Group POlicy to allow service account to Map/use mapped drives - AD 2012

RUnning Windows 2012 and usign Group Policy to control what services can start services on a server.
Service account1 is set to login on a service and it can start services.

I want to be able to allow it to use mapped drives to writes files to another member server. As the service account is ser to be able to start a service, it is not allowed "interactive" logon on the memebr server so unable to map drive or I believe copy to a drive mapping ?
What is the best best way via a policy to control this  ?

In order to copy to another member server I need to be a membe rof "local admin" which then allows you to map drives but, not sure this the right way
ccfcfcAsked:
Who is Participating?
 
Cliff GaliherCommented:
My answer actually covered what you were asking. But I'll try and rephrase. Mapped drives are a GUI way to quickly access a UNC path via windows explorer or command.com.  That's it. Which, by definition, means mapped drives only apply to interactive logons.

There are no specific security policies that grant or revoke permissions to map a drive or not. Which also means you could not use a security group policy to block someone from mapping a drive to a UNC path they otherwise have access to.

The "proper approach" answer in this case was more for background. Usually when you hit walls trying to do something, there is a good reason for it.
0
 
Cliff GaliherCommented:
Drive mapping is almost purely a GUI front-end for users. Normal file operations on a mapped drive will internally use the UNC path, not the drive letter. This has been standard since XP. As such, there is almost never a reason for a service account to map a drive. It can just use a UNC path directly (which is still what would happen even if you managed to get drive mapping to work.) So there is no benefit to mapping drives in a service account.

The proper approach is to set up whatever task the service is doing to use UNC paths. Not to map a drive. That's why you are having the issues you are having.
0
 
DonNetwork AdministratorCommented:
There are also other beneficial tools to copy files to and from another server. Dfs and robocopy to name a few.

DFS
https://mizitechinfo.wordpress.com/2013/08/21/step-by-step-deploy-dfs-in-windows-server-2012-r2/

Robocopy
http://burpee.smccme.edu/studenthowtos/robocopy.htm
0
 
ccfcfcAuthor Commented:
Thanks for the replies but, I am not asking the "proper approach" or tools to perform the task but, I am asking how to control in a Group Policy who can use windows networking between member servers in a Windows 2012 domain.

Apreciate about UNC paths, DFS and Robocopy I am well aware of I am not having issues but trying to tie down resources via a Policy
0
 
DonNetwork AdministratorCommented:
The short answer then is "You can't do that" I'm afraid
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.