I made GPO to map network drives for users in doman. Everything works fine with existing Xps comps for a while. Everythig works fine and faster with Vista to.... but, when UAC is disabled. When Ienable UAC strage things happens. When I logon to my acc only manualy mapped drives are reconected again. GPO with .vbs script does not do the job. I try to log as few different users too, and... it works with only oneusername whos setting aresame as from user who cannot. These are regular user accounts, same group membership, same OU and else. My domain admin logon mapping wonT work. And to repeat, when I disable UAC everything works just fine. Any similar expiriance or solution WHY??? (sorry on english, of course)

Hi schwarzmiller, By default, all users logging on to Windows Vista use their full token to process Group Policy and logon scripts. However, they use their limited user token to load the desktop and all subsequent processes. Nonadministrative limited and elevated tokens are mostly identical, with regard to privileges and groups. Therefore, a process started with a nonadministrative limited user token can view processes started with a nonadministrative elevated token. Windows allows this because the viewing application does not require any elevation to view the process started with the elevated token. Windows processes a locally logging on administrator the same way. Group Policy and logon scripts process using the elevated user token, and the desktop and all subsequent processes use the limited token. However, there is a privilege difference between the limited and elevated user token. Therefore, Windows restricts processes started with a limited token from the ability to share information with processes started with the elevated token. As a result, when the administrative user logs on, Windows processes the logon scripts using the elevated token. The script actually works and maps the drive. However, Windows blocks the view of the mapped network drives because the desktop uses the limited token while the drives were mapped using the elevated token. To get around this issue, administrative users should map network drives under the limited user token. For more information, please refer to the Group Policy Scripts can fail due to User Account Control section of the following article: Deploying Group Policy Using Windows Vista http://technet2.microsoft.com/WindowsVista/en/library/5ae8da2a-878e-48db-a3c1-4be6ac7cf7631033.mspx?mfr=true Hope it helps.

Thanks Joson, Here are the results of my problem: I tried to solve the problem with instructions on link you gave to me (under section "Group Policy Scripts can fail due to User Account Control"). Precisely, I tried to implement script "launchapp.wsf" and to put my map.vbs (not .bat) as script parameter. And it works, with and without UAC enabled. There was only one new problem withprocessing that script from user on Xp machines that are in same OUwhere GPO applies. They cannot process that script and it is rational. That gives me more admistrative overhead. Ihave toduplicate GPO for user with Vista (create new OUs and map that GPO separately butfor same department and need for same enviroment as other Xp users) Is there beter solution for this mixed enviroment.

Hi schwarzmiller, You may refer to the following steps: 1. Create two GPOs for the Windows XP and Windows Vista machines respectively. Lets name it XP and Vista in this example. 2. In the GPO XP, we use the map.vbs while we use launchapp.wsf in the GPO Vista. 3. After that, use WMI filters to let the GPO XP only apply to the Windows XP machines and the GPO Vista only apply to the Windows Vista machines. Ive listed the following related articles for your reference: HOWTO: Leverage Group Policies with WMI Filters http://support.microsoft.com/kb/555253 WMI filtering using GPMC http://technet2.microsoft.com/windowsserver/en/library/6237b9b2-4a21-425e-8976-2065d28b31471033.mspx?mfr=true Applying WMI Filters http://technet2.microsoft.com/WindowsServer/en/Library/7cae3dab-b973-4905-9e47-00a638241da91033.mspx?mfr=true Hope it helps.