How do I configure roaming profiles to not apply to Domain Admins?

Similar Messages

• Roaming Profile are not stored completely

  Hello NG
  In our environment we work with NWClient 2 SP1 IR9, ZCM11 SP1a and Roaming
  profile is activated by a ZCM policy.
  Now we have the problem, that when a user logout from the workstation, the
  roaming profile is not stored completely to the home profile. Strange is,
  that the ntuser.dat has an updated times
  The homedirectory where the roaming profiles should be stored is a NSS
  volume.
  On the workstation evenviewer i saw following interesting information.
  Event ID 1509
  Source \\?\C:\Users\MichelB\Favorites\Links
  Target \\?\UNC\SERVER2$NOCSC$\HOMEL\USERS/MichelB\Windows NT 6.1 Workstation
  Profile.V2\Favorites\Links
  Error The system can not found the path
  Source \\?\C:\Users\MichelB\Favorites
  Target \\?\UNC\SERVER2$NOCSC$\HOMEL\USERS/MichelB\Windows NT 6.1 Workstation
  Profile.V2\Favorites
  Error The system can not found the path
  etc. this happens for all folders in the profile path.
  Then event ID 1534 is diplayed that says there was too many copy errors.....
  And at last the Event ID 1504 that says that the roaming profile couldn't be
  updated completely
  I suppose that here the Novell Client has problems to write to the NSS
  volume
  Somebody can help me to solve this issue?

  Originally Posted by breezer
  -keeping the thread alive-
  We have been doing extensive testing here and have found (win7) that the local user & profile created by zcm is not properly removed after a user logs out.
  We have found up to 40 student user accounts in the LRC machines when doing a net user and the equivalent c:\user\<username>, there are also <username>-<machinename>.001/2/3 directories as well.
  I use volatile accounts, [setting] using existing account or not doesn't make any difference.
  I can demonstrate that clearing down local profiles (net user <username> /delete and rd c:\users\<username>) allows the user to log in again without any issues, but usually they can do this only once or twice before the profile blows out.
  Our students are very mobile and a typical day will be 9.00-10.00 lessons, 10.00-10.30 LRC, 10.30-12.30 lessons (different class room) ........
  This was identified in September when the students returned from break and we have had the issues for nearly 4 months.
  Our machines are built via zen imaging, the client and agent are then installed with the appropriate enabling software for the machine (zoomtext/jaws/dragon/read&write).
  Can anybody give me any pointers on this as my tech support and novell (via a SR) have not yet been able to pin point the problem and provide a fix.
  Breezer
  Try Knowlegebase 7940698, that might lead you the right way?

• 2012 R2 RDS - Your roaming profile was not completely synchronized - Event ID 1509 1504 - After installing Update 1

  In my deployment I have 2 brokers, and 3 session hosts. I finally installed Update 1 and all following updates available (the ones that were available about two weeks before). Also updated Forefront to v4.3 (SCCM managed).
  I have roaming TS profiles enabled with folder redirection and also policy set to "delete local copy of roaming profiles" after logout. Profile folders are on a network share (Server 2003). Things were working ok until Update 1 and rest of updates
  got installed.
  I started getting events 1509 and 1504 when users logoff and the screen displays "Your roaming profile was not completely synchronized" message briefly. The only file affected so far is ntuser.pol.
  There are two variations of the event, one claiming it cannot write the local server copy to fileshare, and the opposite, from file share to c:\users\username.
  ====
  Windows cannot copy file \\server\profileshare\username.V2\ntuser.pol to location C:\Users\username\ntuser.pol. This error may be caused by network problems or insufficient security rights. 
   DETAIL - Access is denied.
  =====
  Windows cannot copy file C:\Users\username\ntuser.pol to location \\server\profileshare\username.V2\ntuser.pol. This error may be caused by network problems or insufficient security rights. 
   DETAIL - Cannot create a file when that file already exists.
  ========== 
  Permissions have not changed. The only thing changing is the Updates installed on the servers. I tried running with AV realtime protection off, no change. Ntuser.pol is already on the exclude list in Forefront.
  This is happening on my test server and 2 prd servers. Any ideas. I looked for related hotfixes but not coming up with anything.
  The whole reason for installing Update 1 was so that we can continue to receive security updates...

