Advertisement
Hello, looking for some advice…<\/p>\n
I’ve recently started in fairly basic AD environment and looking to start using groups for mapping drives.
\nMost of the GPOs that were previously created do not use groups, they are applied to Authenticated Users and have no issues whatsoever. I’ve even created some new drive mappings and applied to auth users and yep, all good…<\/p>\n
The problem I’m having is with specifing a group to map a drive. I’ve added the group into security filtering, checked delegation and added Authenticated users to read only and also checked the group that I specified in delegation and yep, has read and apply gpo checked.<\/p>\n
After trying multiple different things, I CAN get it to map however I have to run gpupdate /force as admin. This makes me think it’s related to permissions somehow. If I run gpupdate as the standard user, it will not work. Get the security filtering denied under gpresult.<\/p>\n
Anyone had something similar, or can share any tips? Not sure what to try next.<\/p>","upvoteCount":1,"answerCount":3,"datePublished":"2024-11-14T14:51:20.685Z","author":{"@type":"Person","name":"fraser345","url":"https://community.spiceworks.com/u/fraser345"},"suggestedAnswer":[{"@type":"Answer","text":"
Hello, looking for some advice…<\/p>\n
I’ve recently started in fairly basic AD environment and looking to start using groups for mapping drives.
\nMost of the GPOs that were previously created do not use groups, they are applied to Authenticated Users and have no issues whatsoever. I’ve even created some new drive mappings and applied to auth users and yep, all good…<\/p>\n
The problem I’m having is with specifing a group to map a drive. I’ve added the group into security filtering, checked delegation and added Authenticated users to read only and also checked the group that I specified in delegation and yep, has read and apply gpo checked.<\/p>\n
After trying multiple different things, I CAN get it to map however I have to run gpupdate /force as admin. This makes me think it’s related to permissions somehow. If I run gpupdate as the standard user, it will not work. Get the security filtering denied under gpresult.<\/p>\n
Anyone had something similar, or can share any tips? Not sure what to try next.<\/p>","upvoteCount":1,"datePublished":"2024-11-14T14:51:20.795Z","url":"https://community.spiceworks.com/t/gpo-not-applying-to-users-in-specified-group/1142112/1","author":{"@type":"Person","name":"fraser345","url":"https://community.spiceworks.com/u/fraser345"}},{"@type":"Answer","text":"
well first use item level targeting for the drive mapping. So this means the GPO itself can apply to all users but the setting is targeted to a security group. If you use the ‘remove when no longer applied’ option also it will unmap if a user is removed from the group.<\/p>\n
However specific to your current error I also suspect permisions.
\nDid you reboot and logon to test?
\nrunning gpupdate as admin makes no sense as that will use as the admin user not the user in the security group. unless the admin is part of that group.<\/p>\n
Use the group policy modeller to see what it says (specify the computer and user). Also use gpresult to determine if it thinks it applied the GPO.<\/p>","upvoteCount":1,"datePublished":"2024-11-14T20:33:41.327Z","url":"https://community.spiceworks.com/t/gpo-not-applying-to-users-in-specified-group/1142112/2","author":{"@type":"Person","name":"matt7863","url":"https://community.spiceworks.com/u/matt7863"}},{"@type":"Answer","text":"
Depending upon how old the AD/GP environment is, there was a shake-up a while back that upended how basic permissions were required for GPOs to apply correctly.<\/p>\n
Here’s a link<\/a> that may explain what’s happening to you and how to resolve it. (specifically; this part<\/a>)<\/p>","upvoteCount":0,"datePublished":"2024-11-14T20:51:19.216Z","url":"https://community.spiceworks.com/t/gpo-not-applying-to-users-in-specified-group/1142112/3","author":{"@type":"Person","name":"it-monkey-mike","url":"https://community.spiceworks.com/u/it-monkey-mike"}}]}}