none
GPO login behaves oddly with Windows 7

    Question

  • this one is very weird but it could be definitely something i'm coding wrong. simple login script:


    1. remove all mapped drives
    2. sleep for 1 second to allow new network mapping
    3. add new mapped drive M:

    very simple login script. when i run it manually on Windows XP or Windows 7 (logged in with user account and current mapped drives) it works exactly as expected. when used with GPO as a "User Configuration" -> Script -> Logon, and "Security Filtering" set with "Authenticated Users" it only works on Windows XP. meaning it does steps 1, 2, and 3 exactly as expected.

    when testing the same GPO, logging in with a Windows 7 with the same username just tested on the XP machine, it runs the logon script but doesn't remove any of the mapped drives. i know it ran the script because i put different msgbox outputs so i know the GPO pushed the script down. here's the code, and "on error resume next" is commented out to check for errors but there are no errors

    --- start code ---

    'On Error Resume Next
    wscript.sleep(60000)  'thought the login script was running too early but i even changed it to 5mins and i'm still getting false info from colDrives as login script, and only on Windows 7 operating system
    
    const FileSrv = "\\server1" 'File SRV
    Set objNetwork = CreateObject("Wscript.Network")
    Set colDrives = objNetwork.EnumNetworkDrives()
    
    msgbox (colDrives.Count)  'used for debugging.  when ran as a GPO login for Windows 7 it didn't find any mapped drives on my client desktops and there's currently 4 mapped drives but the msgbox output is 0.  when i don't run this as a logon script and run in on the same desktop manually the colDrives.Count output is 4 on the same desktop, very odd.
    
     For i = 0 to colDrives.Count-1 Step 2
         objNetwork.RemoveNetworkDrive colDrives.Item(i), True, True  'delete each network drive, and force disconnect
     Next
    
    wscript.sleep(1000) 'allow time for mapping of new drive
    
    objNetwork.MapNetworkDrive "M:", FileSrv & "\Networkshares", true  'map just one drive for testing
    msgbox ("done")  'notify it was completed.  this way i know the GPO pushed the script down.

    what i can figure out is that the code works when executed on the desktop for both XP and win 7. but when used as a login script for Windows 7 the colDrives.Count will equal 0, giving a false result. but when i run this script on the same desktop manually after logging in the colDrives.Count will equal 4 giving the correct result.

    i also thought to myself maybe the login script is executing much to fast and too early. i put a wscript.sleep(60000) 1 minute and then execute, the colDrives.Count still equal 0 (false result).

    so in conclusion it looks as though when ran as a login script, Windows 7 doesn't read or process the objNetwork.EnunNetworkDrives() correctly. Has anyone experience the same issue with Windows 7? that the vbs will work when executed locally on desktop but when used as a logon script it doesn't behave as expected. i'm trying to figure out a way around it. and yes we do have to remove all the mapped drives because the drive letters and paths change regularly, hence the disconnecting of all mapped drives. thanks in advance!


    Thursday, June 07, 2012 4:34 PM

Answers

  • Hi,

    Typically, problems with network drive mappings and logon scripts happen when both:

    1. UAC is enabled, and
    2. User logging on is a member of the computer's local Administrators group

    If this is the case, try setting the EnableLinkedConnections registry value.

    Bill

    Thursday, June 07, 2012 2:55 PM

All replies

  • 
    
    
    
    
    
    
    
    
    
    

    i'm sorry if this question doesn't belong here but this was the closest forum i could find to post my question on.  this one is very weird but it could be definitely something i'm coding wrong. simple login script:

    1. remove all mapped drives
    2. sleep for 1 second to allow new network mapping
    3. add new mapped drive M:

    very simple login script. when i run it manually on Windows XP or Windows 7 (logged in with user account and current mapped drives) it works exactly as expected. when used with GPO as a "User Configuration" -> Script -> Logon, and "Security Filtering" set with "Authenticated Users" it only works on Windows XP. meaning it does steps 1, 2, and 3 exactly as expected.

    when testing the same GPO, logging in with a Windows 7 with the same username just tested on the XP machine, it runs the logon script but doesn't remove any of the mapped drives. i know it ran the script because i put different msgbox outputs so i know the GPO pushed the script down. here's the code, and "on error resume next" is commented out to check for errors but there are no errors

    --- start code ---

    'On Error Resume Next
    
    
    
    wscript.sleep(60000)  'thought the login script was running too early but i even changed it to 5mins and i'm still getting false info from colDrives as login script, and only on Windows 7 operating system
    
    
     const FileSrv = "\\server1" 'File SRV
     Set objNetwork = CreateObject("Wscript.Network")
     Set colDrives = objNetwork.EnumNetworkDrives()
    
     
    
     msgbox (colDrives.Count)  'used for debugging.  when ran as a GPO login for Windows 7 it didn't find any mapped drives on my client desktops and there's currently 4 mapped drives but the msgbox output is 0.  when i don't run this as a logon script and run in on the same desktop manually the colDrives.Count output is 4 on the same desktop, very odd.
    
