Gpo applied but no change 1

[aktaon]

Greetings to all:

We wanted to map a network drive on certain machines. We created an OU and moved the workstations to the new OU. We placed a script to map a network drive under C:\WINDOWS\SYSVOL\sysvol\ssknx.com\Policies\GUID\Machine\Scripts\Startup. On the group policy object editor, we selected computer configuration\windows settings\scripts\startup and point it to the script file. However, when we tried on the machines no drive was mapped. gpresult shows that it was applied but we do not see any drive mapped. Thank you in advance.

 

[Roadki11]

Change it to the User Configuration. Computer accounts dont have authority to map drives, its a user function.


RoadKi11

"This apparent fear reaction is typical, rather than try to solve technical problems technically, policy solutions are often chosen." - Fred Cohen

 

[aktaon]

Thank you for quick answer. The reason I didn't want user configuration is that users have some special project that they work on separate workstations and they need different mapping than their usual workstations. I din't want to create them separate user account for the special project. Thank you again.

 

[acl03]

The way to apply user policies to anyone who logs into a certain machine (or a machine in a certain OU) is with User Group Policy loopback processing mode

See here:

http://technet.microsoft.com/en-us/library/cc757470(WS.10).aspx

Thanks,
Andrew

Hard work often pays off over time, but procrastination pays off right now!

 

[acl03]

Loopback is normally used to secure or lock down a machine no matter who logs on, like a terminal server or public kiosk.

But you could use it to apply your logon script to anyone who logs in. Just set it up like a normal User policy, specifying a logon script.

Then navigate to:
Computer Settings\Administrative settings\System\Group Policy

You probably want to use "merge" mode, not "replace". This will apply the user's normal GPO, and merge the GPO that's on this special OU. "Replace" mode would disregard their normal GPO, and ONLY apply the special one.



Thanks,
Andrew

Hard work often pays off over time, but procrastination pays off right now!

 

[aktaon]

I have enabled loopback with merge option but that didn't do it. I may be missing something; I have placed the script at: C:\WINDOWS\SYSVOL\sysvol\domain.com\Policies\GUID\Machine\Scripts\Startup. I also tested it under user configuration but didn't work. Thank you.

 

[acl03]

This script should be located in \GUID\User\Scripts\Logon - remember this is a user policy, not a machine policy.

Thanks,
Andrew

Hard work often pays off over time, but procrastination pays off right now!

 

[aktaon]

You are right, it is a user policy and I did that but still not working. Thank you.

 

[acl03]

Did you simply create the login script and put it in the folder?

Did you also specify in the User section of the GPO for that script to run?

It could also be a problem with the script...are you certain it is not running?

Thanks,
Andrew

Hard work often pays off over time, but procrastination pays off right now!

 

[aktaon]

Yes I did, under user configuration\Windows settings\scripts\startup clicked add and browsed to the location of the script file and added it. Also I double-clicked the script and verified that the script is working. Thank you.

 

[acl03]

Are you sure you were in user config, not computer?

There is no "startup" script section in user config.

The proper path is:

User config\windows settings\scripts\logon



Thanks,
Andrew

Hard work often pays off over time, but procrastination pays off right now!

 

[aktaon]

My apologies, I was changing between user config and computer config and got startup from computer config. I did however, tried it under User config\windows settings\scripts\logon and still failed. May be I should build a lab and test with clean install of active directory. Thank you.

 

[acl03]

Run gpresult on a machine that is supposed to get it from a dos prompt - it should show you which GPO's are being applied.

Thanks,
Andrew

Hard work often pays off over time, but procrastination pays off right now!

 

[aktaon]

I did that and it shows that it was applied but I do not see any mapped drive. Thank you.

 

[acl03]

Can you post your logon script?

Can you try changing a different "user" setting in that GPO (something obvious like screensaver or wallpaper) and see if that gets applied?

Are you sure the users have permissions to read files in your script directory?

Thanks,
Andrew

Hard work often pays off over time, but procrastination pays off right now!

 

[aktaon]

Thank you for all your help. Yes users have permissioin to the script directory. They are power users group on the workstations. I have tried a few other policies like you suggested and none of them work. I have tried vbscript and batch.
Batch:

net use X: /DELETE
net use X: \\Computername\Share

VBScript:

Option Explicit
Dim objShell, objNetwork
Dim DriveLetter1, DriveLetter2, RemotePath1, RemotePath2
Dim AllDrives, AlreadyConnected, Network1, Network2, i

Set Network1 = CreateObject("WScript.Network")

DriveLetter1 = "X:"

RemotePath1 = "\\computername\Share"

Set objShell = CreateObject("WScript.Shell")
Set objNetwork = CreateObject("WScript.Network")
Set AllDrives = objNetwork.EnumNetworkDrives()

AlreadyConnected = False
For i = 0 To AllDrives.Count - 1 Step 2
If AllDrives.Item(i) = DriveLetter1 Then AlreadyConnected = True
Next

If AlreadyConnected = True then
objNetwork.RemoveNetworkDrive DriveLetter1
objShell.PopUp "Drive " & DriveLetter1 & " disconnected."

Else

objNetwork.MapNetworkDrive DriveLetter1, RemotePath1
objShell.PopUp "Drive " & DriveLetter1 & " connected successfully."

End if

Wscript.Quit

Thank you.

 

[acl03]

Did you enable both the User and Computer sections of the policy?

Thanks,
Andrew

Hard work often pays off over time, but procrastination pays off right now!

 

[aktaon]

First when I tested it I did, but later I disabled the computer policy. Thank you.

 

[acl03]

They both need to be enabled for loopback processing to work, but it sounds like you knew that...



Thanks,
Andrew

Hard work often pays off over time, but procrastination pays off right now!

 

[aktaon]

I was just testing everything possible but nothing seemed to be working for me. My problem may not have been fixed but I am really impressed with Tek-Tips forum. Some one continuously try to help me Wow!!! Thank you for all your help.