Group Policy will not work

I've been trying to get some basic group policies to work but have had no success.  I am attempting to run a GPO where a specific shared folder on a network server maps as a network drive.  For testing purposes i have setup an OU called test in AD and assigned myself as a member.  I have of course granted myself full read write capabilities to the folder and created a linked GPO and assigned the specific location on a different server.  I have run gpupdate /force and logged off a client to test and it doesn't work. I have gone over multiple articles and followed each very closely as well as watched videos on this procedure which seems fairly straight forward, but it does not work. I have previously attempted creating a GPO for a firewall rule i wanted to implement regarding spiceworks and that hasn't worked either. I would like to begin implementing certain policies and securities such as mandatory password resets but since i cant get this to work i am at an impass.  The environment includes the following servers and software.
*see attached for screen shot of GPO

DC - server 2013 (DNS, DHCP) - location where i attempting to apply GPO
DC - server 2008 R2 (virtual)
DC - server 2003 SP2 (soon to be phased out)
EXCHANGE 2010 - on a server 2012
FILE server - server 2003 SP2

I would appreciate any insight you guys could give me.
thank you
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bradley FoxLAN/WAN Systems AdministratorCommented:
A couple things to check.

1. Click on the common tab and make sure "run in logged on user's security context" is checked otherwise it gets processed as the SYSTEM user.  Also make sure there isn't any Item Level targeting enabled that might be filtering you out.

2. Make sure the GPO is linked in Active Directory to the OU where the user account you are using to test resides or above it and block inheritance isn't on any of the OUs.  Can you post a screenshot with the window in the current one closed so I can see where the policies are linked?

3. If the client is XP make sure you have the Group Policy Client Side Extensions installed.

4. Open a command prompt (not elevated) and type
gpresult /r /SCOPE USER

Open in new window

Make sure the policy is listed under "Applied Group Policy objects"  If it isn't then you are likely having a DNS issue or something else is preventing the polices from applying.
in the past i did this with a simple bat file in logon policy.

you can try this command line in a bat file:

net use Y: /persistent:yes \\servername\share /u:domainaccount password

#persistent if you want to reconect
#/u just if the drive have special permissions

good luck!
telperiongroupAuthor Commented:
mcsween thanks so much for responding.
-I have verified the settings under the common tab.
-I have attached the screen shot you requested ( I think its the correct one).
-It's not an xp client its windows 7
I did run the cmd and here are the results ( it appears that the GPO is applied)

RSOP data for SOUTHEAST\lxxxxxxx on SEW0518 : Logging Mode

OS Configuration:            Member Workstation
OS Version:                  6.1.7601
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\lxxxxxx
Connected over a slow link?: No

    CN=Louis xxxxxx,OU=Test,DC=Southeast,DC=Southeast
    Last time Group Policy was applied: 1/12/2014 at 10:29:21 AM
    Group Policy was applied from:      ntserver7.Southeast.Southeast
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        SOUTHEAST
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
        Controlled Internet Access
        Default Domain Policy
        Local Group Policy
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

Bradley FoxLAN/WAN Systems AdministratorCommented:
It looks like you have a bunch of policies enforced; you don't need that as you aren't blocking  inheritance at any OU.  This is not what is causing your issue though.

At the client start, run, rsop.msc. Right click User Information, Properties then click on the Error information tab; review this and see if it says what's going on.

You can also review entries in the System log that may reveal what is going on.  Look for events that happened right after logging onto the client.

If you open a command prompt at the client and type the following line does it map the drive under My Computer?
net use y: \\ntserver4\Technology

Open in new window

Rob StoneCommented:
You are using GPP (Group Policy Preferences).  For some (maybe all) you need to enable them with the function keys.

    F5: Enable All
    F6: Enable Current
    F7: Disable Current
    F8: Disable All

I've had problems with GPP in the past with IE settings and had to create a new policy as editing the old one refused to work.

Try creating a new test one and when you are in the screenshot page press F5.

Further info:

Alternatively, try a GPO and run a rsop.msc from a client PC to check the results match what you see in GPMC.  You can also do GPO Modelling from GPMC which can help identify what should be sent to the client.
telperiongroupAuthor Commented:
Well I have tried a few different scenarios hoping to find resolution with this but still nothing.

-I have looked at the rsop.msc results and it says drive maps completed successfully (verified that the show drives and reconnect is checked).

-the only error is related to Internet explorer - not branding
-I have tried creating a new GPO with a different test user name
-verified user rights to the folder
-did a group policy results wizard and verified there are no errors
-tried applying the f5 option for enable all
- looked at event viewer and that indicates the GPO applied correctly.
- when applying a "net use" command the drive is mapped

could this have anything to do with "fast link" or "fast startup"?
also could the fact the internet explorer gpo is failing have an affect on this?
**see attached screen shot for wizard results
Bradley FoxLAN/WAN Systems AdministratorCommented:
I have 2 suggestions left and I'd like you to double check something.

1. Make sure "Run in logged on user's security context" is checked on the common tab of the drive map entry in the GPO.

2. Set this policy enabled - Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon

3. Yikes, I just looked at your original screen shot again.  Change the action from Create to Update.  Update will create it if it isn't there, update it otherwise.  I've had bad luck with create.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
telperiongroupAuthor Commented:
ok so after numerous attempts and different scenarios I decided to attempt a new test GPO from a different server.  A virtual 2008 R2 server and it worked fine.  Any and all GPO's I applied worked flawlessly.  My concern now is why is it not working on my 2012 server? if that in fact would be a factor?

This 2012 server is a new DC and DHCP server.

Is there an issue with applying group policy from a 2012 server or is there a specific add in i need to install?
Rob StoneCommented:
To confirm, all clients are Win 7? What SP do they have and are they fully patched?

If you have XP then you'll need Client Side Extensions installed.

As Mcsween says, ensure you have an Update as well.  When we use GPP for printers we have a create for new systems and update for existing incase they've changed it. Remember, GPP is not like a GPO and can be changed by users if that's their 'preference'.

Other than that, I'm not too sure why it would work from 2008 R2 and not from 2012. The GPO template may well be newer, but I'd expect the drive mapping to work from GPP.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server Apps

From novice to tech pro — start learning today.