none
Drive mapping GPO does not apply

    Question

  • Hi all,

    As the title suggests, I have a GPO which defines 4 mapped drives that does not apply (it's not listed in RSOP and the mapped drives do not show up).

    How can I go about troubleshooting why this GPO is suddenly failing to apply? It was working just fine two weeks ago.

    Thanks in advance.

    Tuesday, July 12, 2016 11:05 PM

Answers

  • Hi Albert,

    Thanks for your post.

    How can I go about troubleshooting why this GPO is suddenly failing to apply? It was working just fine two weeks ago.

    >>>The group policy fail to applied suddenly?

    Did you install updates with MS16-072?

    There are known issues about MS16-072 which is group policy fail to apply to domain computers/users.

    Here is the article below about MS16-072 for your reference.

    MS16-072: Description of the security update for Group Policy: June 14, 2016

    https://support.microsoft.com/en-us/kb/3159398

    And you could run PowerShell script to check the problem.

    MS16-072 – Known Issue – Use PowerShell to Check GPOs

    https://blogs.technet.microsoft.com/poshchap/2016/06/16/ms16-072-known-issue-use-powershell-to-check-gpos/

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by matteu31400 Wednesday, July 13, 2016 5:59 AM
    • Marked as answer by Albert Rodgers Friday, July 15, 2016 4:18 PM
    Wednesday, July 13, 2016 5:19 AM
    Moderator

All replies

  • How is the GPO set up? That is, is it User or Computer Configuration? Mine is User Configuration\Preferences\Windows Settings\Drive Maps and use Replace. And remember to link it to the users OU and not computers OU.


    Ebor

    Wednesday, July 13, 2016 1:55 AM
  • Hi Albert,

    Thanks for your post.

    How can I go about troubleshooting why this GPO is suddenly failing to apply? It was working just fine two weeks ago.

    >>>The group policy fail to applied suddenly?

    Did you install updates with MS16-072?

    There are known issues about MS16-072 which is group policy fail to apply to domain computers/users.

    Here is the article below about MS16-072 for your reference.

    MS16-072: Description of the security update for Group Policy: June 14, 2016

    https://support.microsoft.com/en-us/kb/3159398

    And you could run PowerShell script to check the problem.

    MS16-072 – Known Issue – Use PowerShell to Check GPOs

    https://blogs.technet.microsoft.com/poshchap/2016/06/16/ms16-072-known-issue-use-powershell-to-check-gpos/

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by matteu31400 Wednesday, July 13, 2016 5:59 AM
    • Marked as answer by Albert Rodgers Friday, July 15, 2016 4:18 PM
    Wednesday, July 13, 2016 5:19 AM
    Moderator
  • I'm currently testing the fixes outlined in KB 3159398and I'll let you know if they work.

    The one spanner in the works here is that this drive mapping policy only applies to a segment of the users so I can't just give Domain Computers read rights and be done with it, I need to manually exclude a number of other computers. I would really prefer for this to be done at a user level instead of per-computer, though.

    Wednesday, July 13, 2016 8:32 PM
  • I'm currently testing the fixes outlined in KB 3159398and I'll let you know if they work.

    The one spanner in the works here is that this drive mapping policy only applies to a segment of the users so I can't just give Domain Computers read rights and be done with it, I need to manually exclude a number of other computers. I would really prefer for this to be done at a user level instead of per-computer, though.

    I think you misunderstand the nature of the change in KB3159398. These changes don't mean that filtering/exclusion is no longer possible...

    Granting GP-Read permissions, doesn't mean GP applies, you have to grant GP-Apply for the GP to apply.....


    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Wednesday, July 13, 2016 8:50 PM