GPO map network shares 0x8007007b

1

I'm running a lab to test GPO. I'm trying to map a network share item using GPO on a DFS share. This is the guide I'm following.

enter image description here

As a test, I change it to a map network drive GPO User Configuration. Then it works fine. There isn't really any reason why I want to map it as a "network share item". I'm just testing stuff.

Any idea why it doesn't work?

group-policy
windows-server-2012-r2
asked on Server Fault Nov 11, 2015 by lbanz

1 Answer

1

The problem is permissions. When you map a network drive through Group Policy, the computer has to perform exactly the same process that occurs when a user manually maps a network drive - including supplying appropriate credentials for the target network share.

For example: When a user manually maps a network drive through command line or GUI, the their login credentials are automatically sent to the server hosting the network share because the command prompt or GUI runs in the user's context and has access to their credentials. Since User Configuration policies also run in the context of the user, they work the exact same way.

Computer Configuration policies are different, however. These run in the context of a SYSTEM user, which is a local account that (unless you've done some custom configuration) has no access to network resources whatsoever.

TL;DR Define drive maps as User Configuration items unless you have a really good reason to do otherwise.

answered on Server Fault Nov 11, 2015 by tfrederick74656

User contributions licensed under CC BY-SA 3.0