Mapped Drives in Group Policy
Hi,
I am currently mapping drives via Group Policy, they are mapped based on the users location with Item Level Targeting. Because users move between different offices they access different drives in each office, the settings delete all mapped drives and then adds
the mapped drives for the office they are currently each time they log on.
However some users have manually mapped drives that are specific to the user. Is there a way to retain the manually mapped drives and just delete and add the drives in Group Policy?
My apologies if I have not made myself clear.
Thank you in advance for any help or thoughts
Hi,
Using "Delete" preference item, you can delete the specific mapped drives by identifying their drive letter configured using GPP, without disturbing the mapped drives created manually.
Checkout the below link for more information,
http://technet.microsoft.com/en-us/library/cc770902.aspx
Regards,
Gopi
JiJi
Technologies
Similar Messages
-
We are running Windows 8.1 Pro x86
I am really curious as to why the drive restriction group policy causes the error message to pop up:
"This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."
It does not prevent from actual saving so functionality is not lost but it really annoys our end users and we're getting a lot of complaints. We cannot use the workaround of hiding drives instead of restricting as this still presents security issues. This
is happens when saving (or clicking on a button like "Browse" that opens the 'Open' dialogue box) in all Office 2013 applications, Internet Explorer, Paint, Notepad, and probably most others. I've looked at many forums and no suggestions for workarounds
have succeeded for us to get rid of this error message and in fact, I read a post that stated that someone contacted Microsoft and they said this was by design and there is no workaround. I find this very unfortunate that we either have the choice of compromising
security or annoying our end users. It seems to me like the new dialogue box in Windows 8.1 (and maybe 8?) attempts to access the local drive under the logged in user's account before it actually opens up the dialogue box which conflicts with the group policy
that restricts access to the drive.
Has anyone at all had any luck getting this to go away without removing the restrictions? It seems like the answer is either buried in the Windows code or somewhere in the registry.
Thank you in advance for your time!Thank you for your time and response! Unfortunately, we have the machine locked down pretty tight (they are public use computers that require heavy restriction) and it is set to restrict all drives so access is limited to the local profile. We did try
testing your method, however, by adding the Desktop as an allowed location in the Office policy (which would not solve the issue for the other applications but was good for a test) using the path %userprofile%\desktop. When choosing that location, it does
not throw the error but unfortunately, it does not remember like it did for your with the E: drive so it still always throws the error when first loading the dialogue box no matter what I do. If you're able to confirm that this is simply by design and we're
just expected to inform our users to click through the errors, then I guess that's the accepted answer. Although, do you think that there might be a registry key value that is set after you save to the E: drive for the first time? Maybe we could set that value
to %userprofile%\desktop if it's doing the redirection after the first save through registry. Thanks again! -
How to deploy a file on all users C drive via group policy
I'm trying to deploy a file on all users C drive via group policy but its not working. logon script is already kept in place but nothing is happening. If I run the same command from my pc it's working fine. Does any one have good script to copy & deploy
the file. Pls helpHi,
You can use Group Policy Preferences to deploy this and Item-level-Targetting to filter by OUs/groups, wmi filters ,etc.
Computer Configuration / User Configuration - Preferences - Windows Settings - Files
More on this here.
http://technet.microsoft.com/en-us/library/cc772536.aspx
Hope this helps.
Regards,
Calin -
Mapping Network Drives via Group Policy
Is there a reason why a network drive would not map for the initial access via group policy while the end user is on a WiFi connection but it will when they are on wired?
I've been advised this is a known issue but I would like to get more detail on this and a reference number for the Microsoft case and whether there is a resolution.
ThanksSet the access point to use WPA2-PSK AES, and update the drivers.
Check and update.
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread. -
Block USB drive via Group Policy but keyboard, mouse, printers will work
Hi
We are using Windows Server 2008 R2 Std Edition and on clinet XP SP2
We want to block USB Storage via Group Policy and allow Keyboard and mouse to work.
