For years, IT administrators have been relying on logon scripts for mapping users’ network drives in a Windows domain environment. However, more recently, administrators have found an effective alternative in Group Policy preferences and are increasingly making the switch. Mapping network drives using Group Policy preferences is flexible, provides easy control over who receives the drive mappings, and has easy-to-use user interfaces, all of which are in stark contrast with the complexities associated with scripts.

Setting up drive mappings with Group Policy preferences

Group Policy preferences are a set of extensions that increase the functionality of Group Policy Objects (GPOs). Administrators can use them to deploy and manage applications on client computers with configurations targeted to specific users. The Drive Maps policy in Group Policy preferences allows an administrator to manage drive letter mappings to network shares.

 Steps involved:

  •  Open Group Policy Management.
  • Right-click the domain or the required subfolder to create a new GPO, or select an already existing one. Right-click and select Edit to open the Group Policy Management Editor.

  • Go to User Configuration > Preferences > Windows Settings > Drive Maps.

  • Right-click and select New > Mapped Drive.

  • Under the General tab (see Figure 1 below), do the following:

    • Action: Select Create or Update.

    • Location: Specify the full file path, e.g. \\Anjali-dc1\c.

    • Reconnect: Enable this to auto connect the drive.

    • Label as: Pick a suitable name for the shared drive, e.g. SharedDrive.

    • Drive Letter: Select a suitable letter for the drive, e.g. K.

    • Connect as: Enter a username and password if you want users to connect with certain credentials other than their own Windows login credentials.

    • Hide/Show this drive: Select whether you want to hide the folder or make it visible on the network.

    • Hide/Show all drives: Select whether, by default, all the shared drives/folders are hidden or visible.

Figure 1. Configuring general properties for drive mapping.

  •  Click Apply and OK.
  • For the settings to take effect, open a Command Prompt in the computer receiving the drive mapping, type GPUPDATE, and hit Enter.

Once the Group Policy settings have taken effect on the desired users/computers, the mapped drives should automatically appear under Network Location(s) as seen in Figure 2.

                             Figure 2. Mapped network drive.

 Deploying item-level targeting with Group Policy preferences

Item-level targeting (ILT) is a feature of Group Policy preferences that allows preference settings to be applied to individual users and/or computers dynamically. ILT allows an administrator to specify a list of conditions that must be met in order for a preference setting to be applied or removed to a user or computer object. The criteria available for targeting settings to users and computers can be seen below in Figure 3.

Figure 3. ILT options for Group Policy preferences.

In our example of configuring drive mapping, only users in the Product Managers group would receive the mapping. To accomplish this:

  • Under the Common tab of the mapped drive properties, check the Item-level targeting option, and then click Targeting…. Refer to Figure 4 below.

 Figure 4. Configuring item-level targeting for drive mapping.

  • In the Targeting Editor window, click New Item and select Security Group.

  • Click the … button, and type in the name of the security group.

  • Click OK to close the Targeting Editor once you’re finished adding items to the list. See Figure 5.

 

Figure 5. Adding preferences for item-level targeting.

The security group targeting option allows you to pick any Windows Active Directory security group (domain local, global, or universal) to use as a target. The security group targeting option is one of the most flexible and useful ILT setting. Since this target focuses on group membership, it is typically used for the user environment including shortcuts, files, network shares, schedule tasks, data sources, drive mappings, printers, and IE settings.

Summary

Setting drive mappings with the help of Group Policy preferences does not require any scripting knowledge and is both easy to use and efficient. The item-level targeting feature of Group Policy preferences allows settings to take effect on individual users and/or computers. This allows flexibility and lets you powerfully manage users and computers.

 

 

  1. Shekar

    Can we do this through Powershell commands

    • Hi Shekar! One of our AD experts, Harish, says:

      “Yes! PowerShell scripts can be used discover all GPP drive mappings on the domain, and you can also automate the entire process of the drive mappings in GPP using a PowerShell script, but it is extremely difficult to find the script that satisfies your exact requirements, so you may have to create one from scratch.”

      Hope that helps!

  2. Muhammad

    can we use any of the ILT conditions with Azure AD Groups or User objects?

    • Hi Muhammad. Our AD expert Harish says there are two outcomes here:

      – Hybrid Active Directory setup (on-premises Azure AD)
      User A is created in on-premises Active Directory and gets synced to Azure AD. Then item-level targeting can be mapped through on-premises users/groups only (as it resolves around SID).

      – Azure AD setup only
      You cannot do this directly, i.e., not user item-level targeting to query Azure AD groups and users.

  3. anon

    Hey, in my server I have the option “Connect as” disabled and idk why is a windows server 2k1, all the post i’ve been watching too but u dont. How can I enable it?

  4. ankit

    can we do this via command line CMD or POwershell

    • Hi Ankit. One of our AD experts, Harish, says:

      “Yes! Although the group policy preferences offer a user-friendly GUI to perform certain tasks (like drive mappings, as mentioned above), it can still become difficult and repetitive when we have to manage tasks in bulk (like 100 drive mappings). PowerShell scripts can be used discover all GPP drive mappings on the domain, and you can also automate the entire process of the drive mappings in GPP using a PowerShell script, but it is extremely difficult to find the script that satisfies your exact requirements, so you may have to create one from scratch.”

      Hope that helps!

  5. Silva

    Hi,

    Can we map a local drive from a RDS client something like: \\tsclient\d\%username%\Documents ?

    Do you have experience with that?

    • Hi Silva. Try using this command:
      net use Z: “\\tsclient\c””

      For more information, please check Microsoft’s website.