Announcement

Collapse
No announcement yet.

GPO on computers in AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO on computers in AD

    Hi, I have this problem to solve. First let me explain our structure: We have an AD with many sub-domains that we want to get rid of, because of many reasons. SO we want to put all the machines in the main domain (let's call it "main") in OU's. We then have the domain MAIN, and in it OU where the computers are. Example : in MAIN I have an OU FIRST, in it I have a computer TOTO. The admins of the old domains can admin the ou's (computers) but they cannot admin the users who are all stored in the MAIN domain and are managed centrally (they are linked to a LDAP) I hope you understood what I said.
    The question is : I want to make a GPO so that a user login on TOTO in FIRST (and login on the MAIN domain) could mount a net drive.
    I create a GPO on FIRST, in the computer config ->windows settings-> scripts-> startup I create a simple "net use" batch, put the batch on a server (not domain) that is part of FIRST in a share, but nothing happens.
    If somebody could help...
    Simon

  • #2
    Re: GPO on computers in AD

    You say you created the policy object.
    Is it definitely linked to the 'first' OU, and fully enabled ?

    try running gupdate /force on the TOTO workstation.

    then run gpresult | more - this will tell you exactly which group policy objects have applied.

    Once you can see the policy is applied, we can work on it from there.
    Paste in your gpresult if you like and i'll try and interpret it for you
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: GPO on computers in AD

      Thanks, mate ! So I did the 2 commands, and what I got is that the gpo is applied, unfortunately, I cannot put the results as they are in French (I live in french speaking Switzerland) but if I translate here it is :

      Applied Objects group strategy

      test montage (<- my GPO)
      SUS-Policy
      Default Domain Policy
      Local group strategy

      So it seems that this gpo is applied, but I don't have the result.
      More on this : I include 2 print screen, one from the server where the batch file is, where I ran gpo mgmnt. you can see tha ou's and it's on the test ou where my machine is located that the ou is applied. (called test montage) the second one is when I edit the gpo (you'll find the regular things, although it's in French, so you can learn French words for gpo's )
      THe login.bat is just
      net use z: \\server\share
      Attached Files

      Comment


      • #4
        Re: GPO on computers in AD

        could you add some error checking to your logon.script ?

        so that instead of just doing net use Z:\\
        you do net use z:\\ >> C:\temp\output.txt

        that way you might be able to see the output of the script ?
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: GPO on computers in AD

          You configured it as a Computer Startup Script.
          Link the GPO to the OU of the users and configure it as User Logon Script to do the drive mappings.


          \Rems

          This posting is provided "AS IS" with no warranties, and confers no rights.

          __________________

          ** Remember to give credit where credit's due **
          and leave Reputation Points for meaningful posts

          Comment


          • #6
            Re: GPO on computers in AD

            I totally missed that !
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment


            • #7
              Re: GPO on computers in AD

              Rems. I know what you mean, but the question is that I CANNOT touch the users. The OU I create contain only computers. I can only manage computers not users because of reasons too long to explain here (I know it's silly, but I didn't put this stuff in, I have to live with it) So rephrasing my question : Can I put a GPO on a computer that in a way would mount a drive ?

              Comment


              • #8
                Re: GPO on computers in AD

                Originally posted by Simoncu View Post
                Can I put a GPO on a computer that in a way would mount a drive ?
                Drive mapping requires user autentication, therefore you'll have to configure it in the User Configuration part of the GPO.
                However it is possible to link this GPO to the OU containing the computer accounts but then you have to enable Loopback Processing of Group Policy
                .


                \Rems

                This posting is provided "AS IS" with no warranties, and confers no rights.

                __________________

                ** Remember to give credit where credit's due **
                and leave Reputation Points for meaningful posts

                Comment

                Working...
                X