none
Drive Mapping and GPO

    Question

  • I have read just about everything on the web about drive mapping GPO and permissions and still having a problem.

    I have a Windows Server 2008 Standard as the DC.  I have a Windows Server 2012 that will be used for DirectAccess and File Server.  On the Windows Server 2012, I have created a Data directory that is not shared.  Underneath this directory, are the folders to be shared.  Each one is Shared with Everybody Read/Write Permission.  Then each folder is disabled from inheritance and the actual Security Group(s) are give Full Control access and Everybody group is removed from NTFS Security.  NOTE: One Group has access to all folders.

    On the Windows Server 2008, I created a new GPO called Drive Maps.  There will be about 12 mappings in this GPO.  They are set to Replace under Action, given the location of \\server\Share$, Reconnect is checked and a Label is given, then a drive letter is assigned and Show this drive is checked under Hide/Show this drive.  Under the Common tab,  I have checked Item-level targeting and selected the Security Group(s) that will have access.

    The two issues are, not all the drives map for the users that have permissions to the drive(s).   The second is if someone was smart enough to know the shares URL and was not part of the group assigned permissions to that share, can gain access to the share by entering the URL under Map Network Drive.

    Not sure why the drives are not mapping when the user has the correct permissions for that share and everything is spelled correctly.  And obviously to prevent them access to the Share, I would need to create a Deny group and add that to the share with the Deny option.  Is that they correct solution?

    Any suggestions?

    Saturday, March 15, 2014 4:11 PM

Answers

  • Hi,

    Thanks for your post. Here I’d like to share some information about GPO.

    Policy settings of each GPO are divided into policy settings that affect a computer and policy settings that affect a user. After creating a GPO and edit some policies in both parts, if we link it to the OU which contains computers, these computers only apply the policy settings of Computer Configuration; if we link it to the OU which contains users, these users only apply the policy settings of User Configuration. In other words, Computer-related policies specify system behavior, application settings, security settings, assigned applications, computer startup and shutdown scripts, and so on. User-related policies specify assigned and published applications, user logon and logoff scripts, folder redirection, and so on. Be aware that computer-related settings override user-related settings. For example, we create a GPO and configure the wallpaper for users, if we link it to the OU which only contains computer1, the wallpaper of computer1 does not change to the one we configured; if we link it to the OU which only contains user1, when the user1 log on to any computer, the wallpaper of this computer will be the one we configure.

    In this case, the map drive group policy is the user configuration, please check if the GPO was linked to the OU which only contains the user account.

    Besides, the "Share$" is a hidden share folder. Please check if the share folders you created are hidden.

    For more information, please refer to the article as below:

    Using Group Policy Preferences to Map Drives Based on Group Membership

    http://blogs.technet.com/b/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspx

    Hope the information above is helpful to you.


    forum case

    Monday, March 24, 2014 7:39 AM

All replies

  • Add note:  It is the same share drives that do not display.  I can take the URL from the Drive Maps GPO and paste them into the Map Network Drive on a PC and it will map the drive.
    Saturday, March 15, 2014 4:18 PM
  • Hi ,

    Thank you for posting your issue in the forum.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Thank you for your understanding and support.

    Best Regards,

    Andy Qi

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Andy Qi
    TechNet Community Support

    Tuesday, March 18, 2014 11:53 AM
    Moderator
  • Any idea how long of a delay?  I am trying to implement this now.

    No one has any ideas or suggestions?

    Thursday, March 20, 2014 2:24 PM
  • Hi,

    Thanks for your post. Here I’d like to share some information about GPO.

    Policy settings of each GPO are divided into policy settings that affect a computer and policy settings that affect a user. After creating a GPO and edit some policies in both parts, if we link it to the OU which contains computers, these computers only apply the policy settings of Computer Configuration; if we link it to the OU which contains users, these users only apply the policy settings of User Configuration. In other words, Computer-related policies specify system behavior, application settings, security settings, assigned applications, computer startup and shutdown scripts, and so on. User-related policies specify assigned and published applications, user logon and logoff scripts, folder redirection, and so on. Be aware that computer-related settings override user-related settings. For example, we create a GPO and configure the wallpaper for users, if we link it to the OU which only contains computer1, the wallpaper of computer1 does not change to the one we configured; if we link it to the OU which only contains user1, when the user1 log on to any computer, the wallpaper of this computer will be the one we configure.

    In this case, the map drive group policy is the user configuration, please check if the GPO was linked to the OU which only contains the user account.

    Besides, the "Share$" is a hidden share folder. Please check if the share folders you created are hidden.

    For more information, please refer to the article as below:

    Using Group Policy Preferences to Map Drives Based on Group Membership

    http://blogs.technet.com/b/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspx

    Hope the information above is helpful to you.


    forum case

    Monday, March 24, 2014 7:39 AM