  Hi,
  Thanks for your comment.
  When a roaming profile user logs off, the NTuser.dat file is always updated on the roaming profile share. The corresponding NTuser.pol file is only updated if the timestamp of the local copy that was created at logon is newer than the copy found in the roaming
  profile share. A synchronization problem may occur if a user with a roaming profile logs on to multiple client computers at the same time. This can eventually cause policy settings to be applied incorrectly. 
  For example, if the Group Policy loopback feature is applied on one of the client computers, the NTuser.dat file on the roaming profile share may contain loopback policy settings that are not present in the NTuser.pol file. If this problem occurs, the loopback
  policy settings that are targeted at one client computer may be unexpectedly applied to a user who logs on to a different client computer.
  So please check the permission or group policy which you have applied and also whether you are performing multiple connection at a time. 
  Note: This KBhere providing only for reference as it’s for previous version.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• How do I configure thunderbird open but not jump to web link in e-mail

  How do I configure thunderbird open but not jump to web link in e-mail. I want the web pages, but do not want to display my browser page until I have clicked on several links, then I will go look at my browser pages.
  I can't figure out how to do this.
  Thanks,
  Dan

  From the menu bar select Tools-Account Setting-Composition and Addressing
  Set the reply option to Above the Quote
  You have to do this for each account if you have more than one.
  No menu bar? Press the alt key.

• Dreamweaver CS3 creates "_notes" directories. I don't want the "_notes" directories. How do I configure DW CS3 to not create those directories?

  Dreamweaver CS3 creates "_notes" directories. I don't want the "_notes" directories. How do I configure DW CS3 to not create those directories?

  No, it makes no difference to Run-time styling.
  A design-time stylesheet is a stylesheet that is only applied to the page as you are working in DW. This is very handy if you have elements on the page which are normally hidden/visible and you want to toggle that visibility while in Design view. Or when you have content that is styled in a way that DW doesn't understand, but the browsers do - you can use a DT stylesheet to modify this styling in Design view only. I'll give you an example -
  There is a metric that is used for font sizing called "rem". A rem is a relative em value - in other words, it specifies the ratio between the actual character size and the size of a base definition for the character size on the page. In previous versions of DW, this metric was not supported. So text content was abnormally large as a result when looking at a page using Design view. A DT stylesheet solves that problem by redefining the character size in px, but only when I am working in DW. Here's a good explanation (http://www.css-tricks.com/rems-ems/)
  You also will lose (I believe) details about which files have been recently synched, and some of your local settings for guides and snap to guides.

• How to set up roaming profile on Macs using AD like in windows

  I can bind the workstations to the domain fine.. But can someone direct me to instructions of how to set up the roaming profiles ?
  What steps do I need on the server ? This is what I've done so far.
  I already have OU's for the departments and the users have a shared folder inside their department folder.... \\server\shared_folder\user
  I have done the usual things with AD as far as the profile settings on the windows server.
  Am currently running Mac OS 10.5 and above
  My windows AD runs on windows server 2008
  All my windows workstation are able to use roaming profile without a problem.
  So far i have tried the so many avenues including..
  Make sure the Mac systems are joined to the domain controller and an ADS user can log on successfully. Use "Directory Utility" under "Utilities" menu to join the system to the domain.
  Backup all the contents from /Users to the storage or somewhere locally.
  Configure automount - Go to "Utilities" -> "Directory Utility" - Select the domain and click "Show advanced options" - Click "Mounts" tab and add automount as mentioned below. Remote NFS URL: nfs://server_name/share_name/path/to/profile/directory Mount location: /Users Additional mount parameters: -P,-T Apply the settings and this will mount the remote shared folder or we can name it as Roaming Profile Space - under /Users directory
  Enable roaming profile - Go to "Utilities" -> "Directory Utility" - Select the domain and click "Show advanced options" - Click "Services" -> Select "Active Directory" and click "Show advanced option" - Click "User experience" tab and select the option "Create mobile account at login".
  Reboot the system and log in as any ADS user. The Roaming shared folder will be mounted and the user profile will be created on the shared folder
  Can anyone kindly assist me