Any suggestion will appreciate.
regards
Arvind
ArvindHi,
In 2008 you can use the below GPO.
User Configuration \ Administrative Templates \ System \ Removable Storage Access \ All Removable Storage classes: Deny all access.
Force a Restart to Ensure Removable Storage Access Policy is Enforced
http://technet.microsoft.com/en-us/library/cc771896(v=WS.10).aspx
Deny All Access to Removable Devices or Media
http://technet.microsoft.com/en-us/library/cc772540(v=WS.10).aspx
For "legacy" clients:
http://support.microsoft.com/kb/555324
Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing! -
Group Policy Pref - Mapped Drives Not Applying to One User
Hi All,
I’m new to this list, so please excuse any etiquette slip ups.
I have three users at a site. All their machines are running Windows XP Service Pack 3 and have client side extensions installed. I created a group policy to map their default drives using GP User Preferences.
Each of the drives is set to "update".
As an example of the policy created XML is as follows:
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="H:" status="H:"
image="2" changed="2009-11-25 05:13:58"
uid="{8A44D2F4-AAE5-4F43-AEEC-D36F08EA619C}" desc="Maps the users H drive to
ServerName\users$\%username%" bypassErrors="1"><Properties action="U"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\users$\%username%" label="Home (ServerName)"
persistent="1" useLetter="1" letter="H"/></Drive>
and
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="J:" status="J:"
image="0" changed="2009-11-30 03:52:58"
uid="{535CD462-A45D-4363-ADA1-2316D5ECC703}" desc="Maps J drive for users to
\\ServerName\apps" bypassErrors="1"><Properties action="C"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\Apps" label="Apps (ServerName)" persistent="1"
useLetter="1" letter="J"/></Drive>
The group policy is applied to an OU for that site.
All three users are in the same OU.
All three users are also in the same “xxsitecode Users” group.
2 of the users log into their pc and get the mapped drives with no issue, but one user doesn’t.
There are no other login scripts and the user has no manually mapped drives.
He does have a H drive mapped using the profile field in his AD object as a temp measure. But every 90 mins any other manually mapped drives are removed by the policy.
We don’t use roaming profiles
To trouble shoot I have tried
- Reinstalling client side extensions
- Re-joining the pc to the domain
- Running gpupdate from the command prompt to see if any event logs are generated (none are)
- Manually mapping the drives to make sure there is network access etc – I can manually map them/he can access them.
- Creating the user a new account, when he logs in using that account he gets his mapped drives on all PC’s
- Getting the user to log into a different pc, when he does this he doesn’t get his drives – so it’s not his machine or profile
- Manually checking the security on the user object in AD against one of the users who gets their drives mapped
I'm sure the GP is fine because it works for two other users and the testing isolates his user account as the issue.
The Policy I’m having issues with is xxxx Mapped Drives/ Printers
I have posted this issue on the tech net GP discussion groups page, but haven’t had any replies.
Any suggestions would be appreciated.
SimoneWhat's interesting is that I applied a new GP to users - it has one policy setting and one preferences setting. He only gets the policy setting.. aka he gets the wallpaper but not the homepage.
Also, Jorke asked me to post the gpresult /z .
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 10/02/2010 at 2:19:34 PM
RSOP results for DOMAIN\USER on MACHINENAME : Logging Mode
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: SITECODE
Roaming Profile:
Local Profile: C:\Documents and Settings\USER.DOMAIN
Connected over a slow link?: No
COMPUTER SETTINGS
CN=MACHINENAME,OU=Laptops,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:06:38 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
au-mdwsus
Default Domain Policy
Legal Notice
Proxy Settings
Logon as service, operating system
AU-WSUS
Desktop Background & Home Page
Reg Permissions for default desktop
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
SITECODE Mapped Drives/ Printers
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The computer is a part of the following security groups:
BUILTIN\Administrators
Everyone
Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
MACHINENAME$
Domain Computers
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for Computer:
Software Installations
N/A
Startup Scripts
GPO: Desktop Background & Home Page
Name: image.bat
Parameters:
LastExecuted: 7:55:34 PM
Name: swiftdesktop.vbs
Parameters:
LastExecuted: 7:55:35 PM
Shutdown Scripts
N/A
Account Policies
Audit Policy
User Rights
Security Options
Event Log Settings
Restricted Groups
System Services
Registry Settings
File System Settings
Public Key Policies
N/A
Administrative Templates
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\CurrentVersion\Winlogon
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Desktop Background & Home Page
Setting: Software\Policies\Microsoft\Internet Explorer\Security
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
USER SETTINGS
CN=Matthew Luhrs,OU=Users,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:54:53 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
**** SITECODE Mapped Drives/ Printers - has Gp Pref's that should apply
Default Domain Policy
Proxy Settings
**** Desktop Background & Home Page - has Gp Pref's that should apply
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
AU-WSUS
Filtering: Not Applied (Empty)
Legal Notice
Filtering: Disabled (GPO)
Reg Permissions for default desktop
Filtering: Not Applied (Empty)
Logon as service, operating system
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
au-mdwsus
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The user is a part of the following security groups:
Domain Users
Everyone
Offer Remote Assistance Helpers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Computer Account Operators
Internet Users
SITECODE Users
DOMAIN-Public Folders Administrators
All Email Users
DOMAINSWIFTEMAIL
Domain Admins
Offer Remote Assistance Helpers
WSUS Administrators
DHCP Administrators
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for User:
Software Installations
N/A
Public Key Policies
N/A
Administrative Templates
N/A
Folder Redirection
N/A
Internet Explorer Browser User Interface
GPO: Proxy Settings
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
HTTP Proxy Server: Proxy:port
Secure Proxy Server: Proxy:port
FTP Proxy Server: Proxy:port
Gopher Proxy Server: Proxy:port
Socks Proxy Server: Proxy:port
Auto Config Enable: Yes
Enable Proxy: Yes
Use same Proxy: Yes
Internet Explorer URLs
GPO: Proxy Settings
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: Proxy Settings
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
GPO: Proxy Settings
Import the current Program Settings: No -
Group Policy error 1112 - Drive Maps
Hi everyone
We are getting hundreds of these alerts from SCOM every day from multiple 2008 R2 terminal servers:
Alert from Operations Manager 2007:
Alert description: The Group Policy Client Side Extension Group Policy Drive Maps was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish
completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
Looking on the Server itself in the System log I see these entries for every time a user logs onto the server (via RemoteApp)
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 15/03/2012 2:23:58 p.m.
Event ID: 1112
Task Category: None
Level: Warning
Keywords:
User: HOT\xxxxxx
Computer: HOTAKLRD01.hot.co.nz
Description:
The Group Policy Client Side Extension Group Policy Drive Maps was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the
next startup or logon for this user, and this may result in slow startup and boot performance.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1112</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-03-15T01:23:58.350306600Z" />
<EventRecordID>57243</EventRecordID>
<Correlation ActivityID="{651EFA61-7FA8-4444-9E68-81D0F82DEFE4}" />
<Execution ProcessID="900" ThreadID="22780" />
<Channel>System</Channel>
<Computer>HOTAKLRD01.hot.co.nz</Computer>
<Security UserID="S-1-5-21-1288906317-135625827-1544898942-500" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">3961</Data>
<Data Name="ProcessingMode">1</Data>
<Data Name="ProcessingTimeInMilliseconds">4656</Data>
<Data Name="ErrorCode">1274</Data>
<Data Name="ErrorDescription">The group policy framework should call the extension in the synchronous foreground policy refresh. </Data>
<Data Name="DCName">\\HOTAKL31.hot.co.nz</Data>
<Data Name="ExtensionName">Group Policy Drive Maps</Data>
<Data Name="ExtensionId">{5794DAFD-BE60-433f-88A2-1A31939AC01F}</Data>
</EventData>
</Event>
However it each case the user still gets their drive mapping!
I've this only occurs with Drive Map GP Preference -I've even taken a user out of all policies except for a new test drive map policy and they still get this error. I've applied the hotfix that should be the latest version of the GP dll's (KB2622802) but
the error remains. I've tried all options within the GPP for Drive Maps - Update, Replace etc,
Should I just override the OpsMgr alerts? It seems like this is a bug with 2008 server and GP Drive Map Preferences?
Any ideas would be appreciated
Thanks
Rik> *"Note: For servers, the startup and logon processing always behaves
> as if this policy setting is enabled."*
>
> **
>
> **
>
> **
>
> **
>
> **
>
I must admit that I never used Drive Maps on a Server (-: Maybe this is
a bug in the Drive Maps CSE... If it bothers: Set NoBackgroundPolicy
(REG_DWORD) to 1 in HKLM\Software\Microsoft\Windows
NT\CurrentVersion\WinLogon\GPExtensions\
{5794DAFD-BE60-433f-88A2-1A31939AC01F}. This will prevent the Drive Maps
CSE from being invoked during background GP updates.
sincerely, martin
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating! -
Replace Mapped Drives with UNC Paths via Group Policy Preferences
We are currently using Group Policy Preferences to map network drives to drive letters for our users. Given the risk of ransomware, etc. these days we want to provide users with a UNC link rather than a mapped drive letter. Can anyone tell me
the best way to do this?
Thanks,
Joe> We are currently using Group Policy Preferences to map network drives to
> drive letters for our users. Given the risk of ransomware, etc. these
> days we want to provide users with a UNC link rather than a mapped drive
> letter. Can anyone tell me the best way to do this?
Create shortcuts :)
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Hi this is my first time to ask a question here in this community.
I am a system administrator here at my work and we are having some issues on some servers that we handle. Network in our office is stable and we have determined it is not a problem on the connection.
First issue - One of our domain controller consistently drops out on our Directory Server and saying it's unavailable.
Second issue - Unable to ping hostname but IP address works fine. (Sometimes hostname is ok but very intermittent)
Third issue - Since connection is unstable map drives causes to disconnect
If someone can provide any assistance on this matter it would be a great help. If screenshots needed for proper assistance would be appreciative.
Just to add that this only happen after a power failure last April of this month and a few weeks bluescreen started to show. It is a hazy version wasn't able to get any code that may lead to a hardware failure.
Now our main RDC.local is also affected so we are trying to isolate this issue and exhauted my brain since we cannot determine what causes it. Need external assistance just to give us a lead on where we can get this resolved.Hi Ryan,
Before going further, would you please let me confirm something more? Thanks for your understanding.
1. For first issue, would you please let me know OS edition information of the problematic DC? Was it Windows Server 2008 R2 or Windows Server 2012 or any other?
à
One of our domain controller consistently drops out on our Directory Server and saying it's unavailable.
Would you please let me know the complete error message or provide a screenshot of it?
(Please hide all protected or private information.) Meanwhile, please log on the problematic DC and check if find relevant events or errors in Event Viewer.
2. For the second issue, it seems to be a DNS issue. Did you run
ipconfig /flushdns and ipconfig /registerdns command? Any find? Meanwhile, please use
ipconfig /all to display full TCP/IP configuration and check. Or you can post the
ipconfig result here. It may help us to go further analyze. By the way, would you please let me know error message that you can get when be unable to ping via hostname?
3.
àSince connection is unstable map drives causes to disconnect
May be a cause.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu -
Map a network drive by group membership
Hello,
I'd like to map network drives by group membership.
To begin I just tried with this command.
$TestMembers = Get-ADGroupMember -identity Test
$TestMembers | foreach-object {New-PSDrive -name T -PSProvider FileSystem -Root \\MyServer\MyShare -persist}
My network drive is well mapped but for all my domain users.
Could you please tell me what's wrong in my command ?
I know I could use Group Policy Preferences but I'd like to know the powershell command.
Thanks by Advance.
