Question

Locked

Group Policy Mapping Network Drive's Based on Group Membership

By TechKnowledgeComputers ·
OK here it goes.

I have my GPO with a logon script that i created. It works because when I login with my administrator account and run the script the drive gets mapped. BUT it does not map when loggin in. I have to actually navigate to the NETLOGON folder and run the script.
...
I have two users in the same group.
One user #1 has memberships in GG_IT_Management, Domain Admin, Enterprise Admin, and Domain User.
The other user # 2 just has membership in GG_IT_Management.

I am trying to map a drive for members in the GG_IT_Management.

When I login with user # 1, and run the script i get the drive.
When I login with user # 2, and run the script i get nothing.

Now seeing how it works for user # 1, WHY does it not work when he logs in.

The GPOs that i have inplace are ONLY;
Disable Fast Logon (which has the "allways wait for the network at computer startup and logon")
Drive Maps Policy (which has the "allways process across a slow network connection" & "process even if the Group Policy objects have not changed".
Network Drive Mapping (which has my Logon script for the drive mapping).

All of these GPOs are at the highest level in my OU structure, and when looking at Group Policy Management, i can see in the Group Policy Inheritance that ALL the above policy are inherited.

The script is;
===================================================
On Error Resume Next

Set objSysInfo = CreateObject("ADSystemInfo")
Set objNetwork = CreateObject("WScript.Network")

strUserPath = "LDAP://" & objSysInfo.UserName
Set objUser = GetObject (strUserPath)

For Each strGroup in objUser.MemberOf
strGroupPath = "LDAP://" & strGroup
Set objGroup = GetObject(strGroupPath)
strGroupName = objGroup.CN

Select Case strGroupName
Case "GG_IT_Management"
objNetwork.MapNetworkDrive "X:", "\\SRV01\Department"
End Select
Next
====================================================

Not to sure why it works for one user and not the other, and why it does not map the drive at user login?

**This is only the bare minimum that i want to do too..lol I would like to have a "Personal Drive" mapped also that logs the username and create a folder inside the "Personal Drive" that the individual users and save their documents in. And also have a quota.

THIS IS DRIVING me nuts.

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Try a different way

by gechurch In reply to Group Policy Mapping Netw ...

Some thoughts:

* It looks like your script is running for everyone, and only making the drive mapping if the user is a member of the GG_IT_Management group. Since you are using GPO a much cleaner way of doing this would be to only have that group policy apply to this group (you achieve this by deleting 'Authenticated Users' under Security Filtering, then clicking Add and choosing the GG_IT_Management group.

* Now that this only applies to the correct group, all your script needs to do is make the mapping. You can delete the middle parts of your script, or replace it with a batch script ("net use X: \\SRV01\Department").

* If you are using Server 2008 or above you can avoid the script altogether and use GPO to make the mapping. Use User Configuration\Preferences\Windows Settings\Drive Maps. You'll likely want to tick the box to 'Run in logged-on user's security context' (which is on the second tab).

You'll probably find the problem is fixed once you change to whichever of the above options suits your environment best. If not then the usual troubleshooting steps apply:
* Use gpresult to check that the GPO is applying, that the user is in the correct group etc
* Make sure the GPO is enforced (which shouldn't be the problem anyway)
* Add MsgBox statements or another form of logging to your script so you can check on state.


Regarding making a drive mapping for each user, you could:
* Have a script that does "net use H: \\SRV01\Users\%username%". The %username% will be replaced by the persons username. You can create the folder using "mkdir" (althought I'm not sure if this will work on a UNC path)
* As an alternative, you could open ADUC, and for each user go to the Profile tab, select the Connect option under 'Home Folder' and enter \\SRV01\Users\jsmith in the To field. This will create the folder and will give it the correct permissions when you click Apply. You can make this change for all users at once by selecting them all, ticking this box to turn this option on and entering \\SRV01\Users\%username% in the To box. Once you click OK, if you open up one of the users and you will see this path has changed to \\SRV01\Users\jsmith (or whatever).

For quotas, see http://www.techrepublic.com/blog/datacenter/apply-quotas-with-individual-file-shares-with-windows-server-2003-r2/224 or http://www.petri.co.il/managing-windows-server-2008-disk-quotas.htm

Back to Hardware Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums