Group Policy
-
Tuesday, September 09, 2008 4:04 PMDoes anyone actually know how to map user drives, based on group membership, through group policy, the way we used to do it with scripts? Microsoft has an amazing 20 page paper selling the management team on the concept, but I can't find a shred of documentation anywhere that does anything more than suggest it's possible.
Thanks!
Answers
-
Friday, September 12, 2008 8:54 AMModerator
Hi,
The color of the triangle indicates the Action of the preference policy. If the Action is “Update”, you will see a yellow triangle. If the Action is “Create”, you will see a green triangle.
In this case, please change the Action to “Create” and check the result.
If the issue persists, collect the following information for further research:
· Check the Group Policy Results:
1) On a Windows Server 2008 DC, open Group Policy Management console.
2) Right-click Group Policy Results, select Group Policy Results Wizard and follow the steps.
Note: Select Another Computer in the Computer Selection page, and type the computer name of that Windows XP SP2 computer.
What is the result of the Drive Maps Policy?· Enable Drive Maps Policy Processing trace:
1) On a Windows Server 2008 DC, open Group Policy Management console.
2) Create and GPO, and Edit.
3) Expand Computer Configuration\Policies\Administrative Templates\System\Group Policy\Logging and tracing.
4) In the right panel, double-click Drive Maps Policy Processing, select Enabled, and then select the following option:
Event logging Information, Warnings and Errors
Tracing On
5) On the Windows XP machine, type the command gpupdate /force to apply the policy.
6) Logoff and logon again. Upload the trace log file (…\All Users\Application Data\GroupPolicy\Preferences\Trace\User.log) to the following space:
https://sftasia.one.microsoft.com/choosetransfer.aspx?key=2ce21749-85bb-41eb-aa86-3cbb01ee5529
Password: EKHDFvCV[- Marked As Answer by Joson ZhouModerator Friday, September 19, 2008 9:23 AM
All Replies
-
Tuesday, September 09, 2008 7:16 PMThis can be done through Group Policy Preferences thats newly available in Windows Server 2008 and Windows Vista SP1 RSAT tools. You dont need to update any Active Directory schema as it doesnt affect AD. You only need the client side extensions (CSE) to support GPP on the client itself. Its supported through WinXP SP2 with XMLLite or IE7 or WinXPSP3 or Vista SP1.
Theres lots more you can do with it than just a mapped drive. Imagine nearly getting rid of your entire logon script....thats the power of GPP :)
Michael Kleef - Program Manager -
Tuesday, September 09, 2008 8:00 PMChuck,
for a step-by-step guide on how to set up the mapped drives, see:
http://www.realtime-windowsserver.com/systems_management_monitoring/2008/07/implementing_group_policy_pref_3.htm
That assumes you have the preferences already setup. To get there, you need to load the Client Side Extension on the clients:
http://support.microsoft.com/kb/943729
And have a Vista SP1 (with RSAT installed) or Server 2008 management station to be able to administer the Preferences.
cheers,
Florian
Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog -
Tuesday, September 09, 2008 9:04 PMHi
you can use net use command
ifmember Administrators || net use h: \\servername\share
or a vbs script
Option Explicit
Dim objNetwork, objUser, CurrentUser
Dim strGroupConst Microsoft_Denmark = "cn=microsoft_denmark"
Const Microsoft_Managers = "cn=microsoft_managers"
Set objNetwork = CreateObject("WScript.Network")Set objUser = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & objUser.UserName)
strGroup = LCase(Join(CurrentUser.MemberOf))If InStr(strGroup, Microsoft_Denmark) Then
WScript.Echo "Dentists "
' objNetwork.MapNetworkDrive "a:", "\\Server\Users\" _
' & objNetwork.UserNameElseIf InStr(strGroup, Microsoft_Managers) Then
WScript.Echo " Manager "
' objNetwork.MapNetworkDrive "b:", "\\YourServer\Users\"_
' & objNetwork.UserNameEnd If
Wscript.Echo "Finished Testing for Groups "
WScript.Quit' End of Script.
-
Wednesday, September 10, 2008 7:56 PMIt doesn't like the command "ifmember" so I have to just net use the share name without checking for group membership.
The VB script just doesn't run. I log in and get nothing. It's as though it can't find the login script. No errors, no drives. This is just crazy.
I'm doing something wrong. It's insanely simple to map a drive in a GPP. I did it. Well, I created the GPP, but when I logged in as the user, I get no drive. In the GPME, in the drive map window, the drive icon has a yellow triangle over it. Does anyone know why? -
Wednesday, September 10, 2008 8:00 PMSo my client is running XP SP2, and I downloaded and installed the appropriate CSE. The document you pointed me to is extremely easy to follow, thankyouverymuch, and I was able to create the drive mapping I wanted. The drive icon has a little yellow triangle over it, which makes me think "caution" and when I apply the GPO to the domain or the OU containing the user and log in as that user, I don't get the drive. I'm using the letter L, so there are no conflicts there, and the test user I'm logging in as has rights to that folder. What now?
-
Friday, September 12, 2008 8:54 AMModerator
Hi,
The color of the triangle indicates the Action of the preference policy. If the Action is “Update”, you will see a yellow triangle. If the Action is “Create”, you will see a green triangle.
In this case, please change the Action to “Create” and check the result.
If the issue persists, collect the following information for further research:
· Check the Group Policy Results:
1) On a Windows Server 2008 DC, open Group Policy Management console.
2) Right-click Group Policy Results, select Group Policy Results Wizard and follow the steps.
Note: Select Another Computer in the Computer Selection page, and type the computer name of that Windows XP SP2 computer.
What is the result of the Drive Maps Policy?· Enable Drive Maps Policy Processing trace:
1) On a Windows Server 2008 DC, open Group Policy Management console.
2) Create and GPO, and Edit.
3) Expand Computer Configuration\Policies\Administrative Templates\System\Group Policy\Logging and tracing.
4) In the right panel, double-click Drive Maps Policy Processing, select Enabled, and then select the following option:
Event logging Information, Warnings and Errors
Tracing On
5) On the Windows XP machine, type the command gpupdate /force to apply the policy.
6) Logoff and logon again. Upload the trace log file (…\All Users\Application Data\GroupPolicy\Preferences\Trace\User.log) to the following space:
https://sftasia.one.microsoft.com/choosetransfer.aspx?key=2ce21749-85bb-41eb-aa86-3cbb01ee5529
Password: EKHDFvCV[- Marked As Answer by Joson ZhouModerator Friday, September 19, 2008 9:23 AM
-
Friday, February 13, 2009 11:04 PMTo add to Chuck's resources, here's webcasts about Group Policy fundamentals.
-
Wednesday, July 20, 2011 4:32 PMmake sure you do not have scripting turned off in the group policy
.png){kind=spacer}
