Vista & server 2003 allowing Logon scripts

have win2003 server DC & AD, all working fine with XP Pro clients, script for mapping of drives Via GPO all OK.
now got a Vista Business laptop, logs onto DC & AD ok, but will not allow script to map drives etc.
how to I get this to work, in simple idiot proof terms please

 

This appears to be a "feature" of Vista. I've just hit the same problem which appears to be related to permissions. Basically the logon script is run with the UAP account credentials and therefore the mappings are tied to the UAP account. When you then drop back to your normal user level, the system sees the mapped drives as not belonging to you and therefore hides them.

Here are a couple of descriptions of the problem:

http://www.developersdex.com/asp/message.asp?p=593&r=5431945&page=2

http://searchwincomputing.techtarget.com/tip/0,289483,sid68_gci1248622,00.html

http://blogs.msdn.com/cjacks/archive/2007/02/19/mapped-network-drives-with-uac-on-windows-vista.aspx

On my network, if I set up a user as a standard user, mapping works fine. However, as soon as I give that user local admin rights, the logon script mappings stop working.

As others report, if you run the script manually after log on, it works fine and maps the drives.

I'm digging further, but at the moment the easiest work around seems to be to give users the script to run manually after log on.

 

I think I've found a more definitive description of the problem and a suggested fix:

http://technet2.microsoft.com/Windo...878e-48db-a3c1-4be6ac7cf7631033.mspx?mfr=true

Go to the section "Group Policy Scripts can fail due to User Account Control ". It confirms that this problem is particularly apparent if your users are also admins.

<rant>If ever there was a hobbled together fix that has to be it. It appears to rely on using the system schedule service to trigger the script after log on. I'm not at all impressed. And there also doesn't appear to be any indication of what you do in a mixed environment - it appears that you either have to have your XP and 2000 PCs using the script in the same way or deploy a separate logon script for Vista PCs.

It also doesn't appear to address the problem that the elevated user won't see maps created with the standard user account - so if you try to run an application on a mapped drive, it will disappear when the system elevates you to admin. You have to map twice - once for standard user and once as elevated user.

It now appears to me that the best fix is to turn UAC off, which is really annoying as I thought this was one of the better Vista features. It has worked well on a stand alone laptop that I've been using for a couple of months. </rant>

 

Yes - turning off UAP fixes the problem for me. I used this process to turn in off:

Enable or Disable UAP:

1. Click Start
2. Click Control Panel
3. Select System and Maintenance
4. Click Administrative Tools
5. Double-click System Configuration
6. Click Continue (if prompted)
7. Select the Tools tab in the System Configuration window
8. Here you can choose Disable UAP or Enable UAP from the bottom of the listbox
9. Click Launch
10. Reboot to see effect

from here. Log on script now works fine. So bye bye UAP