MNTechy
(Fresh Scripter)
2015-08-28 05:47 PM
Drives not showing on some computers

So I'm having an issue with a script that I wrote several years ago. We're seeing quite a few users lately who are not getting their drives mapped with the script. I have the output from the script going to a file, and that file gets updated whenever a user logs in, and I get a 0 error code from the USE commands.

I had a few workstations that had UAC turned on Always Notify, once I turned those off, those machines started working. I thought I had found the answer. However I now have machines that have UAC off and it still isn't working.

The really strange thing is if I run the script after the user logs in, all their drives get mapped and the script runs fine. Also the same user can logon to another machine and everything is fine. I keep thinking it has to be something on the individual workstations, but I can't find anything.

I have debug on for a test user, and everything works without any errors, but I still don't get my drives mapped!

I'm stumped... Does anyone have any thoughts?

Thanks!
Mike


MNTechy
(Fresh Scripter)
2015-08-28 06:17 PM
Re: Drives not showing on some computers

I thought I should put in a little code snippet of how I'm trying to map the drives:

 Code:
If @Userid = "staff_test2"
	debug on
	$returncode = setconsole("alwaysontop") ; for debug purposes.
EndIf
  ? "Connecting U: Drive to Departments Directory" 
  use u: /del
  use u: "\\Staff01\StaffShare"
  ? "Right after U"
  ? "error = " + @error


And in my log file I get:

Connecting U: Drive to Departments Directory
Right after U
error = 0

Mike


AllenAdministrator
(KiX Supporter)
2015-08-28 10:45 PM
Re: Drives not showing on some computers

Startup Script (GPO) or Logon Script?

MNTechy
(Fresh Scripter)
2015-08-28 10:53 PM
Re: Drives not showing on some computers

Allen,

We call it from Group Policy, so does that make it a Startup script?

I also adding some more logging:

 Code:
  ? "Connecting U: Drive to Departments Directory" 
  use u: /del
  use u: "\\Staff01\StaffShare"
  ? "Right after U"
  ? "error = " + @error 
  ? "Serror = " + @serror 
  ? @result


and from that I get this in my log file:

Connecting U: Drive to Departments Directory
Right after U
error = 0
Serror = The operation completed successfully.
u:


So it sure looks like it's working? But I don't get a U: drive in My Computer?

Mike


AllenAdministrator
(KiX Supporter)
2015-08-28 11:01 PM
Re: Drives not showing on some computers

Startup Scripts run in the context of System, not the user.

This means you have about 3 options...
1. RunasInteractive User - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=198514#Post198514
2. Combination of Startup Script and Logon Script - Put System Items in one script, and user items( Drives, Printers) in another. The logon script option is per user and not a gpo.
3. RegHack - Not going to link to this because it is not supported by MS, and reduces security, however this is a "Easy" registry fix

If you go with Option 1, please leave a comment in that thread on how you used it, how it worked, etc. It has been pretty well tested but comments never hurt.


AllenAdministrator
(KiX Supporter)
2015-08-28 11:05 PM
Re: Drives not showing on some computers

Oh, and while your script worked at one time or another, it has been since vista that this problem started.

NTDOCAdministrator
(KiX Master)
2015-08-29 02:29 AM
Re: Drives not showing on some computers

There is also RunnAs (two n) written by Shawn that you can submit credentials. Though not officially supported or on the "recommended" list it is possible to use.

You can obfuscate and tokenize the Runnas code and supply it with credentials that have local admin rights. If it's a one time thing then run that and change the password after you run it so that the tool becomes obsolete after it's use.


LonkeroAdministrator
(KiX Master Guru)
2015-08-29 12:16 PM
Re: Drives not showing on some computers

What? No logonscript in GPO?

AllenAdministrator
(KiX Supporter)
2015-08-29 04:38 PM
Re: Drives not showing on some computers

2.b Mixed Mode Startup Script / Logon Script

It works for me, but I'm not explaining it, or how I got it working.


LonkeroAdministrator
(KiX Master Guru)
2015-08-29 05:12 PM
Re: Drives not showing on some computers

 Originally Posted By: Allen
2.b Mixed Mode Startup Script / Logon Script
It works for me, but I'm not explaining it, or how I got it working.


Vs.
 Quote:
The logon script option is per user and not a gpo.


Well. All my logon scripts are GPO launched.


AllenAdministrator
(KiX Supporter)
2015-08-29 05:13 PM
Re: Drives not showing on some computers

Not sure where you are going with this.

LonkeroAdministrator
(KiX Master Guru)
2015-08-29 07:04 PM
Re: Drives not showing on some computers

You expressed that he can't have a logon script if he is using a GPO. This does not compute in my small head.

MNTechy
(Fresh Scripter)
2015-08-31 03:02 PM
Re: Drives not showing on some computers

Thanks for all the replies! I forgot to mention, or didn't say very well, in my original question, that the scripts are working for 80-90% of my population! These scripts have been in place for years, and nothing with the scripts has changed for quite a while.

Having said that, the fact that it appears the drive is mapping but not showing up makes me think that maybe it is something with the user logging in? I'm just not sure why some work and some don't?


MNTechy
(Fresh Scripter)
2015-08-31 05:09 PM
Re: Drives not showing on some computers

So, I've been playing with this a bit this morning... It looks like it must be a user context issue as I've been successful on a few users by putting the logon script in their User Profile in AD instead of GPO.

