Group POlicy to allow service account to Map/use mapped drives - AD 2012

RUnning Windows 2012 and usign Group Policy to control what services can start services on a server.
Service account1 is set to login on a service and it can start services.

I want to be able to allow it to use mapped drives to writes files to another member server. As the service account is ser to be able to start a service, it is not allowed "interactive" logon on the memebr server so unable to map drive or I believe copy to a drive mapping ?
What is the best best way via a policy to control this  ?

In order to copy to another member server I need to be a membe rof "local admin" which then allows you to map drives but, not sure this the right way
ccfcfcAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Drive mapping is almost purely a GUI front-end for users. Normal file operations on a mapped drive will internally use the UNC path, not the drive letter. This has been standard since XP. As such, there is almost never a reason for a service account to map a drive. It can just use a UNC path directly (which is still what would happen even if you managed to get drive mapping to work.) So there is no benefit to mapping drives in a service account.

The proper approach is to set up whatever task the service is doing to use UNC paths. Not to map a drive. That's why you are having the issues you are having.
0
DonNetwork AdministratorCommented:
There are also other beneficial tools to copy files to and from another server. Dfs and robocopy to name a few.

DFS
https://mizitechinfo.wordpress.com/2013/08/21/step-by-step-deploy-dfs-in-windows-server-2012-r2/

Robocopy
http://burpee.smccme.edu/studenthowtos/robocopy.htm
0
ccfcfcAuthor Commented:
Thanks for the replies but, I am not asking the "proper approach" or tools to perform the task but, I am asking how to control in a Group Policy who can use windows networking between member servers in a Windows 2012 domain.

Apreciate about UNC paths, DFS and Robocopy I am well aware of I am not having issues but trying to tie down resources via a Policy
0
Cliff GaliherCommented:
My answer actually covered what you were asking. But I'll try and rephrase. Mapped drives are a GUI way to quickly access a UNC path via windows explorer or command.com.  That's it. Which, by definition, means mapped drives only apply to interactive logons.

There are no specific security policies that grant or revoke permissions to map a drive or not. Which also means you could not use a security group policy to block someone from mapping a drive to a UNC path they otherwise have access to.

The "proper approach" answer in this case was more for background. Usually when you hit walls trying to do something, there is a good reason for it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DonNetwork AdministratorCommented:
The short answer then is "You can't do that" I'm afraid
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.