Script not working

[anaylor130683]

Hi

I created the XML report which contained X2 drive maps.

I added the script as shown on your example. I could see it reported back as “Successful” in the InTune portal however no drives mapped etc...

Device is Azure AD / InTune Managed User logged on has local Admin rights...

I tried running the script locally... Wouldn’t run until I ran “set-executionpolicy bypass” Script ran through however no drives mapped or scheduled task created..

Any ideas?

[etreater]

I'm in a similar boat Anaylor. Couldn't get it to do anything, despite it showing as successful in Intune. I finally toggled it over to run as SYSTEM instead of the Logged in USER. This created the Schedule task, but I can't get that to run. It looks like it's calling a VBS file. When I tried to run the VBS File manually, It comes back with error at line 7 character 2. I don't know what I'm doing wrong, but here the VB code.

Dim shell,fso,file

Set shell=CreateObject("WScript.Shell")
Set fso=CreateObject("Scripting.FileSystemObject")

strPath=WScript.Arguments.Item(0)

If fso.FileExists(strPath) Then
    set file=fso.GetFile(strPath)
    strCMD="powershell -nologo -executionpolicy ByPass -command " & Chr(34) & "&{" &_ 
    file.ShortPath & "}" & Chr(34) 
    shell.Run strCMD,0
End If

[nicolonsky]

Hi guys @anaylor130683 @etreater "Script not working" is not a really helpful description for an issue.

• Can you verify connectivity to the network share by manually accessing the share from a test machine?

  • Keep an eye on password / Windows Hello for Business prompts - if you receive them you need to investigate this first

• If you have configured security group filtering verify the output of the following PowerShell function: https://github.com/nicolonsky/IntuneDriveMapping/blob/master/IntuneDriveMapping/wwwroot/bin/IntuneDriveMappingTemplate.ps1#L32 and check if you have line of sight to an Active Directory Domain Controller

@anaylor130683 PowerShell execution policy does not interferer when the script is executed via Intune or scheduled task as both mechanism bypass the execution policy

@etreater the vbscript is only a wrapper to suppress the PowerShell window from appearing. It takes the path of the PowerShell script as command line argument

[etreater]

Nicola,

Thanks for working on such an awesome solution, and for responding so quickly. I’m testing from a VM that’s in the same cluster as my DC’s and File Servers. The VM is Azure Ad Joined, but not joined to on-prem AD. Though I can access the shares, and even map drives manually. I do not get prompted to access the share, or when I map a drive, and I have Windows Hello Disabled.

I ran the function below, but nothing happened, so I can’t tell if it worked or not. I generated a new script that only maps one drive, with no security group filtering, and it worked.

I can get it to work all day long with no group filtering, but I have ben unable to get it to map a drive WITH group Filtering. I tried changing the group from the NEtBIOS name to FQDN, picking a different group, and a different drive letter. It won’t map any drive with group filtering. Any suggestions? Should I circle back to that Function in the script? Is that’s whats failing? How can I test group filtering?

Thanks Eric

[nicolonsky]

@etreater I published a new version of the script and populated the project wiki with some troubleshooting info and details.

Your problem is probably related to the issue that your machines don't have the $env:USERDNSDOMAIN environment variable - you find the required adjustments in the wiki. Just update the $searchRoot variable with your active directory domain name e.g. "intra.contoso.com".

[etreater]

Man, I feel like we’re SO close, I don’t want to give up. I downloaded the new script, and populated the $searchroot variable and still no luck. It just WON’T map a drive with group filtering. I’ve tried different drives, different groups, moving the Group filter:null drive to after the filtered groups. Also, I noticed when I check my environmental variables, I do have the UserDNSDomain populated.

Will the log or anything tell us more about why it isn’t mapping ?

[nicolonsky]

Then you need to investigate the ‘Get-ADGroupMembership’ function in the script - what does it return in your case? It usually returns all groups (sam account name format) the user is a member of. You also need to specify your group filters with sam account format without any domain prefix. @etreater

[etreater]

I think that’s it! I’ve been prefixing the Group Filter the entire time! You’re Awesome. Thanks for the help!

[nicolonsky]

@etreater glad that it resolved your issue. I‘ve also added the sAMAccountName stuff without the domain prefix to the wiki. Cheers, nicola