http://gamingtrend.com
September 23, 2014, 08:45:04 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Calendar Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: Server/GPO Question/Help  (Read 521 times)
0 Members and 1 Guest are viewing this topic.
Punisher
Gaming Trend Senior Member

Offline Offline

Posts: 1733



View Profile
« on: January 13, 2014, 07:01:06 PM »

So... I am using Oracle VirtualBox to setup a test lab for some refresher work. Currently running 1 Windows Server 2012 and 1 Win 7 Workstation in VirtualBox.
I have been doing IT type stuff for years and years, but have fell behind in the server stuff since my last position didn't really use it, so I setup this test lab last week to get back into the stuff.
I have the server setup as a DC and it has 2 virtual NIC's. (1 out to my regular network/Internet (Also setup for Internet connection sharing), 1 setup for local only to the workstation)
Workstation has 1 NIC to the local only network.
I setup a test user with a test group and a test GPO.
GPO adds a printer, some restrictions on Control panel and 1 mapped drive pointing to a local folder on the server
Workstation connects to the server/domain with no problem. It also accepts the GPO somewhat, in that the printer and restrictions hit the Workstation. It also hits the Internet...usually..
Problem is that the mapped drive won't show up. If I manually map the drive from the workstation it works, so it shouldn't be a permission issue. I have also tried disabling the firewall and using gpudate /force and rebooting.
Workstation is fully updated as well.
Tried Googling it, but solutions I found didn't apply.
Anyone with experience on this have an idea?
Logged
Knightshade Dragon
Administrator
Gaming Trend Senior Member

Offline Offline

Posts: 21057



View Profile WWW
« Reply #1 on: January 14, 2014, 03:42:16 PM »

I followed everything you said, but GPOs are not my specialty that's for sure.  You might try this though: 

From admin on the box that's misbehaving:

Gpupdate /force
Gpresult /r /scope:computer |more

If memory serves that will force the update locally and for all users, and give you feedback to see if it worked. 
Logged

Ron Burke
EiC, Director of Gaming Trend
Gamertag:
Gaming Trend
PS3 Tag: GamingTrend
Punisher
Gaming Trend Senior Member

Offline Offline

Posts: 1733



View Profile
« Reply #2 on: January 14, 2014, 11:20:36 PM »

GPresult results..

Spoiler for Hiden:
C:\Users\user1>gpresult /r /scope:user |more

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 1/14/2014 at 5:31:56 PM


RSOP data for CRESCENTHAWKS\user1 on USER1-PC : Logging Mode
-------------------------------------------------------------

OS Configuration:            Member Workstation
OS Version:                  6.1.7601
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\user1
Connected over a slow link?: No

USER SETTINGS
--------------
    CN=user1 user,CN=Users,DC=crescenthawks,DC=local
    Last time Group Policy was applied: 1/14/2014 at 5:28:48 PM
    Group Policy was applied from:      CH-DC-1.crescenthawks.local
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        CRESCENTHAWKS
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        test GPO

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Default Domain Policy
            Filtering:  Not Applied (Empty)

        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domain Users
        Everyone
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        test GPO
        Medium Mandatory Level

The Gpresults doesn't seem to tell me anything unfortunately.. (or maybe I am reading it wrong?)
Logged
naednek
Global Moderator
Gaming Trend Senior Member

Offline Offline

Posts: 4646



View Profile
« Reply #3 on: January 15, 2014, 04:51:17 PM »

Do you have it so that it's item level targeted and then using the security group determining it's access?
(click on Common tab at the Drive Mapping window) Choose item level targeting, then select targeting.  Then choose the security group option under New Item.  Then choose your test group security group.  Apply the changes.


