Using group policy is the ideal method of mapping network drives. Not only is it easier to understand for people who aren’t into scripting, it’s also easier to keep track of and audit.
This guide will walk you through each step of pushing out a mapped drive as well as taking advantage of item level targeting to make sure that drive only goes to who and what you want it to.
Mapping Drives with Group Policy vs Logon Scripts
As mentioned earlier, group policy tends to be much easier for most admins to understand than scripting.
Using group policy over scripting is also more efficient. It can decrease logon times since scripts have to run every time the user logs in.
The ability to use item level targeting is also huge for the group policy method. This lets you control exactly who and what gets your policy to push out your drive.
Since group policy is tightly integrated with your Active Directory, it’s very scalable.
Let’s take a look at the most common use for mapping network drives with group policy, departmental network shares.
How to Map a Drive for Departmental Use with Group Policy
Here we are going to a create a group policy using item level targeting to push out a mapped network drive for Accounting based on a user’s membership to the Accounting security group.
You could just as easily use item level targeting to push out drives by OU or a number of other things, which we’ll get into during the tutorial.
Part 1. Create a New Group Policy Object
- Open Group Policy Management with a privileged account.
- Right click the OU that you want to link the new GPO to and click on “Create a GPO in this domain, and Link it here….” This will be a user GPO so you’ll want to link it to the OU that contains your user accounts.
- Enter a name for your new GPO
Part 2. Edit Your GPOs Settings
- Right click your GPO and click on Edit
- Expand User Configuration -> Preferences-> Windows Settings -> Drive Mappings
- Right click on Drive Mappings and then click on New -> Mapped Drive
- In the box that opens, choose Update for the Action (since we want to push a new drive rather than replace an existing drive).
- Enter the location of the shared folder you are wanting to push to your users. In my case, I have created an Accounting folder on the file server FileServer1 and shared it with the Accounting Dept security group read/write access to it.
Pro Tip: You can also use this method to create individual user folders by creating shared folders for each user in your domain named after their username and using the %LogonUser% variable in your share path to point the mapped drive to their matching folder.
You can press F3 to see all of available variables for use.
- Give your share a label if you want the drive that shows up on the computer to have a different name from the folder you created.
- Choose a drive letter to use.
- Click on the Common tab at the top of the box.
- Check Run in logged-on user’s security context, unless you have a good reason not to.
- Check Item-level targeting
- Click on the New Item dropdown in the upper left corner, choose security group, then click the elipse box (…) and browse for the security group you want the members to be a part of in order to receive this drive mapping.
- Click Ok to close the Item Level Targeting properties and then OK again to close the New Drive Properties.
Part 3. Update Group Policy on Your Computers
We need to update Group Policy in order for the drive to show up. The simplest way to do this is to reboot the computer.
- Have your user restart their computer.
- Have the user log in.
- Verify the new drive has appeared. It should be listed under Network Locations.
- If the drive has not appeared, perform a gpupdate /force and reboot the computer again or have the user log off and then back on again.
From this point forward, any user that you create within the OU that you linked this GPO to that is also added to the accounting group will receive this mapped drive.
Like I said earlier, you could also choose to use item level targeting to push out drives based on what GPO a user is in and many other factors. You can even change the condition to “not” and push the drive to everyone that is not a member of a particular group. The options are endless.
NOTE: I do have one caution to mention, if the computer is not connected to your network when the user logs in (in the case of laptops and tablets) the drive may not map. This can cause issues if your user logs in and then launches a VPN client.
To resolve this, you’ll need to edit your GPO and choose the Reconnect option on the General Tab.
Pushing out mapped drives with group policy is a quick and painless process. It’s incredibly flexible and keeps everything simple. All of this leads to less trouble down the road and a better experience for you users.Hopefully you found this guide useful. Let us know if you have any troubles in the comments below!
Recommended for You: Solarwinds Server & Application Monitor (SAM)Know which applications are having issues in your environment before users complain? Know which systems are causing those problems? How about which servers are about to have problems like running out of space or memory?
Automate collection of data and alerting on your applications and servers with Solarwinds Server & Application Monitor so you have these answers.
Get insight into Active Directory, DNS, DHCP, and your Virtual environment without needing to mess with complex templates or knowing a single line of code.