  Hi Guys, anyone with the Soln...or Tips..Am waiting

• Firefox Error with Roaming Profiles "Could not initialize the application's security component"

  Hi there
  I get the common error "Could not initialize the application's security component" when I startup Firefox.
  I tried this manual: http://support.mozilla.org/en-US/kb/couldnt-initialize-applications-security-component
  I have enough space left, i have read/edit/write-rights, created a new firefox profile and also reset all the settings, nothing works.
  BUT I dont have a cert8.db File in my %APPDATA%\Mozilla\Firefox\Profiles
  What can I do?
  Like I said in my description, its about Users that are logged in with a Roaming-Profile. Every User has this problems, it doesn't matter if or without Admin-Rights.
  Also this problem exists since Firefox 4.0.0, the last working Version was 3.6.13 I guess.

  You can use this button to go to the Firefox profile folder:
  *Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder)
  Try to remove or rename secmod.db (secmod.db.old) in the Firefox profile folder.
  If that didn't help then also rename the cert8.db file to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.
  If that helped to solve the problem then you can remove the renamed cert8.db.old file.<br />
  Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.<br />
  Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
  Do a clean reinstall and delete the Firefox program folder before (re)installing a fresh copy of the current Firefox release.
  Download a fresh Firefox copy and save the file to the desktop.
  *Firefox 25: http://www.mozilla.org/en-US/firefox/all.html
  Uninstall your current Firefox version, if possible, to cleanup the Windows registry and settings in security software.
  *Do NOT remove personal data when you uninstall your current Firefox version, because all profile folders will be removed and you lose personal data like bookmarks and passwords from profiles of other Firefox versions.
  Remove the Firefox program folder before installing that newly downloaded copy of the Firefox installer.
  *(32 bit Windows) "C:\Program Files\Mozilla Firefox\"
  *(64 bit Windows) "C:\Program Files (x86)\Mozilla Firefox\"
  *It is important to delete the Firefox program folder to remove all the files and make sure that there are no problems with files that were leftover after uninstalling.
  *http://kb.mozillazine.org/Uninstalling_Firefox
  Your bookmarks and other personal data are stored in the Firefox profile folder and won't be affected by an uninstall and (re)install, but make sure that "remove personal data" is NOT selected when you uninstall Firefox.
  If you keep having problems then also create a new profile.
  *http://kb.mozillazine.org/Profile_folder_-_Firefox
  *http://kb.mozillazine.org/Profile_backup
  *http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Clean_reinstall

• Roaming profiles did not work with Novell client

  I've Problems with roaming profiles.
  It is perhaps not a Novell problem but anything with windows rights?
  We use ZCM11: (Server: SLES11 SP1)
  Client new PC with a freshly installed Windows7, all updates.
  (Only Turn on file and printer sharing, anything else default, no virusscanner)
  The pre-agent has been installed and then the the Novell Client 2SP1 IR7
  The PC gets a "Dynamic Local User Policy" with the settings:
  - Use the credentials of the user source
  - (Manage existing user account - but we have none there)
  - Volatile user (with no cache, meaning that the user is immediately deleted ... We have also tested with cache.)
  - e-dir user should be only member of Users
  The users from edir get a Roaming Profile Policy with:
  - Store user profile in user's Home Directory. (which is on the OES/SLES server)
  ---- results ----
  If the user has no centrally stored profile, then he can log on but just once!
  (if "Enable Volatile User cache" also several times to the same PC)
  If the user already has a stored profile, he can not log on Error: "The Group Policy client service failed the logon Access is denied"
  In my view, the following happens. W7 create the user locally and want's put in the settings from a central profile in the local
  Profile and can not do that.
  Only when no "central profile" is there in the homedir, or if this profile does not contain the file ntuser.dat, the user can log in locally.
  However, no files are used from te saved profile, for instance from the saved desktop.
  I can not imagine that anyone around the world with ZCM11 on a SLES/OES Server don't use the Novell client and raoming profiles
  It must therefore give a simple trick to solve the problem.
  But which one? Can some one here help me?

