Group Policy Pref - Mapped Drives Not Applying to One User
-
Wednesday, January 27, 2010 2:00 AMHi All,
I’m new to this list, so please excuse any etiquette slip ups.
I have three users at a site. All their machines are running Windows XP Service Pack 3 and have client side extensions installed. I created a group policy to map their default drives using GP User Preferences.
Each of the drives is set to "update".
As an example of the policy created XML is as follows:
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="H:" status="H:"
image="2" changed="2009-11-25 05:13:58"
uid="{8A44D2F4-AAE5-4F43-AEEC-D36F08EA619C}" desc="Maps the users H drive to
ServerName\users$\%username%" bypassErrors="1"><Properties action="U"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\users$\%username%" label="Home (ServerName)"
persistent="1" useLetter="1" letter="H"/></Drive>
and
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="J:" status="J:"
image="0" changed="2009-11-30 03:52:58"
uid="{535CD462-A45D-4363-ADA1-2316D5ECC703}" desc="Maps J drive for users to
\\ServerName\apps" bypassErrors="1"><Properties action="C"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\Apps" label="Apps (ServerName)" persistent="1"
useLetter="1" letter="J"/></Drive>
The group policy is applied to an OU for that site.
All three users are in the same OU.
All three users are also in the same “xxsitecode Users” group.
2 of the users log into their pc and get the mapped drives with no issue, but one user doesn’t.
There are no other login scripts and the user has no manually mapped drives.
He does have a H drive mapped using the profile field in his AD object as a temp measure. But every 90 mins any other manually mapped drives are removed by the policy.
We don’t use roaming profiles
To trouble shoot I have tried
- Reinstalling client side extensions
- Re-joining the pc to the domain
- Running gpupdate from the command prompt to see if any event logs are generated (none are)
- Manually mapping the drives to make sure there is network access etc – I can manually map them/he can access them.
- Creating the user a new account, when he logs in using that account he gets his mapped drives on all PC’s
- Getting the user to log into a different pc, when he does this he doesn’t get his drives – so it’s not his machine or profile
- Manually checking the security on the user object in AD against one of the users who gets their drives mapped
I'm sure the GP is fine because it works for two other users and the testing isolates his user account as the issue.
The Policy I’m having issues with is xxxx Mapped Drives/ Printers
I have posted this issue on the tech net GP discussion groups page, but haven’t had any replies.
Any suggestions would be appreciated.
Simone- Edited by Simone_Bennett Wednesday, February 10, 2010 4:49 AM
All Replies
-
Wednesday, January 27, 2010 3:15 AMTurn on details logging for the drive mapping and see what it says...
Computer > Policies > Administrative Tempaltes > System > Group Policy > Loggin and tracing > Configured drive maps preferences loggin and tracing...
Then on the PC talk a look log and see if there is anything obvious.
Alan Burchill http://www.grouppolicy.biz -
Wednesday, January 27, 2010 7:43 AMHi Alan,
Thanks for the response. Are you talking about group policy or the local policies?
I had a look in Gp and i cant see that setting. I even looked through "all settings" http://tweetphoto.com/9696977
Am I missing something obvious?
-
Wednesday, January 27, 2010 12:01 PMHi Simone,
I had the same issues not seeing the loggin and tracing settings. You probably miss the preferences admx files. See following article on how to fix this....
http://blogs.technet.com/askds/archive/2008/07/18/enabling-group-policy-preferences-debug-logging-using-the-rsat.aspx
Cheers,
Gunter- Proposed As Answer by Williamson CO Thursday, January 17, 2013 5:53 PM
- Unproposed As Answer by Williamson CO Thursday, January 17, 2013 5:53 PM
-
Thursday, January 28, 2010 3:27 AMModerator
Hi Simone,
In addition to Gunter's suggestion, please also check the settings below:1. Install the Group policy preference extension for the client computers.
http://support.microsoft.com/Default.aspx?kbid=943729
If the client computer version is Windows XP, please also install the KB http://support.microsoft.com/kb/915865 and disable the fast logon Optimization feature.
http://support.microsoft.com/kb/305293
2. Go to GPMC console on the Windows 2008 server, enable the relevant policy processing under the path [Computer Configuration | Policies | Administrative Templates | System | Group Policy | Drive Maps Policy Processing] for client computers.
Enabled - Allow processing across a slow network connection
- Process even if the Group Policy objects have not changed
Background priority : Idle
3. Install the Group policy Preferences Client-Side Extension Hotfix Rollup
http://support.microsoft.com/kb/974266
Wilson Jia
This posting is provided "AS IS" with no warranties, and confers no rights. -
Tuesday, February 02, 2010 3:37 AMHi Wilson,
Thanks for your reply. I think I will skip modifying the policy because the other users at the same site, same link, same everything - are fine. I 99% it is a user specific issue.
thanks for helping out though :) -
Tuesday, February 02, 2010 4:00 AMHi Gunter,
I've downloaded the preferences file, but i'm not 100% clear on how to copy them over.. are you able to help? -
Tuesday, February 02, 2010 4:36 AMHi Simone,
Just a quickie, but have you used the Group Policy Management Console to generate an Resultant Set of Policy listing for both the affected user and one of the users for whom the settings behave? Unlike gpresult and rsop.msc, the GPMC will actually capture policy preference settings as well, which may or may not shed some light on the matter.
In addition - and I don't know if this is even installed retrospectively on a Windows XP client, but at least under Windows 7, the group policy client has its own section under the Event Viewer that can also give you high level information on what the client side extensions are doing (or not doing). I'm going with my instinct here and assuming that functionality won't be extended to XP, but it was worth a mention.