Logged
Punisher
Gaming Trend Senior Member

Offline Offline

Posts: 1733



View Profile
« Reply #4 on: January 15, 2014, 05:10:43 PM »

Quote from: naednek on January 15, 2014, 04:51:17 PM

Do you have it so that it's item level targeted and then using the security group determining it's access?
(click on Common tab at the Drive Mapping window) Choose item level targeting, then select targeting.  Then choose the security group option under New Item.  Then choose your test group security group.  Apply the changes.



i'm away from home right now, but if I recall correctly, I did set it up with my test gpo (called "Test GPO", BTW)
Logged
naednek
Global Moderator
Gaming Trend Senior Member

Offline Offline

Posts: 4646



View Profile
« Reply #5 on: January 15, 2014, 05:43:41 PM »

Quote from: Punisher on January 15, 2014, 05:10:43 PM

Quote from: naednek on January 15, 2014, 04:51:17 PM

Do you have it so that it's item level targeted and then using the security group determining it's access?
(click on Common tab at the Drive Mapping window) Choose item level targeting, then select targeting.  Then choose the security group option under New Item.  Then choose your test group security group.  Apply the changes.



i'm away from home right now, but if I recall correctly, I did set it up with my test gpo (called "Test GPO", BTW)

well from your gpresult info I do see that the user belongs to the security group called Test GPO, and that the GPO itself is named test gpo and it's being applied.  But I'd confirm that you have item level targeting selected and you have it pointed to the test gpo security group.

There's other ways to have the gpo map the drive, but that's the way I do it.
Logged
Punisher
Gaming Trend Senior Member

Offline Offline

Posts: 1733



View Profile
« Reply #6 on: January 15, 2014, 11:24:15 PM »

Here is a screenshot of all of my settings. The far right is a shot of my workstation. The mapped drive there is one I did manually to check permissions.
image is a 1 meg file

Spoiler for Hiden:
http://www.crescenthawks.com/gt/testgpo.jpg
Logged
naednek
Global Moderator
Gaming Trend Senior Member

Offline Offline

Posts: 4646



View Profile
« Reply #7 on: January 16, 2014, 12:06:15 AM »

I'm assuming your logged in as user 1?

We usually select replace instead of create but it shouldn't matter. 

I'm not seeing anything wrong with your set up.  The two things I do differently is using replace, and we don't have Run in logged-on user's security checked.

wish I could be more helpful. 
Logged
naednek
Global Moderator
Gaming Trend Senior Member

Offline Offline

Posts: 4646



View Profile
« Reply #8 on: January 16, 2014, 12:08:31 AM »

Another thing I noticed.

On your manual mapped drive, you don't have files in the file path, so it looks like the path is \\CH-DC-1\Documents
whereas the gpo shows you have it as \\CH-DC-1\Files\Documents

Could that be the reason?  Invalid path?
« Last Edit: January 16, 2014, 12:27:33 AM by naednek » Logged
Punisher
Gaming Trend Senior Member

Offline Offline

Posts: 1733



View Profile
« Reply #9 on: January 16, 2014, 03:20:13 AM »

Quote from: naednek on January 16, 2014, 12:08:31 AM

Another thing I noticed.

On your manual mapped drive, you don't have files in the file path, so it looks like the path is \\CH-DC-1\Documents
whereas the gpo shows you have it as \\CH-DC-1\Files\Documents

Could that be the reason?  Invalid path?

Dammit! Something so simple staring me right in the face! Thanks for the help! This is why you need fresh eyes on things... Fixed the path by removing "files"..  forgot that I changed the share to be straight to Documents since I was going to setup multiple folders in the "files" folders at some point with different username permissions..
Logged
Punisher
Gaming Trend Senior Member

Offline Offline

Posts: 1733



View Profile
« Reply #10 on: January 16, 2014, 03:36:15 AM »

Oh, since I have your attention.
Is there a way to have a username folder automatically created and mapped?
EX: new username: susan. logs into workstation for 1st time and in addition the the mapped drives setup already, a new folder is created on the server called susan and automatically mapped to U:

this way I don't have to manually create folders and mapped drives for each user.

I tried using the connect feature in the AD user profile to \\CH-DC-1\Documents\%username% and I also tried creating a mapped drive in the GPO to the same. I also made sure that the test GPO group had read/write permissions to the documents folder.
Logged
naednek
Global Moderator
Gaming Trend Senior Member

Offline Offline

Posts: 4646



View Profile
« Reply #11 on: January 16, 2014, 03:47:04 AM »

Quote from: Punisher on January 16, 2014, 03:20:13 AM

Quote from: naednek on January 16, 2014, 12:08:31 AM

Another thing I noticed.

