Why won't my logon scripts map drives under Windows 7?

Why won't my logon scripts map drives under Windows 7?

I'm using a VBScript script similar to the one below. The script runs using a group policy.

Dim WshNetwork
Set WshNetwork = WScript.CreateObject("WScript.Network")

WshNetwork.MapNetworkDrive "g:", "\\\Saturn\data\"
WshNetwork.MapNetworkDrive "k:", "\\\Saturn\stuff\"

It works fine for Windows XP.

Update: Copying the script locally and running it runs fine, so I suspect the Group Policy isn't running the script on Windows 7.


Solution 1:

With UAC enabled you cannot map drives in a logon script that is assigned using a Group Policy Object (GPO). The GPO logon script does run, but under a different security context, so the mappings get lost.

Microsoft provides a sample script, called launchapp.wsf that works around this problem by running your real logon script a moment later under the correct security context.

It is available here: http://technet.microsoft.com/en-us/library/cc766208(WS.10).aspx

Look for the section titled “Group Policy Scripts can fail due to User Account Control” and also Appendix A, which is the source code for launchapp.wsf.

launchapp.wsf does fix the problem of mapping drives on Vista (and Windows 7) PCs that have UAC enabled. However, it causes another problem: it doesn't work in Windows XP, so XP computers show an error instead of running the logon script.

Fortunately XP computers don't need the launchapp hack, so my company made a modified version of launchapp that tries to do things the Vista way, but if that fails (because you're running XP), it just launches the real logon script straightaway. I can’t share this with you as it’s internal to my company (has real server names etc.) but it wasn’t too hard to do.

Solution 2:

Probably not a good idea to use that EnableLinkedConnections registry setting - Microsoft specifically point out in that KB that it's unsupported - it's bound to give you grief later. I've written up a solution here: http://pcloadletter.co.uk/2010/05/15/missing-network-drives/

Solution 3:

I strongly suspect that your script is running fine.

I'm betting your users are Administrators, and because you have User Account Control enabled the users' filtered token, under which Explorer runs, doesn't have access to the "drives" that were "mapped" when the logon script ran.

If you're not going to use Group Policy Preferences then you have two choices:

  • Make the users standard users. This would be my preference, but seems to be too difficult for most people to handle.

  • Change the EnableLinkedConnections registry value to "1" (see http://support.microsoft.com/default.aspx?scid=kb;EN-US;937624 for details).