Solved

Drive mapping script Windows server 2012

Posted on 2014-01-29
23
9,718 Views
Last Modified: 2014-02-05
Hello all,

I am trying to get a drive mapping script to run at logon to no avail.  Here are the two methods I have tried:

Save the following batch file to the domain controller's NETLOGON share as logon.bat:

@echo off
net use * /delete /yes
net use x: \\server_name\shared_directory_name

Active Directory Users and Computers
Right click domain name at top left and click Properties > Group Policy > Edit > User Configuration > Windows Settings > Scripts (Logon/Logoff) > Logon > Add...
Enter path to logon.bat (e.g., \\ACME.local\sysvol\ACME.local\scripts\logon.bat) and click OK three times
Login from workstation. Drive x: should appear in My Computer.

Here's method #2:

I created a group called "server users" then assigned my test user to that group. I then edited the group policy by placing the name and path of the script in the logon portion of the group (User Configuration\Windows Settings\Scripts (Logon/Logoff)  and placed the actual script in the NETLOGON share of the server.

Neither of these have worked and I suspect I am missing something very simple.  Any help would be appreciated.

Thanks!
0
Comment
Question by:Sapeur
  • 12
  • 6
  • 2
  • +2
23 Comments
 
LVL 30

Expert Comment

by:captain
ID: 39817833
Do you have this set in the User profile?

User profile
This is all we do, hence login instead of logon. The path is omitted as the AD expects that location to be as in your example. Verify server name and path again to be sure.

If you use group memberships to determine different drives you will need GP but a generic script won't need this I think

I use specific delete commands for each drive.
net use x: /delete

net use x: \\server_name\shared_directory_name /persistent:no

Before implementing, test the BAT file locally by running it on a domain connected PC and add a 'pause' command at the end of the script to see any error messages.

hth
capt.
0
 
LVL 11

Expert Comment

by:Venugopal N
ID: 39817839
Try below steps and check.

Auto map network drives on login for certain users:

Save the following batch file to the domain controller's NETLOGON share as logon.bat:
@echo off
net use x: /delete /yes
net use x: \\file_server_name\shared_directory_name
Active Directory Users and Computers > Users > Double click user > Profile
Enter "logon.bat" (no quotes) in the "Logon script" box and click OK
Login from workstation as user modified in step 2. Drive x: should appear in My Computer.
0
 

Author Comment

by:Sapeur
ID: 39818413
Captain,

I do have login.bat in the scripts window of the profile.  I made the changes you suggested in the script but to no avail.  The path I'm using is C:\windows\sysvol\domian\scripts.

I created a test user and logged onto a pc connected to the domain but the drive was not mapped.  Could this be a permissions or security issue?
0
 
LVL 10

Expert Comment

by:tmoore1962
ID: 39818638
Make sure the share and security permissions are set correctly.
0
 
LVL 11

Expert Comment

by:gmbaxter
ID: 39819237
You could do this very differently, without having to worry about scripts:

Create a group policy called "drive map policy"

User configuration > Preferences > Windows Settings > Drive Maps

You can also use item-level targeting for specific security groups etc.

More info here: http://technet.microsoft.com/en-us/library/cc770902.aspx
0
 
LVL 30

Expert Comment

by:captain
ID: 39819547
Your permissions and security need to include everyone on the share permissions and the security set to the user group. Also check that your sharename is spelled correctly and you observed any $ if you placed this to hide the share.
0
 
LVL 11

Expert Comment

by:Venugopal N
ID: 39820028
Login with the test user and try to map the Drive manually.
By running the command --> net use x: \\server_name\shared_directory_name from the command prompt.


Also you can check the by copying the batch file to the user workstation and double click, check if the drive has been mapped.

If it maps then it not issues with the Share/NTFS permission, if not check if the user have right access to the share.

Place the logon script on the below path.

%SystemRoot%\SYSVOL\sysvol\<domain DNS name>\scripts

Check if the user has been authenticated from the domain controller where you have placed the logon script by runinng the below command.

Logonserver

For more info.. refer the below link.
http://www.petri.co.il/setting-up-logon-script-through-active-directory-users-computers-windows-server-2008.htm#
0
 

Author Comment

by:Sapeur
ID: 39821385
I set up the drive map GP and linked it to the default domain policy.  I assigned it to the employees group to which everyone is a member.  When I login to the domain, no drive is mapped.  What am I missing?

Thanks
0
 
LVL 30

Expert Comment

by:captain
ID: 39821542
Did you check the security and permissions, did you set the pause command in your script?
0
 

Author Comment

by:Sapeur
ID: 39822042
Yes, I put the pause at the end seeattachment.  But it still did not work...
THS-drive-map.txt
0
 
LVL 30

Expert Comment

by:captain
ID: 39822803
so the pause should have given you a chance to look at the script output is there was one, as you would have had to press a key to close it down.

If the net use succeeds, you can see this by the prompt that 'the command completed successfully'.