     
    
     For i = 0 to colDrives.Count-1 Step 2
         objNetwork.RemoveNetworkDrive colDrives.Item(i), True, True  'delete each network drive, and force disconnect
     Next
    
    
    
     wscript.sleep(1000) 'allow time for mapping of new drive
    
    
     objNetwork.MapNetworkDrive "M:", FileSrv & "\Networkshares", true  'map just one drive for testing
     
     msgbox ("done")  'notify it was completed.  this way i know the GPO pushed the script down.

    what i can figure out is that the code works when executed on the desktop for both XP and win 7. but when used as a login script for Windows 7 the colDrives.Count will equal 0, giving a false result. but when i run this script on the same desktop manually after logging in the colDrives.Count will equal 4 giving the correct result.

    i also thought to myself maybe the login script is executing much to fast and too early. i put a wscript.sleep(60000) 1 minute and then execute, the colDrives.Count still equal 0 (false result).

    so in conclusion it looks as though when ran as a login script, Windows 7 doesn't read or process the objNetwork.EnunNetworkDrives() correctly. Has anyone experience the same issue with Windows 7? i'm trying to figure out a way around it. and yes we do have to remove all the mapped drives because the drive letters and paths change regularly, hence the disconnecting of all mapped drives. thanks in advance!

    Thursday, June 07, 2012 1:25 AM
  • This is a forum for VB in Visual Studio Net, try the Scripting Guys Forum

    http://social.technet.microsoft.com/Forums/en/ITCG/threads


    Success
    Cor

    Thursday, June 07, 2012 5:21 AM
  • Hi,

    Typically, problems with network drive mappings and logon scripts happen when both:

    1. UAC is enabled, and
    2. User logging on is a member of the computer's local Administrators group

    If this is the case, try setting the EnableLinkedConnections registry value.

    Bill

    Thursday, June 07, 2012 2:55 PM
  • Try putting a 5 second delay at the start of the logon script. (Start-Sleep 5).  I have found this helps. 

    Grant Ward, a.k.a. Bigteddy

    Thursday, June 07, 2012 4:49 PM
  • hi bigteddy,

    yeah i thought it was because the login script ran faster than the OS can startup with the user profile but that wasn't the case because i tried setting it to 2mins and still not seeing any mapped drives. very odd problem

    Thursday, June 07, 2012 11:27 PM
  • Hi,

    Typically, problems with network drive mappings and logon scripts happen when both:

    1. UAC is enabled, and
    2. User logging on is a member of the computer's local Administrators group

    If this is the case, try setting the EnableLinkedConnections registry value.

    Bill

    Friday, June 08, 2012 3:10 PM
  • SP1 of WIndows 7 fixed the UAC issues.  I have never seen this happen an any WIndows 7 SP1 system.  Be sure SP1 is installed and all pathches have been added.

    I am not sure if re applying SP1 will fix this but it might be worth a try.

    Bill - the KB article pre-dates SP1 and is true for Vista and early Win7.

    There are companies who have not updated tehir stock image to include SP1.  Ther ewere some issues with it initially but all should be fixed by now.

    I am also pretty sure that when we use GPP to map drives and pronters that this does not happen on any version of Vista or Windows 7. Of course in WS2003 domains you will need to install RSAT to use GPP.  I very much recommend doing this.


    ¯\_(ツ)_/¯



    • Edited by jrv Friday, June 08, 2012 4:25 PM
    Friday, June 08, 2012 4:22 PM
  • Hi jv,

    Your information is not correct, in my experience. I have had Windows 7 SP1 on several machines, and in all cases drive mapping from logon script did not work correctly:

    1. When UAC enabled
    2. When user logging on is member of Administrators

    EnableLinkedConnections is required in my experience even with Windows 7 SP1.

    HTH,

    Bill

    Friday, June 08, 2012 4:53 PM
  • I have SP1 on many machines bu all on WS2003 with ESAT.  I have not had any issues.

    Is it possible that there is an using with Group Policy or some other thing we are missing.  The difference is odd and may indicate that ther eis some other piece of information here.


    ¯\_(ツ)_/¯

    Friday, June 08, 2012 5:01 PM
  • This has happened to me in two different organizations using Windows Server 2008 R2 servers. One domain has Windows Server 2008 R2 functional level, the other has Windows Server 2003 functional level.

    Logon script set in user property or via GPO. When logging on to a Windows 7 SP1 machine as a member of Administrators with UAC enabled, the drives mapped from a logon script don't appear unless I enable EnableLinkedConnections.

    Bill

    Friday, June 08, 2012 5:07 PM
  • Bill - I jsut went back an checked to be sure.  I unmapped all drives then loged in again.  The drives map back with no issues.  The POlicy on teh admin has only one entry and NO other policies are propagated.  I do this withj the administrator accounts becuse policy can screw up some installs so I like to keep the policy to a minimum.  It also protects the admin account from mistakes in policy.  I have been doing this for years so I know exactly what the policy engine and login scripts are doing during an admin login.