Have you also tried mapping an additional "test" drive for that user, using the same policy preferences mechanism? You can do this using policy preference targetting so that it does not effect anyone other than the intended test user. Let me know if you need a step by step walkthrough on how to do this. At least that way you can test everything involved in the delivery process without the potential complication of the account-driven H: mapping.
Cheers,
Lain
University of Notre Dame,
Fremantle, Australia -
Tuesday, February 02, 2010 9:28 AMHi Simone,
Once you installed the preferences.msi, the required files are located in c:\program files\Microsoft Group Policy\Perferences\PolicyDefinitions\ folder.
If you do not use a central store (on the domain controller) do the following:
Copy the GroupPolicyPreferences.admx file from the c:\program files\Microsoft Group Policy\Perferences\PolicyDefinitions\ folder into your c:\windows\PolicyDefintions folder on your Win7 client.
Then copy the en-us folder (and other languages that you need) to the c:\windows\PolicyDefinition folder.
If you use a central store copy the file to the PolicyDefinitions folder on the domain controller.
I recently tested this and it worked on my side.
hope that helps,
Gunter -
Thursday, February 04, 2010 1:29 AMModeratorHi Simone,
In addition to Gunter's suggestion, you can create a central store on your DCs according to the articles below:
Administrative Templates (ADMX) for Windows Server 2008
http://www.microsoft.com/downloads/details.aspx?FamilyID=927fc7e3-853c-410a-acb5-9062c76142fa&DisplayLang=en
Regards,
Wilson Jia
This posting is provided "AS IS" with no warranties, and confers no rights. -
Thursday, February 04, 2010 4:46 AMHey Lian,
Thanks for your time.
- Have you used the Group Policy Management Console to generate an Resultant Set of Policy listing for both? |
I had, but it didn't shed much light:
No mapped drives user:
DOMAIN\USERX on DOMAIN\MACHINENAME
Data collected on: 4/02/2010 2:10:27 PM all
Summary
Computer Configuration Summary
General
Computer name DOMAIN\MACHINENAME
Domain DOMAIN.com.au
Site MD01
Last time Group Policy was processed 4/02/2010 12:17:28 PM
Group Policy
Applied GPO
Name Link Location Revision
Local Admin & Local Power Users DOMAIN.com.au AD (290), Sysvol (290)
Reg Permissions for default desktop DOMAIN.com.au AD (4), Sysvol (4)
Desktop Background & Home Page DOMAIN.com.au AD (19), Sysvol (19)
AU-WSUS DOMAIN.com.au AD (9), Sysvol (9)
Logon as service, operating system DOMAIN.com.au AD (24), Sysvol (24)
Proxy Settings DOMAIN.com.au AD (164), Sysvol (164)
Legal Notice DOMAIN.com.au AD (73), Sysvol (73)
Default Domain Policy DOMAIN.com.au AD (240), Sysvol (240)
au-mdwsus DOMAIN.com.au/MD01 AD (4), Sysvol (4)
Allow Remote Assistance DOMAIN.com.au AD (11), Sysvol (11)
Denied GPO
Name Link Location Reason Denied
Local Group Policy Local Empty
AVD Rollout DOMAIN.com.au Disabled GPO
MD01 Mapped Drives/ Printers DOMAIN.com.au/MD01 Empty
Security Group Membership when Group Policy was applied
BUILTIN\Administrators
Everyone
MACHINENAME\Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
DOMAIN\MACHINENAME$
DOMAIN\Domain Computers
DOMAIN\CERTSVC_DCOM_ACCESS
WMI Filter
Name Value Reference GPO(s)
None
Component Status
Component Name Status Last Process Time
Group Policy Infrastructure Success 4/02/2010 12:17:29 PM
EFS recovery Success (no data) 19/01/2010 1:23:38 PM
Group Policy Local Users and Groups Success 4/02/2010 12:17:29 PM
Registry Success 19/01/2010 1:23:34 PM
Scripts Success 19/01/2010 1:23:35 PM
Security Success 2/02/2010 6:40:40 AM
Software Installation Pending 18/06/2009 5:30:10 PM
Software Installation did not complete policy processing because a system restart is required for the settings to be applied. Group Policy will attempt to apply the settings the next time the computer is restarted.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 18/06/2009 5:30:10 PM and 18/06/2009 5:30:10 PM.
