5/6/2023 0 Comments Gpo mapped drivesIf the solution works with the ASM Office group in the security filter list then you don't need to perform item-level checking for the group membership anymore, since the security filter will handle that. Once the migration has been completed and the SBS server has been removed from the environment you can revisit the security implementation of the GPO. If it doesn't then my suggestion would be to add the affected user accounts to the delegation list for now and make a note of the deviation. If it does then the problem is solved and you can keep the permissions as-is. Remove your user account from the delegation list and check whether the policy applies correctly on the workstation. Add the Authenticated Users group to the delegation list with read rights if it is not there. The ASM Office group should now be visible under the delegation list as well. You will most likely see a warning with regards to having to add the Authenticated Users group to the delegation list with read rights. But most likely that would send you off on a worthless wild goose chase, so let's put that theory on the side for now.Īnother way to implement the permissions is to add the ASM Office domain group to the security filter list and remove the Authenticated Users group. I have a theory around the old SBS server which I suspect might be messing around with authentication on the network, based on limitations of SBS itself. I would suggest removing the Powerpoint file after we are done, as it still contains some "personal" information related to your environment in the info section of the document itself. Check that the drive letters specified in the GPO are available (command prompt > net use)Ĭome to think of it, since the policy is working correctly on at least 4 machines I would say that the problem is more device related than the policy itself.Try using the FQDN to map the drive and see what happens ( \\\Apps) since this works if done manually.Authenticated users domain group need to be in delegation list of the policy if it has been removed from Security scope. Kerberos tickets need to be updated to reflect domain group changes (log off and log on or reboot workstation).The DNS and NetBIOS caches need to be cleared on workstation - via elevated command prompt:1) ipconfig /flushdns 2)nbtstat -rR 3)nbtstat -RR (case sensitive).Only things I can think of is that may have an effect is (and listing them as a process of elimination): I had a look in the file, and everything appears to be fine, apart from the access denied error message. I am able to map the drive manually on the workstation and edit the files. Please click on the "More information" link." Unfortunately, there is no "More Information" link. Group Policy Drive Maps settings might have its own log file. My problem is when testing it on my workstation, the drive never maps and I get very helpful error in the event log that says "Windows failed to apply the Group Policy Drive Maps settings. Targeting = the user is a members of the security group MyDomain\ASM Office Run in logged-on user's security context (user policy option) = Checked I edited the policy under the User -> Policies -> Preferences -> Windows Settings -> Drive Maps. I created a group policy object called Map Network Drives. I'd like to map the S:\drive to \\DC-01\Office. I have a security group named ASM Office with about 6 members. Bear with me on this one because I've always mapped drives using a logon script and I'm still wrapping my head around using Group Policy.
0 Comments
Leave a Reply. |