Network Drive Mapping: GPO and Script

Presentation

When setting up an Active Directory, one of the first things you want to put and automatic network drive mapping to different users.

As a reminder, a network drive is a share presented to a post / user in the form of a letter such as a hard disk / usb key ….

Implementing network drive mapping

In this tutorial, I’ll introduce two ways to mount a network drive, by GPO, and using a script that should be run at logon.

GPO

1. Open the Group Policy Editor on a domain controller.
Mappage lecteur réseau : editeur de stratégies de groupe

2. Create a new strategy, right-click on the domain name 1 or on an organizational unit and click on Create a GPO object in this domain, and link here 2.
Créer une nouvelle stratégie

3. Give a name with strategy and click OK 1.
Nom de la stratégie

4. Right-click on Strategy 1 and click on Edit 2 to open the editor.
Edition de la strategie

5. Go to User Configuration> Preferences> Windows Settings and double click on Drive Mappings 1.
Chemin d'accès

6. Right click New 1 > Mapped drive 2.
Ajouter un nouveau lecteur

7. Fill out the form:

1 Enter the location of the network share
2 Indicate the letter used
3 Apply
4 OK
A and B to label the network drive

Formulaire lecteur reseau

8. Drive 1 should be visible in Drive Mappings.
Liste des lecteurs

9. Summary of the GPO, by default the drive will be mapped to all users.
Détail de la GPO

Limit mapping to a group

In this part, we will see how to limit the mapping to a user group using Item Level Targeting.

1. Edit your player right click on 1 and Properties.
Edition proprietes

2. Go to the Common tab 1, tick “Item Level Targeting” 2 and click on Targeting 3.
Activer le ciblage

3. Click New Item 1 and select Security Group 2.
Ciblage sur un groupe de sécurité

4. Add your group 1 and click OK 2.
Selection de groupe : Grp_Partage_RW

5. It’s over, the P drive will be mapped only to users in the Grp_Partage_RW group. If you go back to the overview of the parameters of the strategy, you can see the elements of the targeting 1.
Parametres du ciblage.

Script

1. Create a new file that should have the vbs extension.

2. Edit the file (Notepad ++, notepad …) and add the codes below:

' En cas d erreur le script continu
On error resume next

' Declaration des variables
Dim WshNetwork

' Declaration des objets
Set WshNetwork = WScript.CreateObject("WScript.Network")

' Mappage du lecteur P
WshNetwork.MapNetworkDrive "P:", "\\LAB-AD1\partage", true

3. Add the script at logon to map the network drive.

Limit mapping to a group

How for the GPO, we will now modify the script to limit the network drive mapping to Grp_partage_RW group.

1. Edit the file:

' En cas d erreur le script continu
On error resume next

' Declaration des variables
Dim WshNetwork,oShell

' Declaration des objets
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set oShell = CreateObject("WScript.Shell")

' Mappage du lecteur P 
If isMember("Grp_Partage_RW") Then
     WshNetwork.MapNetworkDrive "P:", "\\LAB-AD1\partage", true
End If

'#####################################################
'	Functions secondaires
'#####################################################
Function IsMember(groupName)
    If IsEmpty(groupListD) then
        Set groupListD = CreateObject("Scripting.Dictionary")
        groupListD.CompareMode = 1
        ADSPath = EnvString("userdomain") & "/" & EnvString("username")
        Set userPath = GetObject("WinNT://" & ADSPath & ",user")
        For Each listGroup in userPath.Groups
            groupListD.Add listGroup.Name, "-"
        Next
    End if
    IsMember = CBool(groupListD.Exists(groupName))
End Function

Function EnvString(variable)
    variable = "%" & variable & "%"
    EnvString = oShell.ExpandEnvironmentStrings(variable)
End Function

As you can see, we added two functions at the end of the code, which allow verification of the group membership of the connected user. The drive mapping is now subject to condition (if).

Conclusion

GPO or script, both solutions work everything depends what you prefer. If you opt for the script, comment well on your code.

Personally I prefer to use the script because it is executed after logging in, which allows faster loading of the workstation.

 



Related Posts


Setting up a read-only domain controller – RODC
Introduction In this article, we are going to have how to set up a read-only domain controller (RODC). This type of controller, as the name suggests, is read-only, so it can not change user attributes or even add objects. There are several implementa

GPO: Run a script when the computer starts
Presentation In this article, we will see how to set up a script that runs at startup of the post using Group Policy (GPO). The advantage of using this type of script is that it is executed with the Administrators rights, which makes it possible to l

Active Directory: Migrate SYSVOL Folder from FRS to DFSR
Presentation Since Windows Server 2008 and its 2008 domain functional level, replication of the SYSVOL folder is supported by DFSR, before it was done by FRS. If your domain controllers are running Windows 2012R2, it is advisable to use DFSR for the

Leave a Comment