Intune Adventures: The Curious Case of the Disappearing Network Drives

Recently, we experienced some issues with a Customer after removing a Network Drive from the Computers that had been mapped via Intune. And it was surely not the kind of issue we would have expected.

But let’s begin from the start. We have been managing the Network Drives for that customer via Intune for quite a while, as described in this Blog from Call 4 Cloud: Intune Drive Mappings | Managing Drive letters with an ADMX. We do have one Server and Azure Files being used as file shares with multiple network drives ranging from G: to Y: As we have been moving the data from drive L: to SharePoint, we wanted to disable that drive on all clients. So we unassigned to Policy from the Clients, and after a short while some users complained that they were missing multiple Network Drives. Not what we expected after just removing one drive. And when looking at the Computers we were greeted by the following view (remember that we had drives ranging from G: to Y: and we removed drive L:)

The command net use also showed just a part of the expected drives:

PowerShell
> net use
Status       Local     Remote
-------------------------------------------------------------------------------
OK           G:        \\serverA.intra.domain.ch\FileShareG
OK           H:        \\serverA.intra.domain.ch\FileShareH
OK           I:        \\serverA.intra.domain.ch\FileShareI
OK           J:        \\serverA.intra.domain.ch\FileShareJ
OK           K:        \\serverA.intra.domain.ch\FileShareK

So on first sight, we thought that only the drives from the Server were mapped, and Azure Files were missing. But we had Maps to the Server on Drive Letters like Y: as well. So after a short while, it was clear that all drives were missing that follow after the Letter L in the Alphabet. And that was the first sign of a bug either in Intune or Windows (or both, of course).

So we dug deep into the Intune policies, CSP, and our beloved registry. After a long search (and possibly some cursing) we stumbled upon the Registry Key HKLM:\Software\Microsoft\Policymanager\Current\{SID}. All the mapped drives were showing, and for drive L: there was just one Registry Item instead of the four for all the others. So we removed the remains of that network drive in the registry and tried again, but with no luck.

So we went on with digging, searching, (and cursing) and after a while, found another leftover of our «Deleted» Drive in HKCU:\Network:

So we deleted the Key and voilà, net use showed us all the drives instantly:

PowerShell
> net use
Status       Local     Remote
-------------------------------------------------------------------------------
OK           G:        \\serverA.intra.domain.ch\FileShareG
OK           H:        \\serverA.intra.domain.ch\FileShareH
OK           I:        \\serverA.intra.domain.ch\FileShareI
OK           J:        \\serverA.intra.domain.ch\FileShareJ
OK           K:        \\serverA.intra.domain.ch\FileShareK
OK           M:        \\stdata.file.core.windows.net\FileShareM
OK           N:        \\stdata.file.core.windows.net\FileShareN
OK           O:        \\stdata.file.core.windows.net\FileShareO
OK           P:        \\stdata.file.core.windows.net\FileShareP
OK           Q:        \\serverA.intra.domain.ch\FileShareQ
OK           R:        \\serverA.intra.domain.ch\FileShareR
OK           T:        \\serverA.intra.domain.ch\FileShareT
OK           X:        \\serverA.intra.domain.ch\FileShareX
OK           Y:        \\serverA.intra.domain.ch\FileShareY

Explorer needed a restart to be happy and show the drives:

As we had the issue on multiple devices, we pushed a script via Intune with the following command, and after a reboot all the users had their drives back.

PowerShell
Remove-Item -Path "HKCU:\Network\L" -Recurse -Force

Finally, we had a solution for this issue, but still would expect Intune and Windows to be able to remove Network Drives without such issues. So we checked what happens, if we do not just unassign the policy or set it to Not configured but delete the drive via Intune. And the result was even worse:

So we did not find a way to remove drives just with the Intune policy, and always needed to add a script to remove the Registry Key. Funnily, net use was also able to remove the drive and the Registry Key after the Intune Policy mishap:

BAT (Batchfile)
net use L: /delete

If you thought this is weird. Well it gets even weirder. For testing we created a simple policy to remove the Drive E: from a client that did not have that drive mounted.

We would have expected that nothing happens. If you deleted a drive that does not exist there’s nothing you have to do. But no: Intune / Windows created a new registry Key named E with the same content we have seen above, leading to the same issues.

Conclusion

In the end, the whole issue seems to be a combination of a bug in the Intune Policy, which did not completely remove the Registry Key in Windows. And Windows to trip over the incomplete Registry Key. We were even able to reproduce that issue by just creating a key named E and no drives were showing:

PowerShell
New-Item -Path "HKCU:\Network\E"

> net use
There are no entries in the list.

If you need to remove a network drive that you have mounted via Intune and an ADMX, test thoroughly to ensure if your drive (and only that drive) will be removed.

Kommentare

Schreiben Sie einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert