Scribd
Upload
27 views12 pages

Map Network Drives with Group Policy

Uploaded by

syslan.it
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
27 views12 pages

Map Network Drives with Group Policy

Uploaded by

syslan.it
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

How To Map Network Drives With

Group Policy (Complete Guide)


By Robert Allen | July 13, 2018 | 9

In this guide, I’ll show you step by step


instructions on how to map network drives with Group Policy.
If you’re still using login scripts then it’s time to switch to Group Policy.
Mapping drives with group policy is very easy and requires no scripting experience.
Bonus: It can actually speed up the user logon process.
I’ll show you two examples, the first one is mapping a drive for a department, the second
will map a drive for individual users.
In addition, I will use item level targeting to map drives based on specific conditions like
group membership, OU, operating system, etc.

Logon Scripts VS Group Policy


The ability to map a network drive with Group Policy was introduced in Server 2008.
Logon scripts are a thing of the past.
Logon scripts can actually slow computers down. Yes, group policy is faster.
Unless you have some crazy complex script that does something that Group Policy
cannot do then there is no reason not to use it.
Mapping Drives with Group Policy has the following advantages:

• It’s much easier than logon scripts. Checkboxes and drop down lists, no need to
understand scripting
• It’s scalable, as big as your Active Directory will grow logon scripts will scale no
problem.
• It’s very flexible. With item level targeting you can target groups, users, OUs,
operating systems and so on.
• It’s easy

Now let’s move onto some examples of mapping drives with group policy.
Example 1: Map a Department Network Drive
Using Group Policy
In this example, I’m going to map a network drive for the HR department. I’ll use item
level targeting so it only maps this drive for users in the HR organizational unit.
You could also use a Security Group to target a specific group of users. This will map to a
network share that only the HR department has access to.

Step 1: Create & Link a new GPO


1. Open the Group Policy Management Console

2. In the Group Policy Management Console, Right Click and Select “Create a GPO in
this domain, and Link it here”
TIP: This will be a user based GPO so make sure you link the GPO to a location that will
target the users. I have all of my users separated into an OU called ADPRO Users, I’ll
create and link the GPO there.
3. Name the new GPO
You can name the new GPO whatever you like, I’ve named mine “Users – Mapped
Drives
I can later add additional drive mappings to this GPO.

The new GPO is now created and linked, now it’s time to configure the settings.

Step 2: Configure GPO Settings


1. On the GPO right click and select edit
2. Navigate to User Configuration -> Preferences -> Windows Settings -> Drive
Mappings

3. Right Click Drive Mappings, Select New – > Mapped Drive


4. Configure Drive Mapping Properties
General Tab Settings

• In location put the path to the share/folder you want to map a drive to.
• Select a drive letter
• Choose Update for action
• Label as: This is optional but may be beneficial for users.
Common Tab Settings
Select “Run in logged on users’s security context
Select Item-level Targeting
Click the Targeting Button
Select New Item
Select Organization Unit then select the OU you want to target
Click OK, Click OK again to close the new drive properties
This completes the GPO settings

Step 3: Reboot Computers to Process GPO


For the GPO to run I will need to reboot the users PC or run gpupdate /force. The next
time a user from the HR department logs in they should see a mapped drive.
I’ve rebooted the computer, now I’ll log in with an account that is in the HR
organizational unit.
Once logged I will go to file explorer and check for the mapped drive.

It works.
Now, any user I put in the HR folder will get this mapped drive. If you don’t want to use
an OU you can also target a group of users by using a Security group.

Example 2: Using Group Policy to Map a Drive


for Individual Users
This example will map a drive for individual users. This will give the users their own
personal folder to save files.
You can create a new GPO or add to your existing one, I have all my drive mappings in
one GPO.
This example requires a folder be setup on a network share that matches the user’s
logon name. You will want to modify the NTFS permissions so the individual user is the
only one that has permissions to it.
I’ll be using Mark Foster as an example, the logon name is mfoster so I’ll need a folder
setup on a network share called mfoster.
I’m not going to repeat every step, I’m basically starting at Step 3 from the first example.

Step 1: Create a New Drive Mapped drive


Here are the drive map settings for mapping a drive for an individual user
The %UserName% is a variable that will match the user’s logon name.

Just to be clear you must have folders setup on a network share that matches the
location and users logon name.
My file server is file1, the share is users and in the user’s folder is a folder for each user.
Screenshot below of users folder on file1 server.
That is it.
Just have the user log off and back on and it should map the M drive

Perfect! Now the user is mapping a department drive and a personal drive.

Final Thoughts
As you can see mapping drives with group policy is very easy. It doesn’t require any
scripting experience, it’s just a matter of a few clicks and selecting your desired settings.
If your still using logon scripts follow the steps in this guide and replace them with
Group Policy. The biggest challenge is just finding the time to switch them over.
Now it’s time to switch over those logon scripts.
Related: How to Update Group Policy Remotely
Recommended Tool: SolarWinds Server & Application Monitor (SAM)
This utility was designed to Monitor Active
Directory and other critical applications. It will quickly spot domain controller issues,
prevent replication failures, track failed logon attempts and much more.
What I like best about SAM is it’s easy to use dashboard and alerting features. It also has
the ability to monitor virtual machines and storage.

