Forum Discussion

RahamimL's avatar
RahamimL
Iron Contributor
May 10, 2021
Solved

Map drive group policy Preferences not applying consistently

Hi everyone,

We deployed Several drive via GPP. We use the update option and don't use the user context option. Unfortunately, it doesn't get applied consistently. We use RDS 2019 and our domain controllers are 2016 with functional level of 2008 r2 (We have a two way trust with an old 2008 r2 domain).

I enabled all the logs I could think of (Including log files for preferences). But I don't see any problem. As far as RSOP goes everything looks okay and this is an issue with some of the users not all of them. There is no logon script running for the user. I also deleted the profile and the issue returned. Only after gpupdate /force this work.

Don't know where else to look because I really searched everywhere I could think of...

 

Thanks in advance

  • Thank you all for your replies they helped me with my troubleshooting.
    To begin with I tried to help the server by enabling server caching which might caused this problem. I did several things which hopefully resolve this:
    1. I removed the caching policies
    2. Restarted my farm.
    3. Moved all my disabled map drives (I have several which I merged from other policies which I want to delete in the future to reduce the amount of policies) to a lower priority.

    Hopefully this will be the answer. I will keep this unanswered maybe someone has better ideas.

11 Replies

  • RahamimL's avatar
    RahamimL
    Iron Contributor
    Thank you all for your replies they helped me with my troubleshooting.
    To begin with I tried to help the server by enabling server caching which might caused this problem. I did several things which hopefully resolve this:
    1. I removed the caching policies
    2. Restarted my farm.
    3. Moved all my disabled map drives (I have several which I merged from other policies which I want to delete in the future to reduce the amount of policies) to a lower priority.

    Hopefully this will be the answer. I will keep this unanswered maybe someone has better ideas.
    • RahamimL's avatar
      RahamimL
      Iron Contributor

      Here is what worked for me:

       

      As konaylintun09 suggested I started using the reconnect option. I also started using better filtering in my GPP - the user is part of AAA group and (the computer is in the OU AAA (Or the computer is in the OU BBB)). Tested this multiple times and it worked after multiple logins to the same server \ computer.

      Also, as you all suggested, I will reduce the amount of GPOs.

       

      Thanks for your help.

      • Okay, noted.
        I’m glad hear about that.
        Have a nice day for you and all. Also take care everything.
        🙂
    • RahamimL's avatar
      RahamimL
      Iron Contributor
      We have 130 GPOs, I tried to reduce the number further but it is a bit complicated
      • Schnittlauch's avatar
        Schnittlauch
        Iron Contributor

        130 GPOs?! You have definetly reduce them dramaticly. This will safe your users time logging in, troubleshooting problems like now etc.

         

        By the way: Why don't you want your drive to reconnect and why dont you use a label? 😄

  • hi, can you share for us about policy configuration for Map Drive option.
    sometime we missed with domain controller policy or OU policy or local policy. maybe i think it.
    so, can you share for us about where you policy configuration on your domain.
    Thanks. i hope you and all of families are fine in this covid-19 periods. 🙂
    also, sorry for my weakness in English.

    • RahamimL's avatar
      RahamimL
      Iron Contributor

      konaylintun09 thanks,

      I have 28 mapped drives with a configuration that look like this:

      We also use groups and users for other network drives.

      • dretzer's avatar
        dretzer
        Iron Contributor
        As you are using Item-Level-Targeting, a common problem can be that the evaluation of group membership cannot be done before applying the GPO.
        2 possible reasons you could check for:
        1. Network connection to a domain controller with global catalog is not possible before user-login (user-vpn, network-level filtering, WLAN,...)
        2. The user is member in a group across your domain-boundary (you mentioned a two-way-trust to an old domain) and the evaluation of universal group membership takes to long or has errors for some users.

Resources