    I also checked the registry key to be sure I didn't set it in my sleep.  There are no System polises set at all. In fact the 'System' key does not even exist.

    So it is still a mystery.  Something between your systems and mine has to be different; but what?


    ¯\_(ツ)_/¯

    Friday, June 08, 2012 6:59 PM
  • 

    Hi Bill,

    I know this isn't the place to ask VBS questions but I wanted to inform others that may run into the same issues

    Thanks to JRV for helping as well.  My desktops are Windows 7 and SP1 with all critial/security patches but still experiencing this odd behavior. 

    Bill, the EnableLinkedConnections did the trick.  I changed my login script to this:

    1.  Check OS.  If XP run normal script.  If Win7 run additional add regKey

    2.  Remove drives

    3.  Delete regKey from step1

    Here's the code:

    Call CheckOS()
    
    '----- Check OS ----- 
    Sub CheckOS() 
     Set objWMIService = GetObject("winmgmts:"  & "{impersonationLevel=impersonate}!\\" & _ 
                         strComputer & "\root\cimv2") 
     Set colOS = objWMIService.ExecQuery("SELECT * FROM Win32_OperatingSystem") 
     For Each objOS In colOS 
         strOS = Lcase(objOS.Caption) 
         Select Case True 
                Case InStr(strOS, "windows xp")>0 
                     Call RemoveDrivesMapDrives()
                Case InStr(strOS, "windows 7")>0
                     Call Win7UacCreateRegKey()     
                Case Else 
                     'do something final 
         End Select        
     Next 
    End Sub 
    '----- Check OS ----- 
    
    '----- Write Reg keys -----
    Sub Win7UacCreateRegKey   'must enable this regkey for the removing of mapped drives to work 
    
    const HKEY_LOCAL_MACHINE = &H80000002
    
    Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ 
        strComputer & "\root\default:StdRegProv")
    
    strKeyPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"  'create path
    strValueName = "EnableLinkedConnections"  'key value name
    dwValue = 1  'var = value
    oReg.SetDWORDValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName, dwValue   'set value, enable removal of win7 network drive from login script
    
    Call RemoveDrivesMapDrives()
    
    oReg.DeleteValue HKEY_LOCAL_MACHINE, strKeyPath, strValueName  'remove regKey once your drive has been removed. enable this line then have user restart computer
    End Sub
    '----- Write Reg keys -----
    
    '----- Remove network drives -----
    Sub RemoveDrivesMapDrives()
    const FileSrv = "\\server1" 'File SRV
    Set objNetwork = CreateObject("Wscript.Network")
    Set colDrives = objNetwork.EnumNetworkDrives() 
    
    For i = 0 to colDrives.Count-1 Step 2
      objNetwork.RemoveNetworkDrive colDrives.Item(i), True, True  'delete each network drive, and force disconnect
    Next
    
    objNetwork.MapNetworkDrive "M:", FileSrv & "\Networkshares", true  'map just one drive for testing
    End Sub

    It's working for most computer but still have a couple of desktops that it's not working for.  I notice if I don't delete the regKey it'll remove all network drives for sure. So I'm leaving the regKey there when we make network drive changes. Then after the change I'll uncomment the delete regKey so the next time the user re-logins it'll delete the regKey. Bottom line is have the regkey enabled before the login script and it'll remove your network drives successfully each time. thanks for all the support!
    Friday, June 08, 2012 9:40 PM
  • I know this isn't the place to ask VBS questions but I wanted to inform others that may run into the same issues

    Actually, this is exactly the place to ask VBS (VBScript) questions.

    Bill

    Friday, June 08, 2012 9:44 PM
  • just for clarification.  we have Win 2008 R2 native (no other DC lower than 08 R2). our desktop has win7 sp1 all patches (should only be 1 month behind because WSUS set to update end of each month). all our users are administrators of they're own desktop

    when mapping network drives i have no problem with login script.  but when i try to disconnect drives with login script i had to use the registry trick EnabledLinkConnections.  only when attempting to disconnect drives. 

    Monday, June 11, 2012 7:38 PM
  • If you use the preferred method of doing this you will not have this problem.  Just use Group Policy Preferences to map, remap and unmap drives.  The policy engine knows how do of this correctly on all versions of Windows.


    ¯\_(ツ)_/¯

    Monday, June 11, 2012 9:24 PM
  • Actually I would very much prefer to be able to use GPO prefs, however they have their own issues.

    What if for example I want to map a drive to a website that doesn't support NT authentication where the user needs to enter their website password.

    Achievable with scripting but not so with GPO Prefs - unless you can enlighten me that is :-)

    TonyM

    Thursday, December 12, 2013 4:47 AM
  • This is an answered question.  It is over a year old and has nothing to do with you question.

    Please start a new question if you need helpwith a script.  For Group Policy issues please post in the GP forum.


    ¯\_(ツ)_/¯

    Thursday, December 12, 2013 4:52 AM