I came across nice PPT which is explaining about today and tomorrows of Group policy infrastructure. It gives a general over view of what you can do with GPOs/GPPs in Windows 7/2008 and I felt it is useful to my blog readers; hence writing this post. You can get this presentation from this download link.
Happy Learning..,
Sitaram Pamarthi
I had spent real huge amount of time in dealing with drive mapping in Group Policy preferences in last week. It’s easy as you see, but very difficult when you want to troubleshooting. So, I decided to write this post to help my blog visitors by providing as much as information I have gathered/learnt in Drive mapping related things.
As said before, things are really smooth when you configure drive mapping preference for the first time. If you start playing with it to satisfy different kind of situations, then you are caught. What I did to make my life tough is, I deleted the mapped drives after login and did a “gpupdate /force” no drives were mapped L. Again, what I did is, I re-logged into the machine and found that they are not in place still. I surprised and made relogin again, this time they mapped. Finally after applying multiple tests like this, I came to a conclusion that, I have below two problems…
The very big mistake I did to resolve above is, trying to resolve both the problems at same attempt and really mixed up the things and made myself confused. After taking a break, I followed the divide and conquer method.
Problem#1: Drive mapping not happening at every login
Initially I am not sure why the drive mapping is not happening at every login. I ran rsop and there drive mapping processing time is not updated. This made me to realize that drive mapping CSE didn’t triggered at all. Well, now I enabled GPO debug logging on my Windows 7 machine and started looking at the logs. They are clearly saying that drive mapping CSE processing skipped as there is no change in version number. Hmm, whatever it is doing is right and I have enabled “Process even if the Group Policy objects have not changed” option in “Drive maps preference extension policy processing” policy which is located at [Computer Configuration | Policies | Administrative Templates | System | Group Policy] and restarted my PC. Things started working and drive mapping is happening every time I re-login.
First problem is solved. Let’s move on to the second problem.
Problem#2: Background processing of drive mapping is not working.
After login, if I delete mapped drives and initiate a “gpupdate /force” command, my drives are not coming back. I again relied on GPO logs and realized that drive mapping CSE refresh is happening as part of background processing. I STRONGLY recommend to not to follow the description of Drive mapping CSE; it is really contradicting with its behavior. As per the policy description, drive mapping refresh should work during the background processing by default — but it is not the case. Now I went to the registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{5794DAFD-BE60-433f-88A2-1A31939AC01F} and changed the value of “NoBackgroundPolicy” to “0”. This did the trick and background refresh of drive mapping started working fine.
Hurry…I resolved both my problems and trying to figure out a new problem I observed just now. I will blog it as soon as I resolve it.
To Summarize:
How to make GPO to process Drive mapping at every login:
How to enable background processing for drive mapping CSE:
Thanks for reading the log story and happy learning,
Sitaram Pamarthi
People familiar with UseEnv logging for GPO debugging on Windows XP can forget that procedure if you started looking into Windows 7 operating Systems. Things have really changed and you should follow the below procedure enable debug logging on Windows 7 Computer. I guess this procedure works straight away with Windows 2008 hosts as well(I didn’t tested it).
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics]
“GPSvcDebugLevel”=dword:00030002
Now time to restart your Windows 7 PC to make changes come into effect.
The debug log file will be available under “%systemroot%\debug\UserMode” folder and the file name is “gpsvc.log”. If you want a nice view of this log file for easy reading, I prefer you download the policy reporter tool from SysPro Software. This tool allows you to analyse the time taken for each policy detection and processing.
Let me know you are in doubt anywhere…
Happy Learning..,
Sitaram Pamarthi