Terminal server issue

Hi Guys!
first post here … not sure which categorie is bess to discuss this matter

i have a windows 2022 that is used for Terminal server
im using multiples GPOs to secure the connexion to the TS but im having an issue with network drives not being accessible from the application lunched in the TS

im ussing this GPO to remove the access to other settings paired with many others

ive tried disabling dozen by dozen without fixing the issue

here are the only options available when lunching the explorer from the app ;

after a couples hours (way more than i expected for such a “small” issue) i found that when i keep all GPOs except the : Start program on connection
the file explorer lunched from the app works fine and can access the network drives but dont want to keep it that way since there is way more surface for employee screwing things and security risks

**also when the file is missing the options, i can access the drive by putting the NAS ip address mannualy which mean its not a permission issue on the share

as anyone an idea how to fix this ?
thanks :slight_smile:

So if it runs when you take away that particular GPO then what I would do create a scheduled task and set the trigger to On connection to user session and create a script to launch the application('s) you want.

but that way the session is not as limited (Taskbar, desktop are shown)

I think its pretty strange that you have to use the NAS IP to get to your shares. Are these mapped network drives with a drive letter? This seems like a DNS issue. I would assume your RDS host is domain joined and has access to you AD DNS server and you have an A record for your NAS?

i enter \ipaddress\share as its the only option i have in the limited explorer (\nasHostname\share, works too)
the drives are mapped using the IP so its not a DNS issue

furthermore … if i remove the GPO its working so totally unrelated to a network issue outside the server

You might be able to troubleshoot by creating a powershell script and setting that to run in your GPO to launch your application and check on your share access. That way you might be able to get some error output that could lead you to root cause. Make sure to put a Pause at the end of your script to view the output. It might also be worth seeing who the application is being ran by in your script.

Since you’re working with a Terminal Server you need to setup loopback policy as it’s a shared resource by several users. There are plenty of how to guides out there.

Loopback is set … but i dont understand the relation with my issue
ill look to export a Sanitized GPO report so you guys can see

cant attach an HTML attachment in this Forum :confused:

take a screenshot and attach it as a picture.