On your manual mapped drive, you don't have files in the file path, so it looks like the path is \\CH-DC-1\Documents
whereas the gpo shows you have it as \\CH-DC-1\Files\Documents

Could that be the reason?  Invalid path?

Dammit! Something so simple staring me right in the face! Thanks for the help! This is why you need fresh eyes on things... Fixed the path by removing "files"..  forgot that I changed the share to be straight to Documents since I was going to setup multiple folders in the "files" folders at some point with different username permissions..


Hey no problem.  I've done that several times myself Tongue  And yes having fresh eyes definetely help, especially when you are staring at it for so long
Logged
naednek
Global Moderator
Gaming Trend Senior Member

Offline Offline

Posts: 4646



View Profile
« Reply #12 on: January 16, 2014, 03:51:55 AM »

Quote from: Punisher on January 16, 2014, 03:36:15 AM

Oh, since I have your attention.
Is there a way to have a username folder automatically created and mapped?
EX: new username: susan. logs into workstation for 1st time and in addition the the mapped drives setup already, a new folder is created on the server called susan and automatically mapped to U:

this way I don't have to manually create folders and mapped drives for each user.

I tried using the connect feature in the AD user profile to \\CH-DC-1\Documents\%username% and I also tried creating a mapped drive in the GPO to the same. I also made sure that the test GPO group had read/write permissions to the documents folder.

Do you use Active Directory?

At my work, we have a volume for people's personal folder. (I hate it)

Anyways we use Active Directory and under the profile tab (I think) there's  a spot where you can put in a file path with the folder name (we use their username) at the end of the path.  Then assign a drive letter, and it will create a folder and apply the permission to the location you gave it.

I'm not at work, so I'm not sure if I'm exact on which tab, but I believe it's under the profile tab.  Let me know if you need help and I can assist tomorrow when I have AD in front of me.  You may be able to do it via GPO but I haven't seen that option.
Logged
Punisher
Gaming Trend Senior Member

Offline Offline

Posts: 1733



View Profile
« Reply #13 on: January 16, 2014, 04:04:08 AM »

Quote from: naednek on January 16, 2014, 03:51:55 AM

Quote from: Punisher on January 16, 2014, 03:36:15 AM

Oh, since I have your attention.
Is there a way to have a username folder automatically created and mapped?
EX: new username: susan. logs into workstation for 1st time and in addition the the mapped drives setup already, a new folder is created on the server called susan and automatically mapped to U:

this way I don't have to manually create folders and mapped drives for each user.

I tried using the connect feature in the AD user profile to \\CH-DC-1\Documents\%username% and I also tried creating a mapped drive in the GPO to the same. I also made sure that the test GPO group had read/write permissions to the documents folder.

Do you use Active Directory?

At my work, we have a volume for people's personal folder. (I hate it)

Anyways we use Active Directory and under the profile tab (I think) there's  a spot where you can put in a file path with the folder name (we use their username) at the end of the path.  Then assign a drive letter, and it will create a folder and apply the permission to the location you gave it.

I'm not at work, so I'm not sure if I'm exact on which tab, but I believe it's under the profile tab.  Let me know if you need help and I can assist tomorrow when I have AD in front of me.  You may be able to do it via GPO but I haven't seen that option.
Yeah, I am using AD. I know about the profile tab you are talking about. that's the one I setup first where I mentioned using the connect feature. I know about adding the full username to the path, but what I am looking for is something that adds the path automatically.
So, say I have to add 20 users at once. instead of having to add the path \\servershare\bob, \\servershare\mary, \\servershare\john, etc, I am looking for a way to create the user accounts and the accounts make the path. that's why I was trying, \\servershare\%username%.  I was hoping this would work and from some quick, but dated research, some people have mentioned this should work. They also mentioned that doing so in the mapped drive section of the GPO should work, but neither worked for me.