User Configuration Summary
General
User name DOMAIN\USERX
Domain DOMAIN.com.au
Last time Group Policy was processed 4/02/2010 1:38:45 PM
Group Policy
Applied GPO
Name Link Location Revision
Desktop Background & Home Page DOMAIN.com.au AD (45), Sysvol (45)
Proxy Settings DOMAIN.com.au AD (21), Sysvol (21)
Default Domain Policy DOMAIN.com.au AD (29), Sysvol (29)
MD01 Mapped Drives/ Printers DOMAIN.com.au/MD01 AD (54), Sysvol (54)
Allow Remote Assistance DOMAIN.com.au AD (6), Sysvol (6)
Denied GPO
Name Link Location Reason Denied
Local Group Policy Local Empty
Local Admin & Local Power Users DOMAIN.com.au Empty
AVD Rollout DOMAIN.com.au Disabled GPO
Reg Permissions for default desktop DOMAIN.com.au Empty
AU-WSUS DOMAIN.com.au Empty
Logon as service, operating system DOMAIN.com.au Empty
Legal Notice DOMAIN.com.au Disabled GPO
au-mdwsus DOMAIN.com.au/MD01 Empty
Security Group Membership when Group Policy was applied
DOMAIN\Domain Users
Everyone
MACHINENAME\Offer Remote Assistance Helpers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
DOMAIN\Computer Account Operators
DOMAIN\Internet Users
DOMAIN\Mungindi Users
DOMAIN\DOMAIN-Public Folders Administrators
DOMAIN\All Email Users
DOMAIN\Domain Admins
DOMAIN\Offer Remote Assistance Helpers
DOMAIN\WSUS Administrators
DOMAIN\DHCP Administrators
DOMAIN\CERTSVC_DCOM_ACCESS
WMI Filter
Name Value Reference GPO(s)
None
Component Status
Component Name Status Last Process Time
Group Policy Infrastructure Success 4/02/2010 1:38:46 PM
Group Policy Drive Maps Success 20/01/2010 7:27:48 AM
Group Policy Internet Settings Success 19/01/2010 2:58:35 PM
Internet Explorer Branding Success 20/01/2010 7:27:50 AM
User with working Mapped Drives:
Computer name DOMAIN\MACHINENAME
Domain DOMAIN.com.au
Site MD01
Last time Group Policy was processed 4/02/2010 1:26:52 PM
Group Policy Objects
Applied GPOs
Name Link Location Revision
Local Admin & Local Power Users DOMAIN.com.au AD (290), Sysvol (290)
Reg Permissions for default desktop DOMAIN.com.au AD (4), Sysvol (4)
Desktop Background & Home Page DOMAIN.com.au AD (19), Sysvol (19)
AU-WSUS DOMAIN.com.au AD (9), Sysvol (9)
Logon as service, operating system DOMAIN.com.au AD (24), Sysvol (24)
Proxy Settings DOMAIN.com.au AD (164), Sysvol (164)
Legal Notice DOMAIN.com.au AD (73), Sysvol (73)
Default Domain Policy DOMAIN.com.au AD (240), Sysvol (240)
au-mdwsus DOMAIN.com.au/MD01 AD (4), Sysvol (4)
Allow Remote Assistance DOMAIN.com.au AD (11), Sysvol (11)
Denied GPOs
Name Link Location Reason Denied
Local Group Policy Local Empty
AVD Rollout DOMAIN.com.au Disabled GPO
MD01 Mapped Drives/ Printers DOMAIN.com.au/MD01 Empty
Security Group Membership when Group Policy was applied
BUILTIN\Administrators
Everyone
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
DOMAIN\MACHINENAME$
DOMAIN\Domain Computers
DOMAIN\CERTSVC_DCOM_ACCESS
WMI Filters
Name Value Reference GPO(s)
None
Component Status
Component Name Status Last Process Time
Group Policy Infrastructure Success 4/02/2010 1:26:53 PM
EFS recovery Success (no data) 24/11/2009 1:08:56 PM
Group Policy Local Users and Groups Success 4/02/2010 1:26:53 PM
Registry Success 22/01/2010 4:47:19 PM
Scripts Success 24/11/2009 1:08:30 PM
Security Success 3/02/2010 7:30:15 AM
Software Installation Pending 30/07/2009 12:17:24 PM
Software Installation did not complete policy processing because a system restart is required for the settings to be applied. Group Policy will attempt to apply the settings the next time the computer is restarted.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 30/07/2009 12:17:24 PM and 30/07/2009 12:17:24 PM.
User Configuration Summary
General
User name DOMAIN\HAPPYUSER
Domain DOMAIN.com.au
Last time Group Policy was processed 4/02/2010 1:41:59 PM
Group Policy Objects
Applied GPOs
Name Link Location Revision
Desktop Background & Home Page DOMAIN.com.au AD (45), Sysvol (45)
Proxy Settings DOMAIN.com.au AD (21), Sysvol (21)
Default Domain Policy DOMAIN.com.au AD (29), Sysvol (29)
MD01 Mapped Drives/ Printers DOMAIN.com.au/MD01 AD (54), Sysvol (54)
Allow Remote Assistance DOMAIN.com.au AD (6), Sysvol (6)
Denied GPOs
Name Link Location Reason Denied
Local Group Policy Local Empty
Local Admin & Local Power Users DOMAIN.com.au Empty
AVD Rollout DOMAIN.com.au Disabled GPO
Reg Permissions for default desktop DOMAIN.com.au Empty
AU-WSUS DOMAIN.com.au Empty
Logon as service, operating system DOMAIN.com.au Empty
Legal Notice DOMAIN.com.au Disabled GPO
au-mdwsus DOMAIN.com.au/MD01 Empty
Security Group Membership when Group Policy was applied
DOMAIN\Domain Users
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
DOMAIN\BC-Local
DOMAIN\Internet Users
DOMAIN\Toowoomba-Feedlot
DOMAIN\Mungindi Users
DOMAIN\Opac Live
DOMAIN\GrainPool
DOMAIN\All Email Users
DOMAIN\DOMAINSWIFTEMAIL
DOMAIN\BC-OPAC
DOMAIN\CERTSVC_DCOM_ACCESS
WMI Filters
Name Value Reference GPO(s)
None
Component Status
Component Name Status Last Process Time
Group Policy Infrastructure Success 4/02/2010 1:41:59 PM
Group Policy Drive Maps Success 11/12/2009 7:04:14 AM
Group Policy Internet Settings Success 18/12/2009 7:09:28 AM
Internet Explorer Branding Success 26/11/2009 7:05:22 AM
- re: Event Viewer : Yeah, unfortunately XP has limited event logging. And it all looks clear. There is this error, but i think its related to the report i'm running from this end:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1091
Date: 4/02/2010
Time: 2:39:35 PM
User: NT AUTHORITY\SYSTEM
Computer: LAUQLDMD012923
Description:
The Group Policy client-side extension Security failed to log RSOP (Resultant Set of Policy) data. Please look for any errors reported earlier by that extension.
- Yep, I added another drive for the whole OU and also for the single user, made sure the policy was replicated to the DC he authenticates to and rebooted to make sure they applied - but he still has no mapped drives.
