locked
Issue with GPO to Map NFS Drives RRS feed

  • Question

  • I'm working on a 2012 R2 cluster and attempting to create a GPO that maps a pair of NFS drives to all users within an OU at logon. Its a simple script:
    @echo off
    net use K: /delete
    net use N: /delete
    net use K: \\server\path\to\share1
    net use N: \\server\path\to\share2

    which is located within the NETLOGON path. The GPO is properly applying as confirmed with gpresults but the drives are simply not mounting on logon. I've tried the scripts as both .bat and .cmd files and while I can manually double click the script to verify it functions properly on the domain controller, i still cant get it to fire off on any of the target (user) nodes at logon. I've disabled UAC on the nodes and have even enabled the GPO to wait for the network at startup and logon thinking it might be a timing issue. On any of the target nodes (user nodes) I can log on as a non admin user and access the script through \\domaincontroller\c$\Windows\SYSVOL\sysvol\domain\Policies\...\User\Scripts\Logon\script.bat and the drives will mount right up but for the life of me I cant get the script to fire off at logon. There shouldn't be any other GPOs to prevent these scripts from running (as far as I know). The Scope of the GPO is applied to "Authenticated Users" which to my understanding means all users and computers within Active Directory. I've verified replication between the two domain controllers and have forced gpupdate on both ends.

    I'm hoping this a relatively low hanging fruit and that I'm missing something rather obvious but I'm coming up short. Any help would be greatly appreciated.

    Friday, November 3, 2017 6:11 PM

Answers

  • Thanks for all the help, Bill. I discovered that after waiting 5 minutes, the logon script will kick in. This has to do with a default GPO introduced in Windows 8.1 and up which is defined in Computer Configuration > Policies > Admin Templates > System > Group Policy > Configure Logon Script Delay. I've changed from the 5 minute default to 1 minute and this works just fine.
    • Marked as answer by bighands55 Sunday, November 5, 2017 9:16 PM
    Sunday, November 5, 2017 9:16 PM

All replies

  • There are GPO settings for mapping drives. These are to be preferred over a script.

    -- Bill Stewart [Bill_Stewart]

    Friday, November 3, 2017 6:15 PM
  • Thanks for the reply, Bill. I just tried this method as well and still no dice. As with the other method, gpresult is saying that the policy is applied and I see the message "Applying Group Policy Drive Map Policy" when I log in before I reach my desktop so I'm not sure whats going on. I wouldn't think that these being Linux NFS shares should be an issue with this method, would it? Also everything is being done over RDP. Could that cause any issues?

    Thanks!

    As a follow up, I see in event viewer that the gpo did not apply because the network connection does not exist. I'm assuming that this has to do with it being a linux nfs share and not a native domain windows server.
    • Edited by bighands55 Friday, November 3, 2017 7:39 PM update
    Friday, November 3, 2017 7:30 PM
  • I think your assumption (remote server type) is almost certainly wrong, because you said the net use commands work (just not when logging on). Are you needing to establish some kind of connectivity (authentication? VPN? etc.) before you can map the drives? If that's the case you will need to do something other than run a logon script.

    -- Bill Stewart [Bill_Stewart]

    Friday, November 3, 2017 8:22 PM
  • No additional connection is needed. A user could theoretically open a command prompt after logging in and run the net use or mount (NFS Client role is installed - i tried that within the script as well to no avail) command themselves to connect to the nfs share. We'd like to avoid them having to do this and have the shares mounted at logon, automatically. 
    • Edited by bighands55 Friday, November 3, 2017 8:32 PM
    Friday, November 3, 2017 8:32 PM
  • GPO configuration. During logon the network is not necessarily available.  Post in  GP forum to find out how to set the GP to apply after the network is completely available.

    There are also NFS configuration settings that may affect this.

    Also try mapping a Windows share in the same file.  If it also fails then you may be missing a patch.


    \_(ツ)_/

    Friday, November 3, 2017 8:37 PM
  • Drive mapping in GPOs works fine, all else being equal.

    Since we don't have a way to reproduce your exact environment to troubleshoot this, the only answer we can give is to provide the general guidance of how things are usually done. The troubleshooting part, of necessity, is up to you.


    -- Bill Stewart [Bill_Stewart]

    Sunday, November 5, 2017 4:55 PM
  • Thanks for all the help, Bill. I discovered that after waiting 5 minutes, the logon script will kick in. This has to do with a default GPO introduced in Windows 8.1 and up which is defined in Computer Configuration > Policies > Admin Templates > System > Group Policy > Configure Logon Script Delay. I've changed from the 5 minute default to 1 minute and this works just fine.
    • Marked as answer by bighands55 Sunday, November 5, 2017 9:16 PM
    Sunday, November 5, 2017 9:16 PM