  Alix,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• Roaming profile login problem to the domain

  Hi all,
  Domain Environment, DC Server with Server OS of Microsoft Server 2008 R2 Standart SP1.
  Roaming profiles unable to login to the domain on couple of PC's. They just inserting the password, starting to wait to log in with "Welcome"
  on the screen, its thinking and looks like hes gona open the user's desktop but in this secong its just logging out back to the login screen.
  Thanks for your help.
  Best Regards,
  Vlad Dodin

  Hi Vlad Dodin,
  I want to get more information about this issue.
  Had you got any error messages during the login process?
  If no domain users can log into those PCs?
  If this is just a login problem in those PCs and there is no error Roaming profiles error during the login process, this article may be helpful for you:
  How To Fix Stopping, Freezing, and Reboot Issues During Windows Login:
  http://pcsupport.about.com/od/findbysymptom/ht/windows-freezes-reboots-during-login.htm
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information
  I hope this helps.

• How to Reset Password of User while not connected to Domain using Local Admin Account

  How to Reset Password of User while not connected to the Domain using Local Admin Account
  (I have the use of a local admin account), and I want to help a user reset their password who has logged in the PC and had their credentials cached, but forgot this password. 
  In Local Admin Account :
  When I go to Control Panel, users, users, manager user ; I cannot see any users in this window except the local admin account, and, so I cannot reset a user password this way.
  When I go to lusrmgr.msc, then users ; the local admin account will display only. 
  If I go to command prompt and type "net user", this will not display any users who have logged in to the computer, and so I cannot use "net user" to reset a password.
  I don't want to use any disks, 3rd party programs, or create a VPN connection to the domain.  I just want to help a user who calls in and forgets their password.

  Hello Keith,
  I know this is an old thread but I'm trying to better understand how I could change the domain password while not on the network. What I'm getting from your post is that you:
  1. Create a local user account (not a domain user)
  2. Login with that local user account
  3. Connect to the VPN while logged in as a local user
  4. Log out of the local account and login with the domain credentials
  Now, my question is based on the assumption that the password created on the local account is the same password that one will use to login to the domain account? Also, is the local user account the same as the domain account?
  Thanking you in advance!

• How to grant LOGON ONLY Rights to two users (no domain admins) on Domain Controllers

  Dear Techies,
  I wish to grant LOGON ONLY Rights to two users, who are not the members of Domain Admins, on Domain Controllers.
  Can someone please suggest the best and easiest possible way to do this keeping up with Compliance?
  Regards
  Amit Kumar

  I think it is by design, the readers don't have access to the operations and application management section. If you look at the URL's you will notice they are of the form  http://servername:portnumber/_admin/operations.aspx and http://servername:portnumber/_admin/applications.aspx. Giving read only access to these pages means, they will be not able to modify the settings on these pages.
  Looks like it is not possible to give read only access.
  Thanks,
  Prashanth

• Roaming Profile at User level simply not copying...no error

  Little rusty on setting this up but if I recall if I choose to setup roaming profiles at the user object level then I simply need to create a share with the appropriate share/NTFS permissions then assign the UNC path in the Profile tab in ADUC?  We
  are running Win 2008 R2 with Win 7 SP1 clients.
  If this is correct then I have done this and the profile will simply not roam...no errors in event log, the test user simply logs in and has a normal local profile.  While I am logged in as this user I can access the above UNC and create a folder so
  I think permissions are ok.
  Originally this computer and test user were in an OU where I set a GPO setting up Folder Redirection.  Thinking that I possibly configured something incorrectly there I moved the user and computer object to a basic OU where only the default domain policy
  is applied.  No change.
  I don't remember getting this part working to be such a hassle so I am at a loss now how to troubleshoot further.
  Thanks

  Hi,
  Since Roaming Profile doesn’t work correctly, and you could not find any error in the event logs. At this time, I suggest you’d better first check for the correct permissions on the profile
  share. In addition to logging events in the Application Event log, User Profiles can provide a detailed log to aid troubleshooting. To create a detailed log file for user profiles:
  1. Start regedit and locate the following path: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
  2. Create a new value called UserEnvDebugLevel as a REG_DWORD, and set the value to 30002 in hexadecimal format.
  The log file can be found at: %windir%\debug\usermode\userenv.log
  Regarding how to troubleshoot Roaming Profile issue, please try to refer to the following article to see if it helps.
  Troubleshoot User Profiles with Events
  http://technet.microsoft.com/en-us/library/jj649075.aspx
  Here are some guide about how to configure Roaming Profile, they may be useful to us.
  Configuring Roaming User Profiles
  http://technet.microsoft.com/en-us/library/cc738596(WS.10).aspx
  Group Policy Recommendations for Roaming User Profiles
  http://technet.microsoft.com/en-us/library/cc781862(v=ws.10).aspx
  How to configure Roaming Profiles and Folder Redirection
  http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
  Best Regards,
  Andy Qi
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Andy Qi
  TechNet Community Support

• Windows Domain Controller on Windows Server 2012 R2: Hyper-V roaming profiles not loading due to slow connection

  I have racked my brain and done everything that I know to do for about two weeks now.  I am setting up a new system at our fire department and I am having the worst luck with getting the workstations to login to the domain controller with roaming
  profiles.  It keeps telling me that the roaming profile could not be loaded because of a slow connection.  These are workstations that are connected directly to the switch that the DC is connected to.  I have tried multiple connections regarding
  the layout (DC into the router, router into the switch).  The router is a Cisco RV220W.  I have two VLANS, one for public and one for private domain.  The Private VLAN has DHCP turned off since I am providing it through the DC.  I currently
  have a connection from the Private VLAN going to the unmanaged switch that the workstations and server are plugged into.
  The server is a Dell PowerEdge R420 that has 6 NIC ports (1 dual port and 1 quad port).  I have a virtual switch setup on Hyper-V for an external port (let's say Card 2 Port 3) that is assigned to the WS 2012R2 Domain Controller.  The DC can see
  the internet fine and the workstations can connect to the shared folders on the server.  I can retrieve files by just using the computer name or FQDN.  The DC is also running DNS and DHCP.  The DNS has the _msdcs setup from when I installed
  the active directory role.  I have attempted to assign static IP addresses to the workstations:
  IP:                     10.0.0.80
  Subnet:             255.255.255.0
  IPV4 Gateway:  10.0.0.1
  IPV4 DNS:        10.0.0.12
  I've attempted "append the specific DNS suffix", I've "registered the connection in DNS", I've used "use this connections suffix in DNS registration".
  The server is assigned:
  IP:                     10.0.0.12
  Subnet:             255.255.255.0
  IPV4 Gateway:  10.0.0.1
  IPV4 DNS:         10.0.0.12
  The DNS entries have forwarders that forward to my ISP DNS servers for lookup
  I've enabled and disabled DHCP, I've installed a new VM just to create another DC to make sure that I didn't goof up when I created it.
  I've lost my patience with this project and am sinking fast.  Can someone please offer some advice as to what I've done wrong?  I've created this exact scenario at work many times but, I've never done it with Windows Server 2012.  Is this
  possibly something to do with the Dell PowerEdge server (Generation 12) with the SR-IOV?  I am going to attempt to work on it some more tomorrow when I get over there.  I think there may be an issue with the SR-IOV not being enabled on the machine
  through the Dell Bios.  Would the SR-IOV really cause the workstations to report a slow connection?  When I login at the domain controller the roaming profiles and folder redirection work fine so, I know the GPO settings are correct.  I don't
  have "ignore slow connections" or any of those GPO's set.  I need to get it working the correct way so, I didn't want to fool the server when there is another underlying problem.  Any help that someone can offer, I am more than willing
  to listen.  If you need more information, please ask.
  Thanks,
  Jay

  So, I've managed to research this some more since Thursday and I've come to the conclusion that Hyper-V does a horrible job of supporting Qualcomm NIC cards. That's the only thing I can conclude as far as where the issue is originating. I've read many
  post and walkthroughs but nothing that has helped. The issue wasn't with any settings in the domain controller. The issue was that there really is a slow connection originating at the domain controller that is a VM and has network connectivity through the
  virtual switch from Hyper-V. So, next question is, how do I get the DC to have better connectivity through the NIC that Hyper-V won't give it? If hyper-v would allow passthrough, this would be so much simpler. VM-ware is looking really good at this point.
  Im disappointed in MS right now.