So the share name is simply "shared" on the destination server?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Sapeur
ID: 39824273
Yes the share name is "shared" I'll run it this afternoon after lunch and send the results, thanks!
0
 

Author Comment

by:Sapeur
ID: 39825304
I tried and still no luck.  I also tried to run the net use t:\\server_name\data\shared command from the workstation as an admin and I got

"system error 67 has occurred"

"The network name cannot be found"
0
 

Author Comment

by:Sapeur
ID: 39825318
correction "net use t: server_name\data\shared" still gives me the same 67 error
0
 

Author Comment

by:Sapeur
ID: 39825320
and I can map the drive manually in windows, so I don't think it's permissions
0
 
LVL 30

Accepted Solution

by:
captain earned 500 total points
ID: 39826414
That is good though that we have an error code.

You seem to have quoted this twice, so I thought I double check:
net use t:\\server_name\data\shared

please ensure that it is
net use t: \\server_name

with a space between t: and \\, as this means it looks for \\server to be mapped to drive T:, rather than looking for t:\\something

Secondly, the share is on the server, the data folder is wrong, so use:
net use t: \\server_name\shared
0
 

Author Comment

by:Sapeur
ID: 39826667
Ok, thanks I'll try it Monday morning.
0
 

Author Comment

by:Sapeur
ID: 39836168
Eureka it worked!!! Thanks so much Captain,  I learned a ton of scripting this last week or so.  I'm going to try to add two more drives to this script.  Here's one more question:

One of my users needs to map to another pc on the network for quickbooks access.  I'm thinking I'll write a different script for her that includes the map to the pc.  Will the existence of two scripts in folder cause any conflicts?  I'm thinking no because I'll just name her script something different.  Also, will the server know where to "find" the pc on the network?  I'm thinking yes cause it's in the ADUC and shared on the net.  Just curious.  

Well I'm off to hone my scripting skills, this is very exciting!!! Thanks again!!!
0
 

Author Closing Comment

by:Sapeur
ID: 39836170
The Captain rocks!
0
 

Author Comment

by:Sapeur
ID: 39836211
Here's what I wrote for the special quickbooks user fyi:



@echo off
net use t: /delete /yes
net use t: \\thsserver\shared
net use q: /delete /yes
net use q: \\ths-1-pc\intuit\quickbooks
net use p: /delete /yes
net use p: \\thsserver\pc images
0
 

Author Comment

by:Sapeur
ID: 39836233
Don't think it's gonna work though cause the P: drive and the Q: drives are not local to the server.  The p: is a usb drive attached for storing pc images, the Q: is on another pc.  Any ideas on how to get the two other drives mapped for just the one user?
0
 
LVL 30

Expert Comment

by:captain
ID: 39836532
Hi & many thanks for your kind words, the share name stared me in the face but it took some time until the penny dropped.

One of my users needs to map to another pc on the network for quickbooks access.  I'm thinking I'll write a different script for her that includes the map to the pc.  Will the existence of two scripts in folder cause any conflicts?  I'm thinking no because I'll just name her script something different.  Also, will the server know where to "find" the pc on the network?  I'm thinking yes cause it's in the ADUC and shared on the net.  Just curious.  

OK, there are some simple principles here that you need to follow.

The PCs need to be on the same logical network ie same IP address range only the last segment is different. - i think that is a given anyway

The PCs should have proper names that you can refer to in your script - Looks ok in your example.

Your share name should really be hidden, that way only the person using a script can connect but others cannot see the share when browsing the domain. To do this simply add a $ at the end of your sharename, eg quickbooks will become quickbooks$. Then you enter this into the script. Note: You cannot rename shares so you need to delete the old and create a new one with the new name.

I noticed again a path. net use q: \\ths-1-pc\intuit\quickbooks, this should be net use q: \\ths-1-pc\quickbooks or  net use q: \\ths-1-pc\quickbooks$ if hidden

Your share name net use p: \\thsserver\pc images  has a space in the name, you cannot do that as it will not resolve the 'images' part and only look for 'pc'. Unless there is a share with that name it will fail. So use net use p: \\thsserver\pc_images or better net use p: \\thsserver\pc_images$ to hide it, (create hidden share first).

The trickiest part is availability. PCs get switched off, servers don't. If you PC is offline your scripts will fail. You need to consider if it is a possibility to have the data on a server,

If you map on removable media I advise against this. Bad idea. For many reasons... The user on PC1 with the USB will not know if there is write access so they may remove the USB and data will get lost. Having important data (and it is important to at least 2 people otherwise you would not share it) on a USB, not good. Again look at a server for that.

The letters don't matter, one PC could map to B: the other to Z:. You only need to make sure that the drive is not already in use on a PC that is mapping them. Physical disks may take priority so mapping will again not work. P & Q: are safe range drives so it should be fine.

hth
capt.
0
 
LVL 11

Expert Comment

by:gmbaxter
ID: 39836824
I stand by my solution of using group policy preferences, as this is far neater and practical to using scripts, however glad you got it working.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Every now and then, Microsoft does something that totally impresses me. It doesn't happen often, but in this case I must say I am thoroughly impressed with Windows Server Backup. One of the long time issues with Windows Backup has been the ability t…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now