Are you trying to map network drives or shared folders with Group Policy?
This guide is for you.
By mapping a shared drive, you're essentially adding a folder that has already been shared on your network to the list of drives you can access on your own PC.
We can use Group Policies to map shared network folders flexibly from SMB file servers as separate Windows network drives.
Initially, .bat logon scripts containing ‘net use M: \\ro-fs01\sharename’ commands were used to map network drives in Windows.
When we map a network drive, it looks like a new drive under This PC in File Explorer, allowing us to quickly access the shared files we need.
In this context, we shall look into the steps to perform Mapping.
Advantages of Mapping Drives or Shared Folders with Group Policy?
Group Policies are flexible, faster, and can also get updated in the background. It is very easy as it requires no scripting experience.
Furthermore, it helps to speed up the user login process. Also, there is no need to reboot a computer or log off to map network drives via Group Policy.
Following are some of the advantages of using group policy:
1. Firstly, they are much easier than logon scripts. Checkboxes and drop-down lists, no need to understand scripting.
2. It is scalable, as big as our Active Directory will grow logon scripts will scale no problem.
3. Also, it is very flexible. With item-level targeting, we can target groups, users, OUs, operating systems, and so on.
The support of network drive mapping in GPO appeared in Windows Server 2008.
Steps to Map Network Drive or Shared Folders with Group Policy?
Here we will see how to map a department shared network folder automatically based on AD security groups and users personal network drives.
1. Creating a new security group for a Marketing department in Active Directory.
We will create a new security group for a Marketing department in AD and add the employee accounts to it.
We can create and fill the group using the graphic ADUC console (dsa.msc) or use the PowerShell cmdlets to manage AD groups.
Using the following command we can do this:
New-ADGroup “IT-Marketing” -path ‘OU=Groups,OU=Rome,OU=IT,dc=ibmimedia,DC=com’ -GroupScope Global -PassThru –Verbose
Add-AdGroupMember -Identity IT-Marketing -Members b.ibmimedia, k.kevin, a.arthur, m.michael
2. Creating a GPO to map the shared folder as a network drive.
We can do this using the following steps:
i. Firstly, open the Group Policy Management Console (gpmc.msc) to manage the domain GPO.
ii. Then create a new GPO and link it to the user account OU, then select Edit.
iii. After that Go to User Configuration and take Preferences
iv. From there go to Windows Settings and take Drive Maps.
v. Now create a new policy setting: New -> Mapped Drive
vi. In the General tab, specify the following connection settings for our network drive:
a. Action: Update (this mode is used the most often)
b. Location: a UNC path to the shared folder you want to connect
c. Label as: a drive label
d. Reconnect: makes a network drive permanent (it will be reconnected every time we log in, even if we remove the policy. There is a /persistent analog option in net use)
e. Drive Letter: assign a drive letter for the shared folder
f. Connect as: this option is not available now since Microsoft currently does not allow storing passwords in Group Policy settings.
vii. After that Go to the Common tab, check the Run in logged-on users’ security context and Item-level Targeting options. Then click Targeting.
viii. Here we will specify that this policy must be applied only to the members of the AD security group created earlier. Select New Item -> Security Group -> our group name
ix. Finally, save the changes
x. Once the GPO is updated the mapped network drive will be available in File Explorer and other programs appears in the user session.
3. Using Group Policy to Map a Drive for Individual Users
We can do this using the following steps:
i. Firstly create another policy rule to map personal network folders of the users as network drives.
Suppose, we have a file server where personal user folders are stored. And we want these folders to be automatically mounted as network drives in user sessions during logon.
ii. We will create a separate folder for each user matching their AD names (sAMAccountName) and assign the corresponding NTFS permissions.
iii. Then create another drive mapping rule in the same GPO.
iv. After that we can specify the path to the shared folder with user personal folders as \\ro-fs01\shared\home\%LogonUser%. Let us set %LogonUser% – Personal as a drive label.
v. For displaying the full list of environment variables available in GPP we can press F3.
vi. Finally, save the changes and update the group policy settings on user computers using the following command:
$ gpudate /force
Now the users will be able to see their personal folders from a file server mapped as network drives.
Also, they will be able to store their personal data on them.
The network drive will be mapped on any computer a user is logged on to.