GPO Drive Mappings
Mapping drives with Group Policy Objects is a far more preferred method than older ways such as scripts and batch files. This way, you can just drop a user into a specific group and the correct drives will automatically appear for them without modifying anything else.
- All users and computers need to be put into whatever groups you will be using here inside Active Directory.
- The GPO will only apply to computers and users that are part of the domain.
- You will need a list of what drives each user needs, including their letter and UNC path.
Creating the GPO
- Bring up Group Policy Management
- Under your domain, right-click and choose "Create a GPO in this domain, and Link it here..."
- Give the GPO a name like "Drive Mappings" or such.
- Right click on this new GPO and select Edit. This will bring up Group Policy Management Editor.
Editing the GPO
- In the console tree under User Configuration , expand the Preferences folder, and then expand the Windows Settings folder.
- Right-click the Drive Maps node, point to New , and select Mapped Drive.
New Drive Properties Selection, Part I
This part is setting the name, label, location, drive letter, etc for the drive.
- In the New Drive Properties dialog box, select an Action for Group Policy to perform. "Update" is the default, and is the best to use as it will also create a new mapping if one does not exist.
- Create: Create a new mapped drive for users.
- Delete: Remove a mapped drive for users.
- Replace: Delete and recreate mapped drives for users. The net result of the Replace action is to overwrite all existing settings associated with the mapped drive. If the drive mapping does not exist, then the Replace action creates a new drive mapping.
- Update:Modify settings of an existing mapped drive for users. This action differs from Replace in that it only updates settings defined within the preference item. All other settings remain as configured on the mapped drive. If the drive mapping does not exist, then the Update action creates a new drive mapping.
- Enter the Location the mapping will be going to. This is the fully qualified UNC path for the network share.
- Enable Reconnect, so this mapping will be saved for the user.
- Enter a Label for this drive.
- I usually give them a specific drive letter. Checkbox Use: under Drive Letter, and choose a drive from the drop-down.
- In Connect As, you can usually leave this blank unless there is some specific non-AD type user that only has access.
- Hide/Show this drive: Checkbox Show This Drive to ensure it appears on the client.
New Drive Properties Selection, Part II
This is where you set which group, user, security list, and PC this drive applies to.
- Click the Common tab
- Checkbox Item-level targeting
- Click the Targeting button, a new window of Targeting Editor will pop up
- Click New Item, a drop-down will appear.
- As you can see, there are 27 different Items to choose from. Most commonly, for this task, we will be using User or Security Group.
- Here we are using User, so we click User. Now you will see a line "the user is".
- Click the ... next to the User box.
- Enter the User's name, and click Check Names. The name should become underlined. Click OK.
- This user should appear now as DOMAIN\username
There are many different options here you can use to create complex targeting queries. Under Item Options, you can also set lines to And, Or, Is Not. So, if you wanted to map a drive for a user, but not when they are on a specific PC, you would add another item, find that PC, and add the Item Option of Is Not. You can also add a Group, like Domain Users if you want everyone to have it. You can also move around the various Items.
- Finally, add a Description for your on-server documentation.
- Click OK to save.
- Once done, you can close the Group Policy Management Editor Window
To immediately enforce this:
- In Group Policy Management, right-click your GPO and choose "Enforce"
- On the various clients, a reboot will be needed.
- Configure a Mapped Drive Item