none
GPO with Powershell Logonscript Drive Mapping - what am I missing?! RRS feed

  • General discussion

  • Hi,

    maybe I am overlooking something - hopefully one of you guys can help me out on this.

    The idea is simple: A GPO user startup script that maps network shares. Via Powershell.
    Didn't seem particularly hard to me when I first thought about it, but hey. MS likes to surprise you after all.

    So my script is executed, but the drives don't show up in explorer.
    The relevant code is

    new-psdrive -name "whatever" -root "whatever(*F*QDN)" -psprovider filesystem -scope global -persist

    I have implemented logging to see exactly what could cause any errors, but...there simply aren't any.

    The output is the very same as if I would run it "interactively" (rightklick, run with Powershell).


    Pitfalls I avoided:

    - Running the script manually works flawlessly, the drives show up as expected. So the code itself is fine

    - -scope global is set.

    - -persist is set

    - I take care that the drive letter is actually free before trying to map it

    - Script is located in the GPO itself, so ExecutionPolicy cannot be an issue (yes, I tested machine+user unrestricted (via GPO)) to be sure ;) but since I see the logfile everything should have been fine anyway)

    - My relying on $env:username was not in vain, otherwise the logfile wouldn't be written due to missing path. Also further down in the log, the correct user is emitted.

    - My test user is NOT a local admin on the machine.

    - Setting a delay (say 15 sec) doesn't change anything

    - general script execution delay (5 min default) has been disabled

    Environment:
    W2K8R2 domain (yes, we are working on that :(((()
    W10 1709 VM in HyperV (machine-local)
    Wired connection

    Funnily enough, my log shows the exact output I would expect.

    So I will see things like 

    Name           Used (GB)     Free (GB) Provider      Root                                               CurrentLocation
    ----           ---------     --------- --------      ----                                               ---------------
    W                -492,84        502,84 FileSystem    \\...                               

    in my log!

    Any input is appreciated :)

    Best regards



    Friday, June 1, 2018 4:43 PM

All replies

  • 1) Please change your user name. It is offensive.

    2) We would recommend using Group Policy Preferences to map drives rather than a script.


    -- Bill Stewart [Bill_Stewart]

    Friday, June 1, 2018 4:46 PM
  • Use GPP to attach shares.  It is much more reliable.


    \_(ツ)_/

    Friday, June 1, 2018 4:48 PM
  • (1) Sorry. Seems to have been a leftover, since other areas of MS with this account don't have it.

    Or is Technet completely separate? Either way, adjusted.

    (2) Yes I know. There are several reasons why a script is superior for $UseCasesB and and why script is inferior for $UseCasesA.

    I want to help you get rid of old code and all that, which I can't if every logon script template you find on the net is using either net use, wscript, vscript or other funny stuff.

    Friday, June 1, 2018 4:52 PM
  • Use GPO preferences to map drives, and then there's no code to manage. Just update the GPO.

    -- Bill Stewart [Bill_Stewart]

    Friday, June 1, 2018 6:12 PM
  • Once MS offers the same functionality I can maintain with scripts I might actually consider it.

    Until then I can just repeat myself: "[..] script is superior for $UseCasesB and and why script is inferior for $UseCasesA."

    In the meantime I am wondering why it seems to be an issue to have a simple drive map command working in Powershell :)

    It's not like the GPO wouldn't need to have some way to do it either. I just hope it's not net-use-based :> and would be happy if there was a functioning PS way.

    Friday, June 1, 2018 8:32 PM
  • There is nothing a script can do that cannot be more easily done with GPP.  It takes less that 3 minutes to define a set of mappings.  On the next GP update cycle the drives will be available.  No need to logoff and on again.

    Logon scripts are mostly obsolete and do not work in modern Windows like they did in NT4/W2K/W2K3.

    A logon script has to execute code to map a drive.  GPP just sets the registry directly.  The outcome for both is exactly the same.

    Logon script can be delayed by 5 minutes or longer.  GPP is immediate on logon and at a refresh.

    GP/GPP is always applied before logon scripts are run.


    \_(ツ)_/

    Friday, June 1, 2018 8:42 PM
  • I should also note that logon script mappings are no available to any programs that are already running.  GP applies and sends a message to all programs when there are environment changes.  All correctly designed Windows programs then update their view of the environment.

    \_(ツ)_/


    • Edited by jrv Friday, June 1, 2018 8:45 PM
    Friday, June 1, 2018 8:44 PM
  • I can also see that your logon script does not specify the scope for the mapping.  The scope will be limited for admins to the elevated prompt.  This is an old issue with logon scripts and drive and printer mappings on some Windows deployments.

    Search for articles on updating the registry to merge the two environments.

    GPP settings do not seem to be affected by this issue.


    \_(ツ)_/

    Friday, June 1, 2018 8:49 PM