GPO?

This should be so easy!  But it's not working for me and I haven't (so far) worked out why.

I have a domain controller (Server 2012) on which I've set a Group Policy Preference to map a drive letter to a share on the server.  Works fine for ordinary client PCs on the LAN.  However, on the LAN we also have a second server running Remote Desktop Services under Server 2012.  If I connect to a desktop session on that using RDP, the drive is not mapped.

gpresult /r says the policy should run.  I've run gpupdate /force on the RDP server.

I've tried using an old-style batch file with a "net use" command, kicked off as a Group Policy logon script, instead of the GP Preference.  But that doesn't work either.

Not sure why.  Permissions look OK.

Any ideas, please?
LVL 1
wakatashiAsked:
Who is Participating?
 
iowasolutionsConnect With a Mentor Commented:
If you are running an application elevated (run as administrator), that application won’t be able to translate the mapped network drives you have on your account due to it TECHNICALLY running the application as a different user. This handy little fix allows those drives to be shared between your account and the admin account. Useful for those applications that don’t allow you to use UNC paths.

Go to: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System
Add DWORD KEY: EnableLinkedConnections
Change value to: 1

Reference article:
http://www.winability.com/how-to-make-elevated-programs-recognize-network-drives/
0
 
acbxyzCommented:
Does the net use command work if it is executed within the RDP session?

If this works, you can redirect the output of the net use in gpo login script using > C:\Temp\netuse.log (or anywhere a user is allowed to write).
0
 
wakatashiAuthor Commented:
acbxyz, thanks - the output was "The command completed successfully."

MaheshPM, thanks to you too - there was a link by StevenW on the first of the pages you linked to, which pointed to a page on this there was this post by BeeRay:

The answer is to do the following:
Set explorer windows to open in a new process.
Do this by:
1. Open windows explorer.
2. Click View tab, click Options (right hand side of ribbon)
3. Click View tab in options window
4. Scroll down in the "Advanced settings" area and check "Launch folder windows in a separate process"
5. Click Apply. Then click Apply to Folders.
Close your explorer window(s), then reopen and you should see your mapped drives. (unless you opted for the "un-check reconnect option" previously mentioned --- go re-check that!)
The reason this is happening is because, when group policies are applied to the user account, if the user has admin privileges (ie: they are a member of some domain admin group and/or they are a member of the local administrators group) the group polices are applied with administrative privileges.
So, when you log in, open an explorer window and you see no mapped drives, this is because by default, windows explorer does not run/open with admin privileges. Thus, you do not see any mapped drives. So, the "fix" (if you will) is to always open explorer windows with your user's admin privileges. (Launching in a separate process will do this.)
So, I believe it is working by design. One of the problems is that it's not documented. Also, it used to work in all previous windows versions. :)
Maybe Microsoft will patch it, I don't know.
For the record, un-checking the "Reconnect" option in the group policy mapped drive settings is NOT a good option. The reason I say this is because if you start your laptop unconnected to your network, you're drives will not show up AND if you use offline files, you have to do some fancy searching to find them.
Spread the news.

I tried logging on as a non-administrative user, and lo! There was the mapped drive.  So I tried BeeRay's solution above, but it didn't work for me when I logged on as an administrator.  However, we're a step forward - it works for a normal user, but not as an administrative one.

Further Googling took me to this Microsoft update, which purports to fix this problem: http://support.microsoft.com/kb/2795944. However, it's already installed!

Any other ideas how I might proceed from here, please?
0
 
wakatashiAuthor Commented:
Thanks, iowasolutions - this looks really promising!  Will be back in touch once I've had a chance to give it a go.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.