Press "Enter" to skip to content

Network Drive Mapping: GPO and Script

0

Presentation

When setting up an Active Directory, one of the first things you want to put and automatic network drive mapping to different users.

As a reminder, a network drive is a share presented to a post / user in the form of a letter such as a hard disk / usb key ….

Implementing network drive mapping

In this tutorial, I’ll introduce two ways to mount a network drive, by GPO, and using a script that should be run at logon.

GPO

1. Open the Group Policy Editor on a domain controller.
Mappage lecteur réseau : editeur de stratégies de groupe

2. Create a new strategy, right-click on the domain name 1 or on an organizational unit and click on Create a GPO object in this domain, and link here 2.
Créer une nouvelle stratégie

3. Give a name with strategy and click OK 1.
Nom de la stratégie

4. Right-click on Strategy 1 and click on Edit 2 to open the editor.
Edition de la strategie

5. Go to User Configuration> Preferences> Windows Settings and double click on Drive Mappings 1.
Chemin d'accès

6. Right click New 1 > Mapped drive 2.
Ajouter un nouveau lecteur

7. Fill out the form:

1 Enter the location of the network share
2 Indicate the letter used
3 Apply
4 OK
A and B to label the network drive

Formulaire lecteur reseau

8. Drive 1 should be visible in Drive Mappings.
Liste des lecteurs

9. Summary of the GPO, by default the drive will be mapped to all users.
Détail de la GPO

Limit mapping to a group

In this part, we will see how to limit the mapping to a user group using Item Level Targeting.

1. Edit your player right click on 1 and Properties.
Edition proprietes

2. Go to the Common tab 1, tick “Item Level Targeting” 2 and click on Targeting 3.
Activer le ciblage

3. Click New Item 1 and select Security Group 2.
Ciblage sur un groupe de sécurité

4. Add your group 1 and click OK 2.
Selection de groupe : Grp_Partage_RW

5. It’s over, the P drive will be mapped only to users in the Grp_Partage_RW group. If you go back to the overview of the parameters of the strategy, you can see the elements of the targeting 1.
Parametres du ciblage.

Script

1. Create a new file that should have the vbs extension.

2. Edit the file (Notepad ++, notepad …) and add the codes below:

' En cas d erreur le script continu
On error resume next

' Declaration des variables
Dim WshNetwork

' Declaration des objets
Set WshNetwork = WScript.CreateObject("WScript.Network")

' Mappage du lecteur P
WshNetwork.MapNetworkDrive "P:", "\\LAB-AD1\partage", true

3. Add the script at logon to map the network drive.

Limit mapping to a group

How for the GPO, we will now modify the script to limit the network drive mapping to Grp_partage_RW group.

1. Edit the file:

' En cas d erreur le script continu
On error resume next

' Declaration des variables
Dim WshNetwork,oShell

' Declaration des objets
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set oShell = CreateObject("WScript.Shell")

' Mappage du lecteur P 
If isMember("Grp_Partage_RW") Then
     WshNetwork.MapNetworkDrive "P:", "\\LAB-AD1\partage", true
End If

'#####################################################
'	Functions secondaires
'#####################################################
Function IsMember(groupName)
    If IsEmpty(groupListD) then
        Set groupListD = CreateObject("Scripting.Dictionary")
        groupListD.CompareMode = 1
        ADSPath = EnvString("userdomain") & "/" & EnvString("username")
        Set userPath = GetObject("WinNT://" & ADSPath & ",user")
        For Each listGroup in userPath.Groups
            groupListD.Add listGroup.Name, "-"
        Next
    End if
    IsMember = CBool(groupListD.Exists(groupName))
End Function

Function EnvString(variable)
    variable = "%" & variable & "%"
    EnvString = oShell.ExpandEnvironmentStrings(variable)
End Function

As you can see, we added two functions at the end of the code, which allow verification of the group membership of the connected user. The drive mapping is now subject to condition (if).

Conclusion

GPO or script, both solutions work everything depends what you prefer. If you opt for the script, comment well on your code.

Personally I prefer to use the script because it is executed after logging in, which allows faster loading of the workstation.

 

Leave a Reply

Your email address will not be published. Required fields are marked *