Problem with mapped drives & grou policy

Spammeh · 15 Sep 2010 at 16:50

I realise that this probably isn't the forum to post this, but I know there's a lot of techy minded people who might be able to help.

In short we have a NAS which we're going to use as slow storage for our users on the domain that we would like mapped as their P: drive on their accounts.

Currently the shares are set up so that the drive would need to be mapped as follows:

\\nas01-MC\%username%

This seems to be working for some users within varying Active directory OU's but for others, does nothing

Currently, in a test OU I've got a .cmd running in the logon scripts part of group policy containing this line:

net use P: \\NAS01-MC\%username%

as far as I'm concerned as long as they have permissions over the relevant folder then that should work.

e.g.
AD username: jbloggs
NAS Share: \\nas01-mc\jbloggs

Is there anything I can run to check why this isn't running or can anyone point me in the direction as to why this isn't working? The particular policy that this script is in is listed at the top of the GP inheriance tab for the specific folder so I honestly cannot get my head around this.

Thanks for any help ladies and gents!

Deleted member 77746 · 15 Sep 2010 at 16:57

That really isn't enough information to provide support. You may want to check these machines know where/what 'NAS01-MC' is. Make sure it's returning an IP Address. You may want to change 'NAS01-MC' to the IP Address '\\xx.xx.xx.xx\%USERNAME%'.

On the other hand, your users does have permission to the NAS, check the permissions on the box.

Spammeh · 15 Sep 2010 at 17:01

When logged in as the user, I can easily browser to the web front end of the machine, so I know its not a DNS issue. The permissions have been checked on the box and thats fine as you can log on the front end with the domain username and password without an issue.

Spammeh · 15 Sep 2010 at 17:05

Oh, and once logged on as the user you can map the share manually and it works using \\nas01-mc\<username> without any issues, so its got to be something to do with the group policy side of things

Deleted member 77746 · 15 Sep 2010 at 17:24

Spammeh said:
Oh, and once logged on as the user you can map the share manually and it works using \\nas01-mc\<username> without any issues, so its got to be something to do with the group policy side of things

Create a new OU with 1 test user in it, apply a user GP ONLY with just the drive mapping configuration. Possibly corrupt GPO somewhere. Anything in the logs? do you no how to do a GP result? Do that on a current logged on user to see if this script has applied.

HungryHippos · 15 Sep 2010 at 18:54

hmm, what we do for our users is go into the Active Directory user object, then under the Profiles tab map the drive.

So for example map P: to \\servername\%username%

This then maps that drive for the user when they login to the domain.

svbooga · 15 Sep 2010 at 19:45

Eulogy said:
hmm, what we do for our users is go into the Active Directory user object, then under the Profiles tab map the drive.

So for example map P: to \\servername\%username%

This then maps that drive for the user when they login to the domain.

Same here, use a logon script for the rest of the mapped drives but set the users home drive through the AD user properties.

Street · 15 Sep 2010 at 23:45

Are all the other policies applying or is it just this one that isn't?

Toughnoodle · 16 Sep 2010 at 12:57

This might be a long shot, but if you're running 2008 Server and using Group Policy preferences to map the drives the PCs have to have an update installed first (because 2008 AD is newer than XP).

Spammeh · 16 Sep 2010 at 14:23

despite the other users in the the same OU having the same policies applied, theirs maps fine. i'm completely out of ideas! The other users in that OU have had the 'p' drive mapped for a few months now, and have had no issues.

I set up a test OU with only that policy set to apply to it and got the following error:

Code:

C:\Users\yeboah>gpupdate /force
Updating Policy...
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows attempted to read the file \\XXX\SysVol\XXX\Policies\{771FC3E5-FE2B-4668-A825-844
7F43538B5}\gpt.ini from a domain controller and was not successful. Group Policy
 settings may not be applied until this event is resolved. This issue may be tra
nsient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer Policy update has completed successfully.
The following warnings were encountered during computer policy processing:
The Group Policy Client Side Extension Software Installation was unable to apply
 one or more settings because the changes must be processed before system startu
p or user logon. The system will wait for Group Policy processing to finish comp
letely before the next startup or logon for this user, and this may result in sl
ow startup and boot performance.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.

This is v. bizzare. I have done a gpresult and it shows that the policy with the login script in is applying to the user account

mrbios · 16 Sep 2010 at 14:32

So just to clarify:

You've tried or can't use the AD properties route?
GP Preferences have you tried this? if XP machines have you installed the client software for it?

for a script try this:
IF EXIST P:\*.* net use P: /Delete /y
IF NOT EXIST \\nas01-MC\%USERNAME% MKDIR \\nas01-MC\%USERNAME%
NET USE P: \\nas01-MC\%USERNAME%

^Stick that in a login bat file

That'll remove the P: drive if it already exists, make the users directory if one doesn't already exist, and map the user to that folder

Spammeh · 16 Sep 2010 at 16:55

I have currently only tested this on a windows 7 machine (as its the standard around our place) but as different logons work with the P drive then I cant believe it'll be a client think surely.

I've left work now so I'll definately give that ago to tomorrow mrbios, cheers mate

HungryHippos · 16 Sep 2010 at 18:17

Spammeh said:
I have currently only tested this on a windows 7 machine (as its the standard around our place) but as different logons work with the P drive then I cant believe it'll be a client think surely.

I've left work now so I'll definately give that ago to tomorrow mrbios, cheers mate

But you still haven't answered the question regarding having tried the AD properties as I mentioned in my previous post.

Deleted member 77746 · 16 Sep 2010 at 19:54

So you clearly have an issue with GPO.

n3vrmind · 17 Sep 2010 at 06:23

From GPMC check the properties and note the GUID i.e. number that will look something like {00000000-0000-0000-000000000000}

Hop on a machine that should be running it under one of the affected user accounts and open \\<blah.domain.local>\sysvol\policies\ and locate the folder matching the guid, check the script is present and run it manually from your client machine to be sure it does what it should

Run rsop.msc from the run prompt, this will report on all the configured policy settings, from there you should be able to see if your .cmd file is in the list of things to run at logon

Id suspect this is an issue with your GPO setup rather than your script

I would also check all your policies in GPMC and find out which one matches the GUID {771FC3E5-FE2B-4668-A825-844
7F43538B5}, then check the policy file is replicated between all your domain controllers by accessing the sysvol share on each DC specifically and ensuring its there.
If you are having issues with files being missing on only certain DCs then you have a replication issue and should troubleshoot the NTFRS service / review the 'File Replication Service' logs in the event viewer. The sysvol share is treated like a DFS volume and sync'd by the NTFRS service between DCs. If you have one DC where the NTFRS is not working consider using BurFlags to set that DCs sysvol into a 'non-authoritive restore' and getting it to resync from one of the other copies.

Spammeh · 17 Sep 2010 at 09:37

Eulogy said:
But you still haven't answered the question regarding having tried the AD properties as I mentioned in my previous post.

We have home drives mapped from within the AD properties so this isn't possible to use hense why I've been doing it using a logon script.

Edit: I thought I'd mention if I do map the drive via the AD properties it does work fine.