Have a great day
Simone :) - Have you used the Group Policy Management Console to generate an Resultant Set of Policy listing for both? |
-
Thursday, February 04, 2010 5:29 AMHi Wilson,
I initially downloaded them from there, but when I try to copy the en-us folder I get an "access is denied" error. I'm a local admin on my pc and a domain admin. I've also changed my role to Admin within UAC on my pc - so i'm not sure why i cant copy it to c:\windows\policy definitions
I also searched \\domain.com\SYSVOL for a "Policy Definitions" folder and I cant find one, so I'm not sure where they go. In the article mentioned it just says put them in the appropirate location
Any ideas? -
Thursday, February 04, 2010 7:34 AM Hi again Simone,
How about under the Settings tab for that generated resultant set of policy? Did you see if the drive showed up under the Preferences section? I guess what I'm mulling over is the nagging feeling that the profile level mapping of the H: is coming after the policy preferences mapping.
With respect to the policy preferences change I was referring to earlier, I was thinking you might like to try:
- Adding an additional drive mapping to the very same policy you've been successfully using for the other users, with an alternative letter,
- Using WMI targetting under the Common tab to target this additional drive just to the troubled user, so it doesn't apply to anyone else,
- Making sure the setting ends up appearing within the RSOP data through double-checking with the GPMC (since rsop.msc won't do this).
Here's some illustrations of how I'd have set up the temporary additional drive mapping (I'm really hoping these come through okay).
User Configuration / Drive mapping general properties tab (http://7mgp6a.bay.livefilestore.com/y1pWjUDVsUVyLV3tC1c2Rd_OpOjMToXljkIHNflHuTTNsyOgXIWObFbVFwp2UbWrDb8v6vA0BOW8DTSFdsBMKU9XCGR7qKJ-H51/gpmc_pref_driveGeneral.png)
Common tab configuration (http://public.bay.livefilestore.com/y1pbL7LBhYBz1Vey3dblw_yrLegLRxRII8ytsVyIT1wBLO5LxNDtZPyU-vaTe3c6h9_TluawboV2HySJo4a0-6Jwg/gpmc_pref_driveCommon.png)
Targetting properties (http://public.bay.livefilestore.com/y1p-QKMCcvKU03AXvhdpoiq_NYBodKzm-YqRr3EFnPNR6jvtne-LLujdtDXC-wR_L7nXTYaygSdHOq9l3jUmL19YQ/gpmc_pref_driveCommon_Targetting.png)
Needless to say the user in this last picture would be your user, not my poor little Guest account!
Cheers,
Lain- Marked As Answer by Simone_Bennett Thursday, March 25, 2010 11:00 PM
-
Friday, February 05, 2010 7:31 AMModeratorHi Simone,
On the prolbmatic computer, can you manually map the drive successfully?
Please check the following thread which might be helpful to resolve this issue.
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/94b05beb-0636-41f3-b0b4-95189ad3789f
However, To create a central store of ADMS files, you don't need to copy them on your clients, please follow the steps below:
1. Create the root folder for the central store %systemroot%\sysvol\domain\policies\PolicyDefinitions on your domain controller.
2. Create a subfolder of %systemroot%\sysvol\domain\policies\PolicyDefinitions for each language your Group Policy administrators will use. Each subfolder is named after the appropriate ISO-style Language/Culture Name. For a list of ISO-style Language/Culture Names, see Locale Identifiers. For example, to create a subfolder for United States English, create the subfolder: %systemroot%\sysvol\domain\policies\PolicyDefinitions\EN-US.
Populate the central store with ADMX files
There is no user interface for populating the central store in Windows Vista , Windows 7 or Windows 2008 R2. The following procedure shows how to populate the central store using command line syntax from the domain controller.
To populate the central store
1. Open a command window: Click Start, click Run, and type cmd, and then press ENTER.
2. To copy all language-neutral ADMX files (.admx) from your Windows Vista / 7 administrative workstation or Window 2008 R2 server to the central store on your domain controller using the copy command, type:
copy %systemroot%\PolicyDefinitions\* %logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions\
3. To copy all ADMX language-specific resource files (.adml) from your Windows Vista administrative workstation to the central store on your domain controller using the copy command, type:
copy %systemroot%\PolicyDefinitions\[MUIculture]\* %logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions\[MUIculture]\
For example, to copy all United States English .adml files, type the following:
copy %systemroot%\PolicyDefinitions\EN-US\* %logonserver%\sysvol\%userdnsdomain%\policies\PolicyDefinitions\EN-US\
More infomation about ADMX centrel store, you may refer to:http://technet.microsoft.com/en-us/library/cc766208(WS.10).aspx
Regards,
Wilson Jia
This posting is provided "AS IS" with no warranties, and confers no rights. -
Friday, February 05, 2010 9:01 AMWilson, I don't think the store is the issue. The main bone of contention seems to be that two users get the expected result, while one doesn't.
Cheers,
Lain -
Friday, February 05, 2010 11:17 AMHi Lian,
That's exactly how i have set up the two extra drives. One targeted to him (and matched by SID) and another to the whole ou. He gets's nothing.
But on monday I can re-create the test drives and run RSOP again.
Stand by. -
Friday, February 05, 2010 11:20 AMHi Wilson,
To trouble shoot I have tried:
- Manually mapping the drives to make sure there is network access etc – I can manually map them/he can access them.
Also:
- Re-joining the pc to the domain
- Running gpupdate from the command prompt to see if any event logs are generated (none are)
- Reinstalling client side extensions
- Creating the user a new account, when he logs in using that account he gets his mapped drives on all PC’s
- Getting the user to log into a different pc, when he does this he doesn’t get his drives – so it’s not his machine or profile
- Manually checking the security on the user object in AD against one of the users who gets their drives mapped
Thanks for the info on the central store, we're in the middle of a big rollout so i don't want to make any major changes if i can help it, but that info is great :)
-
Tuesday, February 09, 2010 5:18 PM
Hi Simone
Probably a silly question - but have you made sure that XMLLite was installed as well as the preferences client side extensions?
