Network Drive Mapping: GPO and Script

Introduction

When setting up an Active Directory, one of the first things you want to set up is automatic mapping of network drives to different users.

As a reminder, a network drive is a share presented to a workstation / user in the form of a letter like a hard disk / USB stick ….

How to map a network drive

In this tutorial, I will show you two ways to mount a network drive, by GPO and using a script that must be executed at login, so using group policy as well .

Through this tutorial, we will see that the result is identical.

Mapping network drives by group policy has several advantages for me:

  • They are updated regularly by client workstations and it is possible to force the update with the gpupdate command.
  • Using a graphics console
  • Lots of filtering options (even if not script we can do the same).
  • Record events in Windows Viewer for quick debugging.

The logon script is certainly configured in a group policy, but the command gpupdate does not allow to replay the script, it is imperative to close then reopen the session to apply the script again.

Prerequisite :

  • Have an Active Directory environment.
  • Have a shared folder accessible to users to which it will be mapped.

GPO – Group Policy

1. Open the Group Policy Editor on a domain controller.

Mappage lecteur réseau : editeur de stratégies de groupe

2. Create a new strategy, right-click on the domain name 1 or on an organizational unit and click on Create a GPO object in this domain, and link here 2.

Créer une nouvelle stratégie

3. Give a name with strategy and click OK 1.

Nom de la stratégie

4. Right-click on Strategy 1 and click on Edit 2 to open the editor.

Edition de la strategie

5. Go to User Configuration> Preferences> Windows Settings and double click on Drive Mappings 1.

Chemin d'accès

6. Right click New 1 > Mapped drive 2.

Ajouter un nouveau lecteur

7. Fill out the form:

  • 1 Enter the location of the network share
  • 2 Indicate the letter used
  • 3 Apply
  • 4 OK
  • A and B to label the network drive
Formulaire lecteur reseau

8. Drive 1 should be visible in Drive Mappings.

Liste des lecteurs

9. Summary of the GPO, by default the drive will be mapped to all users.

Détail de la GPO

Limit mapping to a group

In this part, we will see how to limit the mapping to a user group using Item Level Targeting.

It is also possible to limit the execution of the strategy to the level of the security filtering, which implies to make a strategy per reader.

The targeting at the level of the boundary element not the rights on the share, it is necessary even to set the rights NTFS on the file.

1. Edit your player right click on 1 and Properties.

Edition proprietes

2. Go to the Common tab 1, tick “Item Level Targeting” 2 and click on Targeting 3.

Activer le ciblage

3. Click New Item 1 and select Security Group 2.

Ciblage sur un groupe de sécurité

4. Add your group 1 and click OK 2.

Selection de groupe : Grp_Partage_RW

5. It’s over, the P drive will be mapped only to users in the Grp_Partage_RW group. If you go back to the overview of the parameters of the strategy, you can see the elements of the targeting 1.

Parametres du ciblage.

Script

1. Create a new file that should have the vbs extension.

2. Edit the file (Notepad ++, notepad …) and add the codes below:

' En cas d erreur le script continu 
On error resume next 
' Declaration des variables 
Dim WshNetwork 
' Declaration des objets 
Set WshNetwork = WScript.CreateObject("WScript.Network") 
' Mappage du lecteur P 
WshNetwork.MapNetworkDrive "P:", "\\LAB-AD1\partage", true

3. Add the script to Group Policy logon to map the network drive.

Limit mapping to a group by script

How for the GPO, we will now modify the script to limit the network drive mapping to Grp_partage_RW group.

1. Edit the file:

'En cas d erreur le script continu
 On error resume next
 ' Declaration des variables
 Dim WshNetwork,oShell
 ' Declaration des objets
 Set WshNetwork = WScript.CreateObject("WScript.Network")
 Set oShell = CreateObject("WScript.Shell")
 ' Mappage du lecteur P 
 If isMember("Grp_Partage_RW") Then
      WshNetwork.MapNetworkDrive "P:", "\\LAB-AD1\partage", true
 End If
 '#####################################################
 '    Functions secondaires
 '#####################################################
 Function IsMember(groupName)
     If IsEmpty(groupListD) then
         Set groupListD = CreateObject("Scripting.Dictionary")
         groupListD.CompareMode = 1
         ADSPath = EnvString("userdomain") & "/" & EnvString("username")
         Set userPath = GetObject("WinNT://" & ADSPath & ",user")
         For Each listGroup in userPath.Groups
             groupListD.Add listGroup.Name, "-"
         Next
     End if
     IsMember = CBool(groupListD.Exists(groupName))
 End Function
 Function EnvString(variable)     
     variable = "%" & variable & "%"
     EnvString = oShell.ExpandEnvironmentStrings(variable)
 End Function

As you can see, we added two functions at the end of the code, which allow verification of the group membership of the connected user. The drive mapping is now subject to condition (if).

Conclusion

GPO or script, both solutions work everything depends what you prefer. If you opt for the script, comment well on your code.





Related Posts


GPO: Run a script when the computer starts

PresentationPrerequisitesImplementation of the GPOValidate the operation of the strategyConclusion Presentation In this article, we will see how to set up a script that runs at startup of the post usi

Enable Windows Active Directory Recycle Bin 2012/2016/2019

Introduction The Active Directory Recycle Bin is a feature that came with Windows 2008R2, which is disabled by default. To activate the recycle bin, the domain and drill level must be at least 2008R2.

GPO: Configure SSO on RDS Connections

Presentation In this article, we'll see how to set up Single Sign-on (SSO) on Remote Desktop (RDS) connections using a GPO. This solution eliminates the need for users to re-enter their login to conne