Out of curiosity.. What do you do for a living?
Logged
naednek
Global Moderator
Gaming Trend Senior Member

Offline Offline

Posts: 4646



View Profile
« Reply #14 on: January 16, 2014, 04:05:30 AM »

sorry my kid has been going crazy and I didn't see that you mentioned Active Directory.

I haven't found a way of what you are talking about.  We do use the \\servershare\%username% mapping in the GPO but that only maps the drive, it doesn't create the folder and apply the security.  I can see if I can find more info tomorrow

I do this for a living smile  I work on SAN storage arrays, and servers.  I manage over 2000 user accounts and many servers.  I mainly deal with GPO's and user accounts/computer policy.  I work for the Air Resources Board in California.
« Last Edit: January 16, 2014, 04:13:10 AM by naednek » Logged
Punisher
Gaming Trend Senior Member

Offline Offline

Posts: 1733



View Profile
« Reply #15 on: January 16, 2014, 04:29:42 AM »

Quote from: naednek on January 16, 2014, 04:05:30 AM

sorry my kid has been going crazy and I didn't see that you mentioned Active Directory.

I haven't found a way of what you are talking about.  We do use the \\servershare\%username% mapping in the GPO but that only maps the drive, it doesn't create the folder and apply the security.  I can see if I can find more info tomorrow

I do this for a living smile  I work on SAN storage arrays, and servers.  I manage over 2000 user accounts and many servers.  I mainly deal with GPO's and user accounts/computer policy.  I work for the Air Resources Board in California.
See now, with you dealing with that many users, I would think something like this would be nice! So as you add users, you go in and create the user folders and permissions manually? Even if you have an influx of new users?
Logged
naednek
Global Moderator
Gaming Trend Senior Member

Offline Offline

Posts: 4646



View Profile
« Reply #16 on: January 16, 2014, 05:12:00 AM »

Quote from: Punisher on January 16, 2014, 04:29:42 AM

Quote from: naednek on January 16, 2014, 04:05:30 AM

sorry my kid has been going crazy and I didn't see that you mentioned Active Directory.

I haven't found a way of what you are talking about.  We do use the \\servershare\%username% mapping in the GPO but that only maps the drive, it doesn't create the folder and apply the security.  I can see if I can find more info tomorrow

I do this for a living smile  I work on SAN storage arrays, and servers.  I manage over 2000 user accounts and many servers.  I mainly deal with GPO's and user accounts/computer policy.  I work for the Air Resources Board in California.
See now, with you dealing with that many users, I would think something like this would be nice! So as you add users, you go in and create the user folders and permissions manually? Even if you have an influx of new users?


we mainly just use that profile tab and put in the file location.  But we don't get a lot of users at once.  I'm sure when we first started (before my time) it was a pain, but that wasn't my problem Tongue
Logged
Punisher
Gaming Trend Senior Member

Offline Offline

Posts: 1733



View Profile
« Reply #17 on: January 16, 2014, 05:27:21 AM »

I'm actually in the process of interviewing for a couple of higher end helpdesk spots and needed to refresh my skills. It's been a while since I worked on servers from scratch. (I've done some basic maintenance and such for a while now and have plenty of workstation/stand alone PC repair experience). I've been able to setup the domain with AD, share printers through GPO, configure different security access, etc.. without too much trouble.. Plus, at least I know I was going in the right direction with the mapped drives, so I feel better about that (but still sucks when 1 small tiny error flummoxes you!)
I started this lab to get back in the game and a lot of it started coming back to me. (I do like the fact that Server 2012 seems a LOT easier to manage than Server 200 and 2003 which is where I left off)
I am basically just trying out different things and want to also emulate a full, brand new, deployment, which could mean a bunch of new users..
I would think that if what I want CAN be automated, it would make it easier on the admins, even for 1 or 2 new users at a time and from my basic searches, it seems like it can be done..
Gonna keep working on it.
Thanks for helping... I may come back for more once this current issue is figured out.
Logged
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines
Valid XHTML 1.0! Valid CSS!
Page created in 0.124 seconds with 59 queries. (Pretty URLs adds 0.023s, 2q)