If IE7 or higher is installed then this shouldn't be required, but even if so it might be worth reinstalling XMLLite. You can download it from here if required.
-
Tuesday, February 09, 2010 5:20 PMAlso, if you run rsop.msc against the user/machine you should be able to see if the preferences client side extensions have executed successfully or not. If not, there may be information in the eventlog that will point you in the right direction.
-
Wednesday, February 10, 2010 12:40 AMHi there,
Thanks for the reply.
When I run the Group Policy Results Wizard from the GP MMC and click the " Settings " tab it says that it applied the mapped drive settings:
Preferences >Windows Settings>Drive Maps
Drive Map (Drive: T)
The following settings have applied to this object. Within this category, settings nearest the top of the report are the prevailing settings when resolving conflicts.
T:
Winning GPO MD01 Mapped Drives/ Printers
Result: Success
SERVERNAME
Action Update
Properties Letter T
Location \\SERVERNAME\Transfer
Reconnect Enabled
Label as Transfer (SERVERNAME)
Use first available Disabled
Hide/Show this drive No change
Hide/Show all drives No change
Drive Map (Drive: H)
The following settings have applied to this object. Within this category, settings nearest the top of the report are the prevailing settings when resolving conflicts.
H:
Winning GPO MD01 Mapped Drives/ Printers
Result: Success
SERVERNAME
Action Update
Properties Letter H
Location \\SERVERNAME\users$\%username%
Reconnect Enabled
Label as Home (SERVERNAME)
Use first available Disabled
Hide/Show this drive No change
Hide/Show all drives No change
Drive Map (Drive: J)
The following settings have applied to this object. Within this category, settings nearest the top of the report are the prevailing settings when resolving conflicts.
J:
Winning GPO MD01 Mapped Drives/ Printers
Result: Success
SERVERNAME
Action Update
Properties Letter J
Location \\SERVERNAME\Apps
Reconnect Enabled
Label as Apps (SERVERNAME)
Use first available Disabled
Hide/Show this drive No change
Hide/Show all drives No change
and so on. It also shows all the other GP settings, but on the "events" tab there are a few errors:
Windows cannot obtain the domain controller name for your computer network. (A socket operation was attempted to an unreachable host. ). Group Policy processing aborted.
The Group Policy client-side extension Security failed to log RSOP (Resultant Set of Policy) data. Please look for any errors reported earlier by that extension.
Security policy in the Group policy objects has been applied successfully.
Not sure if they are any use, but I appreciate your help. Let me know if this was what you were after.
Simone -
Wednesday, February 10, 2010 12:47 AMhey again, Im 99% sure I've had the user install this manually, but just emailed to confirm. It's been dragging on since about November last year so I need to check :) Edit: User tells me that when he tries to download that package he gets a warning about the files being incompatible.
-
Wednesday, February 10, 2010 3:47 AMHi Simone,
Time for another silly question: They're not running a login script at all, are they? Either via the user account setting or via GPO?
It's really sounding like everything is applying as it ought to, and something is coming along post-process and wiping the drives, ala a "net use * /del /y" statement (or analagous script).
Cheers,
Lain -
Wednesday, February 10, 2010 4:29 AMoh! I had high hopes for that suggestion. BUT - we apply login scripts via gp and then groups. I had a look and the user who isn't getting his drives is only in the groups for the new site, so he's only getting group policy.
Is there an easy way to make sure he's not getting a login script from one of the other sites?
Edit: scrap that - he's not. I'm 99.99% sure. -
Wednesday, February 10, 2010 4:40 AMHmm, well, if he's running a group-policy based script (only relevant to the user logon, not the computer), then it would have shown up under this resultant set of policy branch:
- User Configuration > Windows Settings > Scripts (Logon / Logoff)
Otherwise, the only other location for specifying a user-based logon is under the Profile tab of their Active Directory user account. If both of these locations aren't filled out, then probably not running anything in the way of a logon script. I say probably because there are registry keys, and also the Startup folder in the Start Menu that represent alternate locations for running user scripts, so I guess you could check those as well, though they would only come into play across multiple PCs if a roaming profiles (HKCU registry locations) and folder redirection (start menu) are being used.
I'm still fairly convinced there's nothing wrong with either your machine, or your user with respect to the successful application of the policy settings. That's probably borne out by getting another user who gets the settings correctly logging onto the PC your unfortunate user is using. My money is on their drives appearing just fine, which immediately rules out all the stuff above relating to CSE issues.
Maybe ask them if they see a black window pop up at all - however briefly, as part of logging in.
Cheers,
Lain -
Wednesday, February 10, 2010 4:47 AMWhat's interesting is that I applied a new GP to users - it has one policy setting and one preferences setting. He only gets the policy setting.. aka he gets the wallpaper but not the homepage.
Also, Jorke asked me to post the gpresult /z .
