Network Drive Mapping: GPO and Script

When setting up an Active Directory, one of the first things you want to set up is automatic mapping of network drives to different users.

As a reminder, a network drive is a share presented to a workstation / user in the form of a letter like a hard disk / USB stick ….

In this tutorial, I will show you two ways to mount a network drive, by GPO and using a script that must be executed at login, so using group policy as well .

Through this tutorial, we will see that the result is identical.

Mapping network drives by group policy has several advantages for me:

  • They are updated regularly by client workstations and it is possible to force the update with the gpupdate command.
  • Using a graphics console
  • Lots of filtering options (even if not script we can do the same).
  • Record events in Windows Viewer for quick debugging.

The logon script is certainly configured in a group policy, but the command gpupdate does not allow to replay the script, it is imperative to close then reopen the session to apply the script again.

Prerequisite :

  • Have an Active Directory environment.
  • Have a shared folder accessible to users to which it will be mapped.

GPO – Group Policy

1. Open the Group Policy Editor on a domain controller.

Mappage lecteur réseau : editeur de stratégies de groupe

2. Create a new strategy, right-click on the domain name 1 or on an organizational unit and click on Create a GPO object in this domain, and link here 2.

Créer une nouvelle stratégie

3. Give a name with strategy and click OK 1.

Nom de la stratégie

4. Right-click on Strategy 1 and click on Edit 2 to open the editor.

Edition de la strategie

5. Go to User Configuration> Preferences> Windows Settings and double click on Drive Mappings 1.

Chemin d'accès

6. Right click New 1 > Mapped drive 2.

Ajouter un nouveau lecteur

7. Fill out the form:

  • 1 Enter the location of the network share
  • 2 Indicate the letter used
  • 3 Apply
  • 4 OK
  • A and B to label the network drive
Formulaire lecteur reseau

8. Drive 1 should be visible in Drive Mappings.

Liste des lecteurs

9. Summary of the GPO, by default the drive will be mapped to all users.

Détail de la GPO

Limit mapping to a group

In this part, we will see how to limit the mapping to a user group using Item Level Targeting.

It is also possible to limit the execution of the strategy to the level of the security filtering, which implies to make a strategy per reader.

The targeting at the level of the boundary element not the rights on the share, it is necessary even to set the rights NTFS on the file.

1. Edit your player right click on 1 and Properties.

Edition proprietes

2. Go to the Common tab 1, tick “Item Level Targeting” 2 and click on Targeting 3.

Activer le ciblage

3. Click New Item 1 and select Security Group 2.

Ciblage sur un groupe de sécurité

4. Add your group 1 and click OK 2.

Selection de groupe : Grp_Partage_RW

5. It’s over, the P drive will be mapped only to users in the Grp_Partage_RW group. If you go back to the overview of the parameters of the strategy, you can see the elements of the targeting 1.

Parametres du ciblage.


1. Create a new file that should have the vbs extension.

2. Edit the file (Notepad ++, notepad …) and add the codes below:

3. Add the script to Group Policy logon to map the network drive.

Limit mapping to a group by script

How for the GPO, we will now modify the script to limit the network drive mapping to Grp_partage_RW group.

1. Edit the file:

As you can see, we added two functions at the end of the code, which allow verification of the group membership of the connected user. The drive mapping is now subject to condition (if).


GPO or script, both solutions work everything depends what you prefer. If you opt for the script, comment well on your code.

Leave a Comment