Still confused why it's only happening to certain computers, but if this fixes it, I guess I'll go with it unless anyone says differently.


AllenAdministrator
(KiX Supporter)
2015-08-31 07:33 PM
Re: Drives not showing on some computers

Are the machines that it is working on XP? If the PCs are newer than XP, then maybe at some point the RegHack was put on them?

MNTechy
(Fresh Scripter)
2015-08-31 07:52 PM
Re: Drives not showing on some computers

 Originally Posted By: Allen
Are the machines that it is working on XP? If the PCs are newer than XP, then maybe at some point the RegHack was put on them?


They're all Win 7, and have been for over 3 years... This script was around in XP days as well though!


AllenAdministrator
(KiX Supporter)
2015-08-31 08:34 PM
Re: Drives not showing on some computers

Maybe do some logging in your script to compare the machines that work vs the one's that don't.
Things that come to mind to check: @userid, @kix, @producttype, the reghack value


LonkeroAdministrator
(KiX Master Guru)
2015-09-01 12:52 PM
Re: Drives not showing on some computers

are these users admins or power users on these computers?
I would double check the UAC settings on these computers since it sounds like a token issue.

on top of that, add a 5 second delay to your logon script before the mapping takes place. I don't remember what issue that once fixed for me, but for some users it made mappings work again.


MNTechy
(Fresh Scripter)
2015-09-03 03:58 PM
Re: Drives not showing on some computers

The users are all Admins of the machines. UAC is off on all of them. I've added a 10 second delay, just for good measure... The hardest part is it seems to come and go, so finding a good example to test on has been impossible.

Also, my thought that it was working with the AD Logon Script field filled in isn't working either. I had it running a batch file off the DC (\\DC\netlogon\logon.bat). When I manually try to run this I get prompted "We can't verify who created this file. Are you sure you want to open this file?" And then I have to click Open to get it to run. I'm guessing this is stopping it from running during the logon process.

I'm going a little crazy...


MNTechy
(Fresh Scripter)
2015-09-11 03:23 PM
Re: Drives not showing on some computers

Ok, a BIG thanks to Glenn for his help the last couple days with this. I used his Universal Login Script to do some troubleshooting. On a computer that is working, I can get my U: drive mapped using his script or mine, from either the GPO or the Login Script field in ADUC. However, on a machine that isn't working, neither script works even though I can see them both run. I also added a line to my script right after I map U: to write the contents of the U: drive to a log file ( SHELL "CMD.EXE /C dir u: > %temp%\diru.txt") and the file contains the contents of the drive! But when I get logged on, I do not have a U: drive.

One thing I noticed when I ran Glenn's script from the GPO, on a machine that works, in the group list for the user (same user on both computers), they are in a group called Mandatory Label\Medium Mandatory Level. On the one that doesn't work, the user is in a group called Mandatory Label\High Mandatory Level. I don't know if this is what's causing the issue, but it sure looks suspicious?

I had tried last week to put my logon script in the login script field in ADUC, but that wasn't working either. Thanks again to Glenn, he pointed out to leave out the path here, and that is apparently working now!

So, I have a workaround, but I still think its odd that the way I've been calling the script for years (from a GPO) quit working on certain machines?

Any other thoughts/suggestions are still appreciated.
Thanks,
Mike


LonkeroAdministrator
(KiX Master Guru)
2015-09-12 03:40 AM
Re: Drives not showing on some computers

On a computer that isn't working start cmd.exe as administrator. And do net use. Do the same drives show up if you then just run cmd.exe and issue net use?

This sounds so like token issue and that is the easiest way I can think of to check.


MNTechy
(Fresh Scripter)
2015-09-16 02:53 PM
Re: Drives not showing on some computers

Ok, I sat with a consultant yesterday and we had two machines, one that my script was working on, and one that it wasn't. I don't remember how exactly we got to it, but we were talking and googling about user context, and I decided to try an elevated command prompt on the computer that wasn't working. In the elevated prompt, I could see my drives, but in the non-elevated one I couldn't. On the machine that worked, my command prompt was always elevated? Hmmmm, so we double check UAC, the slider is off on both machines.

So we find the article about EnableLinkedConnections and figure that should solve the problem. So we dig into the registry on the non-working computer and put in the DWord EnableLinkedConnections. Sure enough it works. However, the consultant noticed that the setting EnableLUA was set to 1 on the computer that wasn't working! He said that's the setting for UAC! So we removed EnableLinkedConnections, set EnableLUA to 0 and rebooted. Now the computer works fine.

It looks like the UAC slider doesn't change this setting back to 0 once its on.

So, I've added a line to my script to set EnableLUA to 0 and everything is back to "normal" again!

It's been a fun three weeks! Thanks everyone for the suggestions and help.

Mike


AllenAdministrator
(KiX Supporter)
2015-09-16 04:42 PM
Re: Drives not showing on some computers

The EnableLUA is one of the most idiotic settings ever. As you have found, the slider can be all the way to the bottom, but the UAC still works. With this RegSetting it is "REALLY REALLY" off.

If you are disabling LinkedConnections you are at the very least getting yourself back to being in an environment that MS approves of. And, with Windows 10, having that EnableLUA on, apps like Edge will not work, so again it looks like you are going in the right direction.


LonkeroAdministrator
(KiX Master Guru)
2015-09-17 12:54 AM
Re: Drives not showing on some computers

So it was token issue. Yeah!!