Closed anaylor130683 closed 4 years ago
I'm in a similar boat Anaylor. Couldn't get it to do anything, despite it showing as successful in Intune. I finally toggled it over to run as SYSTEM instead of the Logged in USER. This created the Schedule task, but I can't get that to run. It looks like it's calling a VBS file. When I tried to run the VBS File manually, It comes back with error at line 7 character 2. I don't know what I'm doing wrong, but here the VB code.
Dim shell,fso,file
Set shell=CreateObject("WScript.Shell")
Set fso=CreateObject("Scripting.FileSystemObject")
strPath=WScript.Arguments.Item(0)
If fso.FileExists(strPath) Then
set file=fso.GetFile(strPath)
strCMD="powershell -nologo -executionpolicy ByPass -command " & Chr(34) & "&{" &_
file.ShortPath & "}" & Chr(34)
shell.Run strCMD,0
End If
Hi guys @anaylor130683 @etreater "Script not working" is not a really helpful description for an issue.
Can you verify connectivity to the network share by manually accessing the share from a test machine?
If you have configured security group filtering verify the output of the following PowerShell function: https://github.com/nicolonsky/IntuneDriveMapping/blob/master/IntuneDriveMapping/wwwroot/bin/IntuneDriveMappingTemplate.ps1#L32 and check if you have line of sight to an Active Directory Domain Controller
@anaylor130683 PowerShell execution policy does not interferer when the script is executed via Intune or scheduled task as both mechanism bypass the execution policy
@etreater the vbscript is only a wrapper to suppress the PowerShell window from appearing. It takes the path of the PowerShell script as command line argument
Nicola,
Thanks for working on such an awesome solution, and for responding so quickly. I’m testing from a VM that’s in the same cluster as my DC’s and File Servers. The VM is Azure Ad Joined, but not joined to on-prem AD. Though I can access the shares, and even map drives manually. I do not get prompted to access the share, or when I map a drive, and I have Windows Hello Disabled.
I ran the function below, but nothing happened, so I can’t tell if it worked or not. I generated a new script that only maps one drive, with no security group filtering, and it worked.
I can get it to work all day long with no group filtering, but I have ben unable to get it to map a drive WITH group Filtering. I tried changing the group from the NEtBIOS name to FQDN, picking a different group, and a different drive letter. It won’t map any drive with group filtering. Any suggestions? Should I circle back to that Function in the script? Is that’s whats failing? How can I test group filtering?
Thanks Eric
@etreater I published a new version of the script and populated the project wiki with some troubleshooting info and details.
Your problem is probably related to the issue that your machines don't have the $env:USERDNSDOMAIN
environment variable - you find the required adjustments in the wiki. Just update the $searchRoot
variable with your active directory domain name e.g. "intra.contoso.com".
Man, I feel like we’re SO close, I don’t want to give up. I downloaded the new script, and populated the $searchroot variable and still no luck. It just WON’T map a drive with group filtering. I’ve tried different drives, different groups, moving the Group filter:null drive to after the filtered groups. Also, I noticed when I check my environmental variables, I do have the UserDNSDomain populated.
Will the log or anything tell us more about why it isn’t mapping ?
Then you need to investigate the ‘Get-ADGroupMembership’ function in the script - what does it return in your case? It usually returns all groups (sam account name format) the user is a member of. You also need to specify your group filters with sam account format without any domain prefix. @etreater
I think that’s it! I’ve been prefixing the Group Filter the entire time! You’re Awesome. Thanks for the help!
@etreater glad that it resolved your issue. I‘ve also added the sAMAccountName stuff without the domain prefix to the wiki. Cheers, nicola
Hi
I created the XML report which contained X2 drive maps.
I added the script as shown on your example. I could see it reported back as “Successful” in the InTune portal however no drives mapped etc...
Device is Azure AD / InTune Managed User logged on has local Admin rights...
I tried running the script locally... Wouldn’t run until I ran “set-executionpolicy bypass” Script ran through however no drives mapped or scheduled task created..
Any ideas?