Seb.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.Hello,
Thanks for your answer it will help me.
Best Regards.
Seb.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Group Policy won't apply, No mapping between account names and security IDs was done.
I am using Group Policy Preferences to remove users from the local admin group and add a local admin account. This GPO is working on 90% of the Win7 machines on the network, but three laptops are not accepting the GPO. I get the following error:
Log Name: Application
Source: Group Policy Local Users and Groups
Date: 6/24/2014 8:49:28 AM
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: laptop1.internal.com
Description:
The user 'Administrators' preference item in the 'Local Admin Policy - Remove Permissions {593ACD77-3663-4023-BEB8-938D83F7862E}' Group Policy object did not apply because it failed with error code '0x80070534 No mapping between account names and security
IDs was done.' This error was suppressed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Group Policy Local Users and Groups" />
<EventID Qualifiers="34305">4098</EventID>
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-06-24T13:49:28.000000000Z" />
<EventRecordID>68771</EventRecordID>
<Channel>Application</Channel>
<Computer>laptop1.internal.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>user</Data>
<Data>Administrators</Data>
<Data>Local Admin Policy - Remove Permissions {593ACD77-3663-4023-BEB8-938D83F7862E}</Data>
<Data>0x80070534 No mapping between account names and security IDs was done.</Data>
</EventData>
</Event>
I've searched high and low for an answer and nothing I find on-line seems to apply. I also notice that the option to 'Run as Administrator' does not work. If I right-click on cmd.exe and select 'run as administrator', the command box opens but
I am not prompted for credentials and the command box does not have admin rights. Not sure if this is related or not.
Any help on this would be greatly appreciated.
Thanks,
JoeHi,
Delete your remove action from the GPP and push it again, does this issue still occur?
If it still exists, let’s collect the GPP log for analysis:
Group policy Preference debug logging policy settings are located under:
Computer Configuration\Administrative Templates\System\Group Policy
Click Logging and tracing, select local users and group preference logging and trace.
Meanwhile, just a similar issue, but it is worth trying:
A user is added to the wrong group on a client computer that is running Windows 7 or Windows Server 2008 R2
http://support.microsoft.com/kb/2280515
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support -
I'm trying to prepare our school system for Windows 7 (we currently use XP). I would like to use the new Group Policy Preferences method of deploying printers. I pushed out the XP client side extensions through WSUS. In my test environment, I added the shared printer in group policy preferences. My XP machine had the printers show up automatically, but my Windows 7 machine did not. I realized that I had previously connected a printer of the same type to my XP machine before and the drivers were already installed. To test this theory, I manually connected the shared printers to the Windows 7 machine, deleted them, then logged off and back on. Now the printers are showing up from group policy. My question is does using group policy preferences to deploy printers require the print driver to be pre-installed? If not, then what am I doing wrong? If so, is there a way to work around this? Thanks for your help.
EDIT: To clarify, I am using the share method in GPP. This is the error message I get in the event log:
The user 'PRINTERNAME' preference item in the 'win7 printer test {946461A1-27F8-406F-A0B3-0A1A05AF34F6}' Group Policy object did not apply because it failed with error code '0x80070bcb The specified printer driver was not found on the system and needs to be downloaded.' This error was suppressed.This link have a description of resolution:
http://technet.microsoft.com/en-us/library/cc725938.aspx
Open the GPMC.
Open the GPO where the printer connections are deployed, and navigate to Computer Configuration, Policies, Administrative Templates, Control
Panel, and thenPrinters.
Note
The Point and Print Restrictions setting can also be found under User Configuration\Policies\Administrative Templates\Control Panel\Printers.
This policy is ignored by Windows 7 and Windows Server 2008 R2, but is enforced by earlier editions of Windows including Windows XP with SP1, Windows Server 2003 with SP1, and Windows Server 2008. We recommend that you change
this policy setting in both locations so that all down-level clients have a consistent experience.
Right-click Point and Print Restrictions, and then click Properties.
