Hello,
Have just deployed my first Windows 2012 server to the domain and am having an odd issue with GP being applied when it shouldn't.
My OU structure is essentially as follows:
Users:
OU=Location1,OU=CompanyUsers,DC=company,DC=local
OU=Location2,OU=CompanyUsers,DC=company,DC=local
etc
Servers:
OU=AppServers,OU=Servers,DC=company,DC=local
OU=SQLServers,OU=Servers,DC=company,DC=local
etc
My 2012 server is located in the 'AppServers' OU (along with a number of 2008, 2008 R2, 2003 servers). My user account is in the 'Location1' OU.
I have a number of GP's - one of them is called 'Location - Drive Maps' and is configured for drive mappings via the built in GP preferences to accomplish this. It applies to users within the organisation that are a member of the 'MapDrives-Workstations' security group. There are no WMI filters in place. It is linked at the root of the Users OU:
OU=CompanyUsers,DC=company,DC=local
If I log into a 2003/2008 server, the drives don't map - which is what I would expect as I have not linked the GP at the servers level, and it isn't inheriting as the OU's are at different levels within the tree. If I log into the 2012 server however, the drives are mapping and a gpresult shows that I am receiving the GP. Doing the same on the 2008 machines does not show the GP being applied.
Now this has me confused. Should the GP have always applied to the 2008 machines seeing as I am logging in with a user account that is in the right user OU? Or has the 2012 server got greater smarts about it that allows for this to happen?
I ran a GP Modeling Wizard across both servers, and according to each I should be getting the drive maps anyway, but for the last few years I have never had drives map on the 2008 machines. I assumed this was correct.
I don't have GP inheritance blocked anywhere. I have also rebuilt the GP's as they were originally built when the domain consisted of 2003 servers only, but no change to the above. Domain is running at 2003 functional level (needed for some legacy systems).
Any ideas?
Have just deployed my first Windows 2012 server to the domain and am having an odd issue with GP being applied when it shouldn't.
My OU structure is essentially as follows:
Users:
OU=Location1,OU=CompanyUsers,DC=company,DC=local
OU=Location2,OU=CompanyUsers,DC=company,DC=local
etc
Servers:
OU=AppServers,OU=Servers,DC=company,DC=local
OU=SQLServers,OU=Servers,DC=company,DC=local
etc
My 2012 server is located in the 'AppServers' OU (along with a number of 2008, 2008 R2, 2003 servers). My user account is in the 'Location1' OU.
I have a number of GP's - one of them is called 'Location - Drive Maps' and is configured for drive mappings via the built in GP preferences to accomplish this. It applies to users within the organisation that are a member of the 'MapDrives-Workstations' security group. There are no WMI filters in place. It is linked at the root of the Users OU:
OU=CompanyUsers,DC=company,DC=local
If I log into a 2003/2008 server, the drives don't map - which is what I would expect as I have not linked the GP at the servers level, and it isn't inheriting as the OU's are at different levels within the tree. If I log into the 2012 server however, the drives are mapping and a gpresult shows that I am receiving the GP. Doing the same on the 2008 machines does not show the GP being applied.
Now this has me confused. Should the GP have always applied to the 2008 machines seeing as I am logging in with a user account that is in the right user OU? Or has the 2012 server got greater smarts about it that allows for this to happen?
I ran a GP Modeling Wizard across both servers, and according to each I should be getting the drive maps anyway, but for the last few years I have never had drives map on the 2008 machines. I assumed this was correct.
I don't have GP inheritance blocked anywhere. I have also rebuilt the GP's as they were originally built when the domain consisted of 2003 servers only, but no change to the above. Domain is running at 2003 functional level (needed for some legacy systems).
Any ideas?