It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Help ATS via PayPal:
learn more

windows server 2012 r2 please help2

page: 1
1

log in

join
share:

posted on Sep, 11 2016 @ 02:15 PM
link   
I am at my uncles business. The I.T. company he was using just upped and disappeared about a week ago. Phone disconnected and he never had an address only a P.O box. I am fairly decent with computers,networking and such but it has been a very long time. I am trying to help him out until he can find a more reputable company to deal with. I was able to retrieve the passwords, find the back ups,

my issues is this . I am trying to unmap some of the network drives for certain users. so first I tried the obvious logging on to the users station as them and doing the right click disconnect on the drive but at log in they pop right back up.

I tried using the Net Use command at cmd. I get an error trying to use del or delete

I tried using the registry to edit out of the current user hkey network and the drive letter I want to remove. again as soon as you do a reboot the drives are right back.

I go into server manager and users directory but there is no logon script added to any of the user profiles.

since I cant delete the mapping from the registry I am guessing that its some form of netlogon script that re maps the drives at log in but I cant find it and im not sure what to do with it if I could find it. Anyone have any suggestions .. I am stuck I been trying and googling for hours
I don't know what else to try. He has a new Project manager starting tomorrow .. the new user was created by his old I.T guy
but all the drives are mapped and there are things mapped that he shouldn't have access to. I don't want to change the permissions because I don't want to effect other users that may have the rights to the drives..

can anyone please point me in the right direction im banging my head on the desk already

thanks




posted on Sep, 11 2016 @ 02:35 PM
link   
a reply to: navione

ok so I think I found it under group policy managers so now the issue is the group policy is for all domain users to have access to the drives . his account was created there so is there away for me to chage just his account. I doubt it but if anyone has any ideas I would greatly aprreaciate the help



posted on Sep, 11 2016 @ 03:55 PM
link   
a reply to: navione

create another group, add him to the group and then add the group to the policy and then select "deny" for that group for "apply group policy"

Then going forward you should be able to simply add users to that group to exclude them from having the drives mapped.

EDIT:

To clarify, you'll be looking under the "delegation" tab and clicking the "advanced" buttons to edit the permissions. You could also do it without adding your uncle to the group and just specifying the "deny" permission for his account alone.

This is the backasswards way of doing it of course. The right way would be to create a group, add the users to that and then add then apply the policy to that group rather than the domain users group.

EDIT 2:

here I found you a blog post with step-by-step instructions with pictures.
edit on 2016-9-11 by theantediluvian because: (no reason given)



posted on Sep, 11 2016 @ 04:44 PM
link   

originally posted by: theantediluvian

This is the backasswards way of doing it of course. The right way would be to create a group, add the users to that and then add then apply the policy to that group rather than the domain users group.


Great mind's think alike.


I just U2U'd the OP with the same suggestion! Create a new OU/group for the one user and a new GPO that applies only to that OU/group. If this GPO is applied after the default domain policy, it will still pick up the mappings in the default policy so maybe he needs to create a logon script for the new GPO with some net use delete commands in it and only the desired mappings? A lot depends on how much is configured in the default domain policy. If there are a lot, some of the things are probably desired so excluding a user from from default domain policy processing might be overkill. As long as the new policy is processed last, it should override settings in the policy above it.

I run into this problem often and prefer to use old fashioned logon scripts on the individual user accounts rather than applying them through group policies.

I did suggest that deny permissions not be used at the drive/folder level as they can be tedious to manage and can ruin your day if misapplied. There is usually more than one way to skin a cat though!





edit on 9/11/2016 by Freija because: (no reason given)



posted on Sep, 11 2016 @ 05:11 PM
link   
Are they set up on a domain ? When they log in , they are logging in to a domain server thus it automajically adds the network drives per their login . Best effort.

edit on 9/11/16 by Gothmog because: (no reason given)



posted on Sep, 15 2016 @ 02:54 AM
link   
Hi,

Managing group policy, delegation etc is not for the faint hearted. It is very easy to completely screw the entire domain with one wrong keystroke. This might sound overdramatic, its not, I've had customers managing their own domain, accidently drop a Domain Controller into a restricted server OU and completely wreck the whole thing.

Be careful.

Bobby




 
1

log in

join