Are you trying to map network drives or shared folders with Group Policy?
This guide is for you.
By mapping a shared drive, you're essentially adding a folder that has already been shared on your network to the list of drives you can access on your own PC.
We can use Group Policies to map shared network folders flexibly from SMB file servers as separate Windows network drives.
Initially, .bat logon scripts containing ‘net use M: \\ro-fs01\sharename’ commands were used to map network drives in Windows.
When we map a network drive, it looks like a new drive under This PC in File Explorer, allowing us to quickly access the shared files we need.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to map network drives or shared folders with Group Policy.
In this context, we shall look into the steps to perform Mapping.
Group Policies are flexible, faster, and can also get updated in the background. It is very easy as it requires no scripting experience.
Furthermore, it helps to speed up the user login process. Also, there is no need to reboot a computer or log off to map network drives via Group Policy.
Following are some of the advantages of using group policy:
1. Firstly, they are much easier than logon scripts. Checkboxes and drop-down lists, no need to understand scripting.
2. It is scalable, as big as our Active Directory will grow logon scripts will scale no problem.
3. Also, it is very flexible. With item-level targeting, we can target groups, users, OUs, operating systems, and so on.
The support of network drive mapping in GPO appeared in Windows Server 2008.
Here we will see how to map a department shared network folder automatically based on AD security groups and users personal network drives.
We will create a new security group for a Marketing department in AD and add the employee accounts to it.
We can create and fill the group using the graphic ADUC console (dsa.msc) or use the PowerShell cmdlets to manage AD groups.
Using the following command we can do this:
New-ADGroup “IT-Marketing” -path ‘OU=Groups,OU=Rome,OU=IT,dc=ibmimedia,DC=com’ -GroupScope Global -PassThru –Verbose
Add-AdGroupMember -Identity IT-Marketing -Members b.ibmimedia, k.kevin, a.arthur, m.michael
We can do this using the following steps:
i. Firstly, open the Group Policy Management Console (gpmc.msc) to manage the domain GPO.
ii. Then create a new GPO and link it to the user account OU, then select Edit.
iii. After that Go to User Configuration and take Preferences
iv. From there go to Windows Settings and take Drive Maps.
v. Now create a new policy setting: New -> Mapped Drive
vi. In the General tab, specify the following connection settings for our network drive:
a. Action: Update (this mode is used the most often)
b. Location: a UNC path to the shared folder you want to connect
c. Label as: a drive label
d. Reconnect: makes a network drive permanent (it will be reconnected every time we log in, even if we remove the policy. There is a /persistent analog option in net use)
e. Drive Letter: assign a drive letter for the shared folder
f. Connect as: this option is not available now since Microsoft currently does not allow storing passwords in Group Policy settings.
vii. After that Go to the Common tab, check the Run in logged-on users’ security context and Item-level Targeting options. Then click Targeting.
viii. Here we will specify that this policy must be applied only to the members of the AD security group created earlier. Select New Item -> Security Group -> our group name
ix. Finally, save the changes
x. Once the GPO is updated the mapped network drive will be available in File Explorer and other programs appears in the user session.
We can do this using the following steps:
i. Firstly create another policy rule to map personal network folders of the users as network drives.
Suppose, we have a file server where personal user folders are stored. And we want these folders to be automatically mounted as network drives in user sessions during logon.
ii. We will create a separate folder for each user matching their AD names (sAMAccountName) and assign the corresponding NTFS permissions.
iii. Then create another drive mapping rule in the same GPO.
iv. After that we can specify the path to the shared folder with user personal folders as \\ro-fs01\shared\home\%LogonUser%. Let us set %LogonUser% – Personal as a drive label.
v. For displaying the full list of environment variables available in GPP we can press F3.
vi. Finally, save the changes and update the group policy settings on user computers using the following command:
$ gpudate /force
Now the users will be able to see their personal folders from a file server mapped as network drives.
Also, they will be able to store their personal data on them.
The network drive will be mapped on any computer a user is logged on to.
This article covers how to map network drives or shared folders with Group Policy.
Mapping network drives using Group Policy preferences is flexible, provides easy control over who receives the drive mappings, and has easy-to-use user interfaces, all of which are in stark contrast with the complexities associated with scripts.
To Set up drive mappings with Group Policy preferences:
1. Group Policy preferences are a set of extensions that increase the functionality of Group Policy Objects (GPOs).
2. Administrators can use them to deploy and manage applications on client computers with configurations targeted to specific users.
3. The Drive Maps policy in Group Policy preferences allows an administrator to manage drive letter mappings to network shares.
To Deploy item-level targeting with Group Policy preferences:
Item-level targeting (ILT) is a feature of Group Policy preferences that allows preference settings to be applied to individual users and/or computers dynamically. ILT allows an administrator to specify a list of conditions that must be met in order for a preference setting to be applied or removed to a user or computer object.
You can configure drive mapping, only users in the Product Managers group would receive the mapping.
1. Under the Common tab of the mapped drive properties, check the Item-level targeting option, and then click Targeting….
2. In the Targeting Editor window, click New Item and select Security Group.
3. Click the … button, and type in the name of the security group.
4. Click OK to close the Targeting Editor once you're finished adding items to the list.