• Roaming profiles not working from time to time

  We have 6 Terminal servers and at random on the servers and at random with the users, the roaming profile will not be delete after the users log off.
  The folder that remains in the user folder, this folder however is empty, not even hidden folders or files are present: C:\Users\"username"\AppData\LocalLow\Microsoft\CryptnetUrlCache
  What we have tried is to run a log off script that has following in it "net stop CryptSvc" but this also does not work. We have had 6 users again today that had the problem. All on different servers.
  We can manually delete the users folders without any problems when the problem occurs but this is not something that we would like to do every day.
  I see a lot of similar problems but nowhere a real solution for this.
  Ah the event viewer:
  Windows cannot delete the profile directory C:\Users\"username". This error may be caused by files in this directory being used by another program. 
  DETAIL - The directory is not empty.
  - System 
    - Provider 
     [ Name]  Microsoft-Windows-User Profiles Service 
     [ Guid]  {89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845} 
      EventID 1533 
      Version 0 
      Level 2 
      Task 0 
      Opcode 0 
      Keywords 0x8000000000000000 
     - TimeCreated 
     [ SystemTime]  2014-06-06T07:27:05.906799700Z 
      EventRecordID 777512 
      Correlation 
     - Execution 
     [ ProcessID]  900 
     [ ThreadID]  6092 
      Channel Application 
      Computer TS05."domain".be 
     - Security 
     [ UserID]  S-1-5-18 
   - EventData 
    Folder C:\Users\"username" 
    Error The directory is not empty.  
  Services installed:
  - File Services
       ° File Server
       ° Services for Network File System
  - Remote Desktop Services
       ° Remote Desktop Session Host
  All the latest updates have been installed on all the terminal servers. The users are on different servers who have the problems and they aren't always the same users who have the problems so
  don't start by asking if everything is configured correctly cause that is the case!

  Thank you for your answer.
  The entry in that registry key remains indeed there. Is it safe to just remove that registry key when the user is no longer logged into that specific server?
  The KB that you have send me is with the following explanation:
  Notes
  This issue occurs when the Windows Search service is enabled.
  When this issue occurs, the registry subkey that represents the stale user profile is deleted. This subkey appears in the following location:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  But we do not have the Windows Search service installed nor is it enabled in the services list? But the subkey does remain in the registry.
  With kind regards,
  Thijs

• Roaming profiles not created while the creation of user account

  Hello,
  Our file server (running windows server 2003) is hosting Roaming profiles for users (in active directory running 2003). And that worked just fine till this week, when trying to create some users, we figured out that their roaming profiles are not created
  (after their first logon the the domain of course)
  We checked out the NTFS permissions and the SMB share permissions, and everything looks correct.I have even modified the permissions as Microsoft recommands. But still nothing has changed.
  What could be the problem? or where to look for some paths to troubleshoot this problem??
  Thanks in advance!
  Lotfi BOUCHERIT

  Hi Lotfi B,
  According to your description
  the user, is not able to access the share from the Explorer, as Awinish said, there may be a network or Firewall issue.
  Please try to troubleshoot the network issue referring to the following article:
  Troubleshoot network connection problems
  In addition, it would be helpful if you could help to collect the following information:
  Could the old users access the share?
  Did the GPResult show the GPO had applied successfully? Please run
  Gpresult /h > C:\temp\gpresult.html  (“C:\temp\”is the path of the gpresult.html,
  you can set it yourself) in Command Prompt, the file gpresult.html is used for checking the resultant of Group Policy information.
  Regards,
  Lany Zhang