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 10/02/2010 at 2:19:34 PM
RSOP results for DOMAIN\USER on MACHINENAME : Logging Mode
-------------------------------------------------------------
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: SITECODE
Roaming Profile:
Local Profile: C:\Documents and Settings\USER.DOMAIN
Connected over a slow link?: No
COMPUTER SETTINGS
------------------
CN=MACHINENAME,OU=Laptops,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:06:38 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Allow Remote Assistance
au-mdwsus
Default Domain Policy
Legal Notice
Proxy Settings
Logon as service, operating system
AU-WSUS
Desktop Background & Home Page
Reg Permissions for default desktop
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
SITECODE Mapped Drives/ Printers
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The computer is a part of the following security groups:
--------------------------------------------------------
BUILTIN\Administrators
Everyone
Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
MACHINENAME$
Domain Computers
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for Computer:
----------------------------------------
Software Installations
----------------------
N/A
Startup Scripts
---------------
GPO: Desktop Background & Home Page
Name: image.bat
Parameters:
LastExecuted: 7:55:34 PM
Name: swiftdesktop.vbs
Parameters:
LastExecuted: 7:55:35 PM
Shutdown Scripts
----------------
N/A
Account Policies
----------------
Audit Policy
------------
User Rights
-----------
Security Options
----------------
Event Log Settings
------------------
Restricted Groups
-----------------
System Services
---------------
Registry Settings
-----------------
File System Settings
--------------------
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\CurrentVersion\Winlogon
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Desktop Background & Home Page
Setting: Software\Policies\Microsoft\Internet Explorer\Security
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
USER SETTINGS
--------------
CN=Matthew Luhrs,OU=Users,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:54:53 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
-----------------------------
Allow Remote Assistance
**** SITECODE Mapped Drives/ Printers - has Gp Pref's that should apply
Default Domain Policy
Proxy Settings
**** Desktop Background & Home Page - has Gp Pref's that should apply
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
AU-WSUS
Filtering: Not Applied (Empty)
Legal Notice
Filtering: Disabled (GPO)
Reg Permissions for default desktop
Filtering: Not Applied (Empty)
Logon as service, operating system
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
au-mdwsus
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The user is a part of the following security groups:
----------------------------------------------------
Domain Users
Everyone
Offer Remote Assistance Helpers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Computer Account Operators
Internet Users
SITECODE Users
DOMAIN-Public Folders Administrators
All Email Users
DOMAINSWIFTEMAIL
Domain Admins
Offer Remote Assistance Helpers
WSUS Administrators
DHCP Administrators
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for User:
------------------------------------
Software Installations
----------------------
N/A
Public Key Policies
-------------------
N/A
Administrative Templates
------------------------
N/A
Folder Redirection
------------------
N/A
Internet Explorer Browser User Interface
----------------------------------------
GPO: Proxy Settings
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
----------------------------
HTTP Proxy Server: Proxy:port
Secure Proxy Server: Proxy:port
FTP Proxy Server: Proxy:port
Gopher Proxy Server: Proxy:port
Socks Proxy Server: Proxy:port
Auto Config Enable: Yes
Enable Proxy: Yes
Use same Proxy: Yes
Internet Explorer URLs
----------------------
GPO: Proxy Settings
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
--------------------------
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: Proxy Settings
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
--------------------------
GPO: Proxy Settings
Import the current Program Settings: No -
Wednesday, February 10, 2010 4:55 AMHi Lain,
If another user logs into his laptop they get the drives (and the homepage co-incidentally). I created him a test user, he logged into his pc and everything worked as expected. -
Wednesday, February 10, 2010 5:27 AMI don't think we're going to get a lot of value out of gpresult, for the same reason as running rsop: neither of them cover policy preferences, which is what you're working with. I'd stick to what you've been doing with the GPMC.
With respect to your issue of the policy being applied while the preference is not for the proxy setting, I'm having a whale of a time with this, as it's bugging out on me (with an IE8 policy setting). When I first applied the home page policy preference, closed the policy editor, and refreshed the settings, it showed the policy as being completely empty.
From there, I went back into the policy, changed a setting (the run in the user's context checkbox under the common tab), went back out, and now I'm staring at the Internet zone being classed as High security. That's not exactly the same setting as the home page, last I knew anything about IE.
Seems really robust. Not.
Cheers,
Lain -
Wednesday, February 10, 2010 5:28 AMOkay, the main take away from that test is that the PC does not have an issue. You already have said as much, but that confirms it for my mind.
Cheers,
Lain -
Wednesday, February 10, 2010 6:09 AMHi Lain,
Correct any other users using his laptop gets the drives. I had them re-try it to confirm. So as far as i can tell that rules out anything that needs to be on the local machine like XLM lite, Client side extensions etc etc. It's nothing to do with drive maps/ permissions/ paths etc because the IE homepage doesn't work for him either. The group policy, policy setup, ADMX store is fine because it works for two other users.
The only common things after extensive testing are:
- He doesn't get any GP preferences settings
- It doesn't matter what machine he logs into
-
Wednesday, February 10, 2010 6:17 AM
Well, this is ironic. In looking at your IE policy preference issue, I'm now looking at what in our environment is a reproducable error. I'd be curious to see how others fare when testing this.
Steps:
1. Create a new policy object (no need to attach it to anything),
2. Disable the computer settings,
3. Open the policy for editing,
4. Add a Internet Explorer 8 user policy preference, under User Config > Preferences > Control Panel Settings > Internet Settings,
5. NOTE: Do not click on any other tabs other than the General tab (default tab upon creation) and the Common tab, as it would appear that clicking on additional tabs updates the editor's perception of what has changed,
6. Add in a URL of your choosing into the Home page section (I just used www.hotmail.com),
7. Exit the policy editor,
8. Refresh the setting in the GPMC.
I can reproduce the issue at will, with the issue being the GPMC reports the policy object as empty. If I select any of the other tabs excluding Common, then I get updates from those pages, even if I didn't change anything, but I can't get the General page to register as having had a home page added.
Environment:
Client hosting the GPMC: Windows 7,
Server being connected to: Windows Server 2008 with SP2,
Client recieving the policy change: Windows 7 hosted by Windows Virtual PC.
