I'm setting up a brand new domain running on new servers where I work. In the GPO I can map drives which works, but I can't for the life of me remove the drives if say a user's membership changes.
I've tried to setup a script on Logon which applies to all workstations:
NET USE * /D /Y
Testing the script manually works just as intended, but it doesn't seem to be working when I'm logged into the workstation. I've also tried setting a Delete mapping through the GPO and it also doesn't work. I've read that there's a GPO entry called Run logon scripts synchronously, but I can't find it, so I'm assuming Microsoft removed it with Server 2008.
The workstations GPO is being applied according to the reports.
Anyway, can someone point me in the right direction on how to get the Logon script to run on the workstations?
Or alternatively, if someone can tell me how to map drives in GPO based on user memberships AND remove the drives if the user's membership changes I'd take that as well.
Also, my experience with GPOs is about a week, so be gentle.
Best Answer
You should use Group Policy Preferences drive mapping in replace mode and do item-level targeting to only apply the mapping to whatever group you want.