Common questions

Powered by AI

When mapping drives for individual users, ensure that each user has a dedicated folder on the network share that corresponds to their logon name . Modify NTFS permissions so that only the respective user has access to their folder, securing sensitive data from unauthorized access . Using variables like %UserName% in Group Policy can automate the mapping process, as it will dynamically link to each user's respective folder . After setting up the necessary folder structure, ensure that users log off and back on to complete the mapping process .

Item level targeting in Group Policy allows administrators to map network drives under specific conditions. For example, an administrator can target an organizational unit (OU), a security group, or even specific operating systems to ensure that only designated users have access to a specific network drive . This approach provides granularity and flexibility, enabling administrators to tailor drive mappings according to precise organizational structures or user requirements. Additionally, item level targeting can consider factors such as the user's membership in a particular group, making it a powerful tool for managing resource access .

To map a network drive for a departmental unit using Group Policy, begin by creating and linking a new Group Policy Object (GPO) in the Group Policy Management Console, ensuring it targets the appropriate users . Next, navigate to User Configuration -> Preferences -> Windows Settings -> Drive Mappings to set up the drive mapping properties . Enter the path to the network share location and select a drive letter. Use item level targeting to apply this mapping specifically to the users within the department’s organizational unit or equivalent grouping . Finally, ensure users’ computers are rebooted or the group policy is updated so that the mapped drive is accessible on the designated network share the next time they log in .

Administrators might opt to map both department and personal drives for users to address both organizational needs and individual user requirements. This dual approach supports the collaborative nature of departmental work by providing shared resources and files while simultaneously ensuring that users have private storage for personal or sensitive documents . Furthermore, having both types of drives helps maintain an organized structure, as departmental data is centralized and managed within the shared drive, facilitating access control, data auditing, and compliance . On the other hand, personal drives ensure user-specific data remains segregated, protecting personal work and improving data security.

Using Group Policy to map network drives offers several advantages over logon scripts. Firstly, Group Policy is easier to use, requiring no scripting experience—just checkboxes and dropdown lists . Secondly, it is scalable, meaning that it can handle growth in your Active Directory without issues . Thirdly, Group Policy is flexible, allowing you to use item level targeting to map drives based on conditions such as group membership or operating system . Lastly, Group Policy is faster, potentially speeding up the user logon process when compared to logon scripts, which can slow computers down .

Switching from logon scripts to Group Policy for drive mapping is important due to several factors. Logon scripts can slow down user login times, whereas Group Policy tends to be faster, improving the overall user experience . Additionally, Group Policy offers easier management by eliminating the need for scripting, instead using a graphical interface with checkboxes and dropdown lists . Moreover, Group Policy is more scalable and flexible, facilitating the easy implementation of item level targeting to refine access controls . These improvements bring efficiencies and reduce the ongoing maintenance workload for IT administrators.

When mapping drives using Group Policy, the security context determines the permissions and level of access that will apply when the mapped drive is accessed by users. Group Policy allows administrators to select "Run in logged-on user's security context," ensuring that the drive mapping adheres to the same permissions and restrictions applicable to the individual user . This ensures that any mapped network drives only grant the access level appropriate to each user's security rights, preventing unauthorized access to restricted resources . Thus, this setting helps maintain the integrity of the organization's security policies.

Transitioning from logon scripts to Group Policy for drive mapping can pose several challenges. First, administrators must dedicate time to redevelop existing logon scripts into Group Policy Objects with similar functionalities . This process may require learning new tools and interfaces, particularly for those more familiar with scripting. Additionally, aligning the Group Policy structure with the organization's existing Active Directory architecture can be complex, especially if the structure is broad or previously unmanaged. Furthermore, there could be resistance to change from users or IT staff accustomed to the traditional script-based approach. Testing and validating the new Group Policy configurations to ensure they work correctly across various systems add another layer of complexity to the transition, necessitating careful planning and execution .

Configuring drive mapping properties in a Group Policy Object involves several steps. First, within the GPO, navigate to User Configuration -> Preferences -> Windows Settings -> Drive Mappings . Right-click 'Drive Mappings' and choose New -> Mapped Drive to create a new mapping . In the properties window, input the location of the share/folder path, select a preferred drive letter, and choose 'Update' for the action . Optionally, label the drive for user convenience. Additionally, in the Common tab, select "Run in logged-on user's security context" and configure item-level targeting to specify conditions like targeting an organizational unit . Once completed, confirm the settings to apply the configuration.

Group Policy expedites the drive mapping process during user logon through its streamlined execution process that avoids the overhead and complexity associated with logon scripts. While logon scripts may rely on scripting languages that require execution one line at a time, potentially delaying the user logon, Group Policy utilizes settings stored in a more efficient hierarchical structure, leading to faster processing speeds . Additionally, Group Policy's integration within the Active Directory framework means that drive mapping policies are applied systematically during the computer and user sign-in sequence, resulting in a more seamless user experience . Overall, the inherent efficiencies of Group Policy contribute to quicker user access times compared to traditional logon scripts.

You might also like