Cheers,
Lain
Edited: Nevermind the above post. The following article explains why this is happening: http://blogs.technet.com/grouppolicy/archive/2008/10/13/red-green-gp-preferences-doesn-t-work-even-though-the-policy-applied-and-after-gpupdate-force.aspx. Learnt something new for the day, it seems. I'll leave my own mistake in here in case it helps someone else in the same boat.- Edited by Lain Robertson Wednesday, February 10, 2010 6:20 AM Correcting some horrid spelling
-
Thursday, February 11, 2010 12:01 AMYeah that got me at first too. I know 100's of other users have the home page so it's all good now.
-
Monday, February 15, 2010 11:20 PMHi All,
Since this thread seems to have gone dead - where do I go from here? Is this something MS will help with? -
Tuesday, February 16, 2010 3:06 AMHi, Simone.
I'll admit I'm struggling for further suggestions on this one as well. That said, here's a couple of diagnostic settings you can tinker with. This comes off the back of noting that the "last applied" times from the much earlier post with GPMC RSOP results in some cases were quite dated.
On the local machine (so you don't have to change the domain policy thereby affecting the other users)
1. Launch gpedit.msc
2. Navigate to Computer Config > Admin Templates > System > Logon > "Always wait for the network at computer startup and logon" = Enable
On a Windows Server 2008 domain controller
1. Launch the GPMC
2. Edit the policy with the drive mappings
3. Navigate to Computer Config > Admin Templates > System > Group Policy > "Drive Maps Policy Processing"=Enabled + both checkboxes ticked
4. Navigate to Computer Config > Admin Templates > System > Group Policy > Logging and Tracing > Drive Maps Policy Processing=Enabled with the following settings:
a. Event logging = Informational, Warnings and Errors
b. Tracing = On
c. File locations are up to you, but at least make a note of their default locations so you can find them more readily.
I'd be curious to see what the nett result is. Also, is this person using a roaming profile? And how do their group memberships compare to those of the users for whom the settings work? (Not quite sure where that last question might lead - it's just a catch-all to ask it)
Lastly, have you tried using the Replace option within the policy preference definition?
Cheers,
Lain -
Monday, February 22, 2010 9:43 PMI have found that when a policy like this doesn't work for one specific user, it means that that user does not have the correct security set on the shared network drive. Either they aren't part of the correct group for access, or if it's their user home drive, somehow the folder's permissions got screwed up. Usually this is accompanied by an "Access Denied" in the system log file.
I have also found that despite turning on the "wait for network before logging on" policy, it still sometimes requires a logoff/logon before the drives will show up.- Proposed As Answer by mplichta Monday, February 22, 2010 9:43 PM
- Unproposed As Answer by Simone_Bennett Monday, February 22, 2010 11:32 PM
-
Monday, February 22, 2010 11:38 PMhi,
I can manually map the drives and the user can use them with no issue so that rules out folder/share permissions as the issue.
He also has the exact same group membership as the two other users who get the drives mapped on login
Please see initial post for further details re troubleshooting:
To troubleshoot I have tried:- Manually mapping the drives to make sure there is network access etc – I can manually map them/he can access them.
- Creating the user a new account, when he logs in using that account he gets his mapped drives on all PC’s
- Manually checking the security on the user object in AD against one of the users who gets their drives mapped
- Proposed As Answer by SteveW1999 Friday, February 26, 2010 6:27 PM
- Unproposed As Answer by Simone_Bennett Sunday, February 28, 2010 1:47 AM
-
Friday, February 26, 2010 6:32 PM
I had a similar issue. In the user account (Server 2003 Domain controller) on the profile tab, somebody set the home directory. This was over riding any logon scripts / group policy mapping that I ws trying to do.
-
Saturday, February 27, 2010 1:01 AM
You said that a test account for him works fine?
At this stage I would be very tempted to cut my losses and just create him a new account. Migrate his data over and be done with it.
Sure its nice to find out exactly what is wrong but there is a limit to everything. I know its a negative response but thats what I would be doing I think. -
Sunday, February 28, 2010 1:46 AMI need to roll these settings out across the entire company - 40,000 users. If i do that and there is a percentage that have issues there will be lots of new accoutns with chnaged SID's that need to be dealt with. I'd really like to know how to resolve the issue if it happens to lots of users.
-
Sunday, February 28, 2010 8:58 AMHey, Simone.
I'm not sure if you had a chance to enable the preferences logging as per a couple of posts back, but the drives preferences logging may help out here, along with the winlogon.log.
If you want an extra pair of eyes for this problem, you can get a hold of me at lrobertson AT nd .edu .au.
Cheers,
Lain -
Tuesday, March 02, 2010 12:36 AMThe user is on leave for two weeks so I'll have to wait for him to get back. I'll post the logs as soon as i get them and see if there is anything of interest.
-
Tuesday, March 09, 2010 2:21 PM
Maybe his local computer profile is corrupt. You can try to remove it (back-up first), log back on and see if this helps.
-
Tuesday, March 09, 2010 2:58 PMCheck this out: http://www.tech-archive.net/Archive/Windows/microsoft.public.windows.server.sbs/2009-03/msg02420.html
After disabling UAC it worked on our 'problem Vista' but since you have XP SP3, the problem may be he is a local admin to his PC. -
Tuesday, March 09, 2010 3:24 PMGood day Simone,
You can use the login scripts for mapping of drives of every server for their data hope this will give you some idea see below traditional batch file login scripts without using Group Policy see below instructions:
@echo off
net time
net use x: \\<server1>\<sharefolder1$>
net use y: \\<server2>\<sharefolder2$>
net use z: \\<server3>\<sharefolder3$>
Note: - save this as "user.bat", ex: "tom.bat", save at "SYSVOL\<domain_name>\scripts", and make a share folder by server.
