Link to home
Start Free TrialLog in
Avatar of ccfcfc
ccfcfcFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Group POlicy to allow service account to Map/use mapped drives - AD 2012

RUnning Windows 2012 and usign Group Policy to control what services can start services on a server.
Service account1 is set to login on a service and it can start services.

I want to be able to allow it to use mapped drives to writes files to another member server. As the service account is ser to be able to start a service, it is not allowed "interactive" logon on the memebr server so unable to map drive or I believe copy to a drive mapping ?
What is the best best way via a policy to control this  ?

In order to copy to another member server I need to be a membe rof "local admin" which then allows you to map drives but, not sure this the right way
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image
Drive mapping is almost purely a GUI front-end for users. Normal file operations on a mapped drive will internally use the UNC path, not the drive letter. This has been standard since XP. As such, there is almost never a reason for a service account to map a drive. It can just use a UNC path directly (which is still what would happen even if you managed to get drive mapping to work.) So there is no benefit to mapping drives in a service account.

The proper approach is to set up whatever task the service is doing to use UNC paths. Not to map a drive. That's why you are having the issues you are having.
Avatar of Don
Don
Flag of United States of America image
There are also other beneficial tools to copy files to and from another server. Dfs and robocopy to name a few.

DFS
https://mizitechinfo.wordpress.com/2013/08/21/step-by-step-deploy-dfs-in-windows-server-2012-r2/

Robocopy
http://burpee.smccme.edu/studenthowtos/robocopy.htm
Avatar of ccfcfc
ccfcfc
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Thanks for the replies but, I am not asking the "proper approach" or tools to perform the task but, I am asking how to control in a Group Policy who can use windows networking between member servers in a Windows 2012 domain.

Apreciate about UNC paths, DFS and Robocopy I am well aware of I am not having issues but trying to tie down resources via a Policy
ASKER CERTIFIED SOLUTION
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Don
Don
Flag of United States of America image
The short answer then is "You can't do that" I'm afraid