Click Enabled.
Clear the following check boxes:
Users can only point and print to these servers
Users can only point and print to machines in their forest
In the When installing drivers for a new connection box, select Do not show warning or elevation prompt.
Scroll down, and in the When updating drivers for an existing connection box, select Show warning only.
Click OK. -
Drive Block using group policy
Can Any one help me about this drive block
i am unable to block the E & F drive for all users. so please advice with clear steps of commands, how do i write the drive blocks script using the group policy in server 2012.
However I tried through registry but still its not working. my only concern how to block few users accessing D drive and few users from F drive in the local system using group policy.
Thanks in advance.whats registry settings have you set ?
-
Group Policy Management of One Drive
We are looking into deploying Onedrive for our school with 1TB Drives and are upgrading to Windows 8.1 devices as well. These devices will not have 1 TB of storage local to their workstations/tablets/laptops. While I know that it is possible to set Onedrive
as the default and even force all files to be online, what I would like to know is Is there a way to force synchronization in a way where only the Recently used files are available offline?
For Example I would like a file to keep the last 100 files accessed from One Drive local but still have it synchronize with Onedrive to make sure that the files are backed up whenever internet access is available. I'd even be happy with the ability to set
a policy where any file used for the last 15 days is synchronized locally with OneDrive and kept offline, but on day 16 of it not being accessed, the file gets synchronized and then removed from local with only a pointer to the online file.
If anyone knows if this or something like this is possible it would be really beneficial especially if its controlled by group policy.Hi,
Just confirm, are you trying to deploy OneDrive or OneDrive for Business? Please note they are two different products,
How is OneDrive for Business different from OneDrive? Please refer to:
http://office.microsoft.com/en-001/sharepoint-server-help/what-is-onedrive-for-business-HA102822076.aspx?CTT=1#differences
Regards,
Melon Chen
TechNet Community Support -
When logging on to Windows 7 user gets a second mapped drive to the users home folder
Morning,
I'm working through an issue we've discovered whilst trialing Windows 7. Our environment is setup as follows.
Domain Controllers are Windows Server 2003
Clients are Windows XP and Windows 7
Windows XP and Windows 7 Clients are in seperate OU's
All Windows XP Group Policies apply to Windows XP And Windows 7 clients, Windows 7 policies are then applied to Windows 7 clients after
Windows 7 policies are setup such that any setting defined in a Windows XP Group policy is left unconfigured in the Windows 7 Group policy and only new Windows 7 settings have been set in Windows 7 Group Policies.
We have users home folders mapped in their Account Directory account setting and set to H:\ to connect to
\\domainname\dfs\home\username
In addition we also as a fail safe map the drive via a login script using net use
This has worked fine for years in windows XP, if Active Directory failed to map the drive for any reason then the login script would then map the home drive.
In Windows 7 we have noticed a curious error. We found after a period of a couple of weeks we suddenly started getting a new drive mapped. This was identical to the H:\ drive mapping but was instead under drive Z:\. In other words, the
users home folder is mapped twice on h:\ and z:\. This is not affecting any of the Windows XP users.
I have gone through several logic reasons to ascertain why this has happened with the following findings.
1. Originally we thought the error appeared when we tried out mapping the home drive using the mapped drives functionality new in Windows 7 group policy under preferences > windows settings > drive maps. However, after forcing it to delete the
Z:\ drive using this functionality we only succeeded in removing it with a group policy present to do it. As soon as we removed that group policy the Z:\ drive came back
2. Secondly i thought the reason we would be getting a z:\ drive when we haven't specified it anywhere is because active directory is trying to map to the H:\ Drive but it is already present therefore in Windows 7 it tries to map to a different drive.