- net time - synchronizes time from server to clients.
- use "$" or with no "$" at the end of folder share for the sharing so that it cannot see with others, not visible only the user assigned can see.
- <sharefolder$> - it can be "My Documents$".
- Sharing Permisson: only the specific user as a Full Control, remove everyone
- Security Permission: only the specific user, Administrator as a Full Control
- @ Active Directory Users and Computers, then go to specific user Properties, then go to Profile tab, then place at Login script - tom.bat
- @ the client it will mapped folder with the Drive X, Drive Y, and Drive Z with My Documents1$, My Documents2$, My Documents3$ see below:
My Documents1$ on 'server1' (X:)
My Documents2$ on 'server2' (Y:)
My Documents3$ on 'server3' (Y:)
- Make sure that there is no "MrxSmb", "3019" found error on Event Viewer on ADUC, Domain Controller server at Event Viewer under System.
- If you use the "$" do not disconnect at the clients once it is already mapped coz at next time they logon it cannot mapped because it is hidden.
- If accidentally disconnect the mapped folder or drive with "$". here is the way make a new share name without "$", then edit the batch file login script and remove also the "$", and good to go.
See my previous threads: http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/4a8a4f3e-948c-4f54-a9d3-eb41a1de0fc3
Hope this will give you an idea to mapped folder drive for every server on your organizations, and instead of mapping drive manually with every Client PC.
Thanks and Regards,
Cheers,- Proposed As Answer by Gavin Taylor _1 Wednesday, October 10, 2012 1:38 PM
- Unproposed As Answer by Gavin Taylor _1 Wednesday, October 10, 2012 1:38 PM
-
Sunday, March 21, 2010 3:14 AM
Hi Sven,
As per my inital post - he gets the same issue even when logging into other people's machines.
We dont have roaming profiles.
Thanks for the suggestions.
-
Sunday, March 21, 2010 3:16 AM
Hi Radical93,
I am aware how to write a VB or batch file script to map drives. I am replacing the many login scripts we have wth group policy preferences.
Please refer to my initial post for more info.
Thanks
-
Thursday, March 25, 2010 10:59 PM
Hi All,
Thanks for all your help. I'm not sure what happened but this is suddenly working.
-
Tuesday, October 19, 2010 5:05 PM
Hi Simone and everyone,
I know that this forum has been orphaned now for a while but I have encountering the same issue.
Simone I was wondering if you still came across this after it magically fixed itself? Or if you ever determined what the route cause was?
I will give information on what I am seeing and my network. This is for a health region, I am currently mapping users home, network drives and via windows scritp file (wsf) using AD. Everything was working fine until last week. All of a sudden a couple users were experiencing issues with the drives not coming across but the printers would still map. This is only effecting 40 users out of 5,000. As well only seems to be in one location. I have three main locations each with 2 dc's the effect areas location does however hold the PDC. The other two areas users are not effected.
Everything has been tested, we have a mixture of fat and thin clients. Removing the computer from the domain and readding it, running the netdom command from the dc to the computer this will fix the issue until the user logs off and back on and it resurfaces. Having users log onto multiple computers. Checked all MS Updates (nothing different across all DC's and computers). Running the script manually does not work, using a batch file does work. I still do not believe that it has anything to do with the script cause it was working great until last week and there has been no modifications done to it.
I would really appreciate any help anyone can give me on this.
Thank you,
Tim
-
Wednesday, April 04, 2012 2:29 AM
We've found a number of issues since implementing the GP for mapped drives. This is the resulting troubleshooting article that i created for the helpdesk:
-
Check that the user can manually browse to the folder from their computer
- Check to see if the user has a login script specified on the profile tab of their user object in AD
-
Check to see if the user has a Home Drive specified on the profile tab of their user object in AD
-
Check to make sure the RPC Service is running on the PC.
-
Make sure the user has the correct DNS settings.
User Has a Login Script Specified in Account Options
- Make sure there are no conflicting drives
User is at a Site That Has Group Policy To Map Drives
- Ensure the users has at LEAST Windows Xp Sp3, previous versions will not work
- Ensure the folders that the user is supposed to map to are accessible manually from the RUN command
- Install the latest service packs from windows update to ensure client side extensions are installed
- Check that there isn't a login script specified for the user
- Make sure the user is in the correct O/policy is being applied
- Remove any manually mapped drives form the users pc
- Reboot the P & test again.
-
-
Thursday, June 14, 2012 1:59 AM
Hi Tim
I am encountering the same issue for few weeks since I added a new user. Actually I am running terminal server 2008r2 at one of our remote site and all the clients are using wyse thin client device to logon to terminal server. Everyone (except this one user) can log in succcessfully and get access to required drives. The drives are mapped at logon through group policy.
This (problematic) user, when he logs in, I can see command prompt (under the user login, as I have paused the script at the end) that executes the network drives successfully, but he cannot see anything in his My Computer. Though he can see all his drives if he runs it manually. I have checked everything possible to rectify this problem, ie group membership, AD properties, no conficting scripts. He is exactly setup in the same way as other users are.
Have you found out any solution ?
Ken Patel
-
Tuesday, January 08, 2013 9:01 AM
Hi, everybody!
Maybe I can help someone. This is my case:
Yesterday I installed Windows 8 Pro and since then I couldn't see some of the drives, which should be mapped via group policy (it all worked before on Windows 7) . After some search I have noticed, that drives which worked were without 'Reconnect' option in group policy.
Clearing that option on non working mapped drives solved this issue.
Roman
-
Friday, February 01, 2013 9:08 PMRoman you are a lifesaver. I've been struggling with the same issue with new Windows 8 Pro machines for a couple days. Sure enough, I unchecked 'Reconnect' and the drives appeared!
.png)
