Mapping Network Drive using Group Policy

jacopinebenhard · 2017-03-30T07:42:13.000Z

Hai IT Gurus out there

I have a problem with Mapping Netwok Drives using Group Policy

I had done it both with Logon Script and Using Preferences by linking Group Policy to an OU but same result.

When you do gpresult /r :It shows that group policy was applied but nothing is showing.

Anybody with an idea that can help me

I am using server 2008 R2 as my DC

Things were working fine last year according to the old System admin because he created some GPO with no problem but cant pick up what went wrong

scottbrindley · 2017-03-30T08:23:42.000Z

Have you rebooted the machine twice or run a gpudapdate /force twice ? You need to do this to bring down the GP

seanmdit · 2017-03-30T09:52:53.000Z

Have you looked in the event logs to see why the GPO processing might have failed?

jacopinebenhard · 2017-03-30T10:09:43.000Z

I have restarted the PC more than twice already but nothing.And this really become cumbersome for a bigger Department because i cannot restart each and everyone PC

bcrooms · 2017-03-30T10:16:19.000Z

Make sure the user has necessary permissions to the folder you are trying to map.

Also, double check your settings within the GPO.

I map drives with GP all the time and dont have many issues except for when users dont have necessary folder/share permission.

jacopinebenhard · 2017-03-30T10:18:52.000Z

I have checked event log and it shows event 1503,Group Policy was successfully processed.But my concern is ,why is the policy shows that its applied but nothing is showing.What could be the problem

bcrooms · 2017-03-30T10:21:16.000Z

Remove the computer from the domain, delete any record of it within Active Directory.

Re-add the computer to the domain, add it to your appropriate OU.

See if that resolves any issues?

I’ve seen this resolve several problems with Group Policy and other AD features.

mikewigle · 2017-03-30T10:23:10.000Z

This may sound goofy, but I had trouble with a 2008 domain mapping drives correctly and found that if I put the group policy for the drive mapping right into the default domain policy and then in the policy itself used item level targeting I could get it to work. But for whatever reason, applying a user GPO with just the drive mapping to a user OU was inconsistent at best. I don’t know if that will work for you but you might try it…

mhunt · 2017-03-30T10:27:57.000Z

brandontcrooms:

Remove the computer from the domain, delete any record of it within Active Directory.

Re-add the computer to the domain, add it to your appropriate OU.

See if that resolves any issues?

I’ve seen this resolve several problems with Group Policy and other AD features.

Removing a computer from the domain and re-adding it to fix issues is not really recommended, it creates a second SSID for the same machine.

While it may (or may not) resolve this issue, other solutions should be pursued first. To Share drives, the user must be added to both the NTFS (file) permissions and the Share permissions, either directly or via group membership.

Have you chosen a Drive letter that is already in use by something else? A USB key might be stealing the Drive assignment for example.

Perhaps looking at another working GPO thats doing the same thing might be a good idea.

jacopinebenhard · 2017-03-30T10:37:32.000Z

With regard to permission on the shared folder.I had actually removed all user and only left one user for testing purpose.I had added this user under permission on the shared folder as well as under security tab.

davidr4 · 2017-03-30T11:20:16.000Z

user766773:

With regard to permission on the shared folder.I had actually removed all user and only left one user for testing purpose.I had added this user under permission on the shared folder as well as under security tab.

If you did that, you need to check the box to run the policy in the users security context. You took permissions away from the system

Side Note: Leave Sharing permissions as Authenticated Users.

jacopinebenhard · 2017-03-30T13:06:11.000Z

I have been using authenticated users for permission and it didnt work.I then decided to remove authenticated users and put the domain username itself and it worked.

I created another Group Policy for a department :GPO linked to an OU

On GPO scope I left default authenticated users with read(from security filtering)

On the Share folder permission ,I used a security group(where all users in the OU are members) instead of authenticated users

Under the Security Tab,I as well only added the security group.

And after gpupdate,The drive was mapped.

charlieparker7743 · 2017-03-31T01:01:16.000Z

user766773:

I have been using authenticated users for permission and it didnt work.I then decided to remove authenticated users and put the domain username itself and it worked.

I created another Group Policy for a department :GPO linked to an OU

On GPO scope I left default authenticated users with read(from security filtering)

On the Share folder permission ,I used a security group(where all users in the OU are members) instead of authenticated users

Under the Security Tab,I as well only added the security group.

And after gpupdate,The drive was mapped.

To any others that are experiencing issues with Group Polices not getting applied, it could be due to the MS16-072 \ KB3163622 June 2016 Security Patch Microsoft released last June (Win 2k8R2+). After this patch, all GPOs require computer objects to have “Read” access/delegation to the GPO object if they are to be applied/read. So in short, when creating a new GPO, be sure that you at least add a computer object or security group (such as “Domain Computers”) to the delegation/security tab to be sure the computer can read from the GPO while it’s applied. Even if it’s a strictly user-based policy, this still needs to happen. Generally when I create a new policy, I will remove Authenticated Users from the scope but add the users/groups that I want. Then in the delegation tab I will add Authenticated Users back with read access. So far this has worked without a hitch.