Using Windows logic it tries the highest letter first which is unlikely to be in use i.e. z:\. This makes sense because our logon script uses a net use h:\ command to map the drive and i believe by default these are set to perisistent. Therefore
the next time the user logs on H:\ is already mapped so the logic in Active Directory accounts maps the drive to Z:\ instead hence we end up with two mapped home drives. To test this i altered the login script to set the drive maps to
non persistent using persistent:no. The logic here was that when the user logged off the drive would become unmapped so that when Active Directory tried to map the drive it would be able to use H:\. Unfortunately this was not the case and
Z:\ remains.
3. Here is where i resolve the issue but i don't know why and is the bit i need answering. If i go into my account on Active Directory and go to Profile and set the home folder drive letter to another letter i.e. change from H:\ to U:\,
i get prompted to set full control etc and apply. I then set the drive back from U:\ to H:\, again i am prompted for setting full control which i accept.
NOW when i login i no longer receive a Z:\ drive and only get an H:\ drive. YAY, thats what i want, however, i do not understand why this is the case. At first i thought it might be something in the active directory logic when i login to an XP
machine and then login to a windows 7 machine. IF you bear in mind that although i get a new profile in Windows 7 i still retain the same home folder setting. However, after logging on an XP machine logging off then logging
on a Windows 7 machine i still didn't get the Z:\ drive back.
I have tried creating a new user that ONLY receives our Windows 7 Group Policies and still they receive both an H:\ and a Z:\ drive which rules out the Windows XP policies conflicting with the Windows 7 policies.
Does anyone have any ideas why i would get a second drive mapped to Z:\ logging into Windows 7 on a Windows Server 2003 domain?
Can anyone explain in more detail exactly how the Active Directory functionality works when you specify a connect to Drive letter for a users home folder?
My current workaround is simply to add a net use command to remove the Z:\ drive. I do not want to use Mapped Network drives using the new policy settings in Windows 7 RSAT because we have already found issues with it.
<input id="3daf20bf-4f4d-4a05-86da-2c30c205d580_attachments" type="hidden" />We had the exact same issue happen to us. No issue on Windows XP but Windows 7 mapped two home drives (F and Z). F was mapped during the login script and Z was being mapped by some unknown reason.
We use Netapp for our storage and home drives and use a feature called CIFS Home Drive Mapping. This essentially maps a user to a folder not available through normal CIFS methods causing AD to error when setting the home drive. To get around this we use
dsquery and dsmod to modify this attribute in the user account. This is the command we used...
dsquery user -name %UserNameX% | dsmod user -hmdrv F -hmdir \\filer\$username$
Notice there is no ":" after the F
We determined the root causewas the value for the
homeDrive attributefor the user account was set to "F" instead of "F:"
When we updated our users to reference "F:" instead of "F" in their user, this problem was resolved.
Use LDP or some other method to verify that the homeDrive attribute is set to "F:" (or any other letter) or you will have this issue.
Maybe you are looking for
-
Not able to delete Personalized Items !!!
All, I was trying to create a flex field through personalization in iProcurement 11.5.10. There was some issue and i was not able to create it properly. Now, if i go to that page, its throwing an error.I cannot got that page at all to click on "Perso
-
FAQ or "how to" connect to iMac with Airport????
Is there a checklist or such that shows how to allow a Windows laptop to connect with the Airport Extreme on an iMac? It works fine with multiple iPod touches and a Sony PSP but I'm unable to solve why the Windows laptops won't connect. Each laptop (
-
Modify the login page (login.jsp) of B2B scenario of the Internet Sales app
All I wanted to modify the login page (login.jsp) of B2B scenario of the Internet Sales application By typing the URL "http://<servername>:50001/b2b/b2b/init.do." I could able to see the login page My requirement is to add an extra link in this page
-
Somebody can give me some manual about tuxedo! thanks
I need the tuxedo manual about its functions and atmi , api! so somebody can help me ! Please give a link or post them to me mailbox ! [email protected] thanks!
-
LaserJet 1320 not being recognized, really strange
Hello all, I'm having a really strange problem that I think is mostly my fault. I just recieved a LaserJet 1320, and when I first hooked it up everything worked fine. However, I couldn't figure out how to do duplex printing, so I installed HP's Toolb