1

Attached is an image depicting the hierarchy of policy inheritance on an OU. The policy that wins out for mapped drives is DewyMeadows Mapped Drive(DMMD).The Policy Millington mapped drives(MMD) should override it given that it is applied after DMMD. MMD is also set to delete existing mapped drives and then create its own. I was wondering if anyone knows why this could occur. There is only GPO in the linked section and it does not effect mapped drives. I’m happy to provide additional screen shots and information if necessary.

Policy_Inheritance.jpg
Policy_Inheritance.jpg1024×576 58.9 KB
4 Spice ups
2

Edit: There is only one GPO in the linked section

3

You could try Enforcing the policy you would like to apply, but that is generally, in my opinion, not the best option.

Have you considered Security Filtering? Create a security group for the users that need each respective policy, then use Security Filtering on the GPO to assign it to a specific group. That way the policy only applies to the users you want it to.

Hope that helps.

1 Spice up
4

Its very hard to troubleshoot with enforced policies.
Is there a reason for that many?
Again security filtering is a better solution.

Also GPOs with a lower precedence number win.
Precedence application order starts from the largest and goes to the smallest.

1 Spice up
5

All five of the GPOs labeled mapped drives have the same security filters under the delegation tab.

6

You’ll likely find your answer one of these:

Again security filtering is a better solution.
Also GPOs with a lower precedence number win.
Precedence application order starts from the largest and goes to the smallest.

You may also have to look and see if any GPO has loopback processing enabled.

7

So if you have two policies.

Say A and B

Policy A is enforced.

If A and B have conflicting settings A’s settings will over-ride B’s settings

If Policy A and B are not enforced and A and B are linked to the Same OU, and they have conflicting settings. A has a precedence of 1 and B has a precedence of 2. A’s settings are applied.

You can change the Security Filtering so that the GPO’s are only applied to the people that need it. Remove authenticated users as that applies to everyone or use Item level targeting to achieve the same result.

8

loop back is not configured for my domain.

9

I think that in the future i will clean up my GPOs in the way that you are suggesting, but without being able to determine how they are being set by the DewyMeadow Mapped Drives policy, considering it is not enforced and is surround on either side by other GPOs that should rewrite it, that i cannot make drastic changes to the GPOs successfully.

10

I’ve also noticed that it says the winning group policy for a user at a remote location is the correct policy, but it is setting a mapped drive to a file server named bvbdc. This policy was changed over a month ago to create the mapped drive at a new file server named bv-home. i do not understand how this could occur.

11

Loopback is configured per-gpo.

Also pay attention to the Replace vs Update vs Create in GPP.

Replace will disconnect the drive and reconnect it. Create will connect to the drive and map it if nothing is there. Update will connect to the drive if nothing is there, but will leave it like it is currently mapped as long as the mapped drive matches the GPO Preferences.

1 Spice up
12

They are actually delete and creates with the deletions having the smaller order numbers i.e. drive A and B deletions are labeled 1 and 2 in order and drive A and B creations are labeled 3 and 4.

13

I’ve decided to delete all of the existing group policies and then make it from scratch because there is something in play within it that i cannot make sense of. It is an inherited system anyways so it will be nice to update it.

1 Spice up