Logon scripts can't access network home drive

Discussion in 'Active Directory' started by Jessica Hamilton, Nov 16, 2008.

  1. Hi,

    I have a problem trying to set up user logon/logoff scripts using GPO.

    I'm using the User Cfg > Windows Settings > Logon/Logoff scripts settings,
    and putting my scripts in here.

    The problem is that the user's home drive doesn't appear to be mapped during
    the logon script, and the logoff scripts that access the home drive don't
    seem to work either (though my diagnostics said the home drive was mapped).

    My GPO is attached to OU containing computer objects, as our team does not
    have access rights to attach GPOs to user containers, and the GPO is computer
    specific, rather than user specific.

    Also, we're using a profile management tool that redirects the user profile
    to a custom profile on the local machine, so I'm not sure if this has
    anything to do with it.

    If I set the logon scripts to use the Administrative Settings > System >
    Logon to launch the script, it then has access to the home drive.

    However, this doesn't resolve the issue with the logoff script, and there's
    no System > Logoff option like there is with the Logon one.

    How do I resolve this? I thought the home drive should be mapped before the
    logon/logoff scripts run....

    Oh, the clients are Windows XP SP2 clients in a Windows 2003 AD domain.

    Thanks,

    Jessica
     
    Jessica Hamilton, Nov 16, 2008
    #1
    1. Advertisements

  2. Hi Jessica, it sounds like you have a fundamental flaw in what you are trying
    to do. You have a OU with COMPUTER objects in it but your policy has the USER
    settings configured? The policy will never get applied. A policy containing
    user settings must be linked to an OU containing user accounts and a policy
    containing computer settings must be linked to an OU containing computer
    accounts. In your case the computers in the OU will be seeing the policy as
    empty as the computer configuration part of the policy is empty and it wont
    look at the user side of things.
    Hope that helps
    James.
     
    James Yeomans BSc, MCSE, Nov 16, 2008
    #2
    1. Advertisements

  3. Jessica Hamilton

    Marcin Guest

    Jessica,
    unless you are using Loopback Group Policy processing, settings under User
    Configuration node in the GPO are not relevant if you link it to the OU
    containing computer objects - so I assume that this is the reason for the
    behavior you are describing.
    Can you clarify how you create user home drive mapping? While this can be
    done via logon script, a more common approach (at least based on my
    experience) involves specifying drive letter and path as part of user's AD
    object attributes (Profile tab of the user's account Properties dialog box
    in ADUC). Is there a particular reason that you decided to use logon script
    instead?
    I'm also not clear on what exactly you want to accomplish via your logoff
    script - but, as with logon script, that's part of the user configuration
    node, so you would need to apply it to the OU containing user accounts or
    use Loopback Group Policy (but keep in mind that in such case, logon/logoff
    scripts will apply to all users who log on to/logoff from these computers).

    hth
    Marcin
     
    Marcin, Nov 16, 2008
    #3
  4. Jessica Hamilton, Nov 16, 2008
    #4
  5. Ok, do you have the loopback mode set to merge or replace? Could it be that
    some of the user gpo's applied to the user accounts have the "no override"
    option set? I suggest asking the people who look after the user OU's to link
    a user gpo doing exactly what you are trying to do via loopback to see if
    that works.
    James.
     
    James Yeomans BSc, MCSE, Nov 17, 2008
    #5
  6. Thanks Marcin.

    Yes, home drives are mapped with the AD object like you describe, not a
    logon script. And we have Loopback Group Policy processing enabled too.

    And we've found the problem. We use some "Enhanced" Profile Manager (aka
    EPM) which is munging the logon process a lil more than it should. We used a
    workaround combining VBScript and cmd scripts to get access to the home
    drive...

    Jessica
     
    Jessica Hamilton, Nov 17, 2008
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.