Network Drive Mapping: GPO and Script

When setting up an Active Directory, one of the first things you want to set up is automatic mapping of network drives to different users.

As a reminder, a network drive is a share presented to a workstation / user in the form of a letter like a hard disk / USB stick ….

In this tutorial, I will show you two ways to mount a network drive, by GPO and using a script that must be executed at login, so using group policy as well .

Through this tutorial, we will see that the result is identical.

Mapping network drives by group policy has several advantages for me:

• They are updated regularly by client workstations and it is possible to force the update with the gpupdate command.
• Using a graphics console
• Lots of filtering options (even if not script we can do the same).
• Record events in Windows Viewer for quick debugging.

The logon script is certainly configured in a group policy, but the command gpupdate does not allow to replay the script, it is imperative to close then reopen the session to apply the script again.

Prerequisite :

• Have an Active Directory environment.
• Have a shared folder accessible to users to which it will be mapped.

GPO – Group Policy

1. Open the Group Policy Editor on a domain controller.

2. Create a new strategy, right-click on the domain name 1 or on an organizational unit and click on Create a GPO object in this domain, and link here 2.

3. Give a name with strategy and click OK 1.

4. Right-click on Strategy 1 and click on Edit 2 to open the editor.

5. Go to User Configuration> Preferences> Windows Settings and double click on Drive Mappings 1.

6. Right click New 1 > Mapped drive 2.

7. Fill out the form:

• 1 Enter the location of the network share
• 2 Indicate the letter used
• 3 Apply
• 4 OK
• A and B to label the network drive

8. Drive 1 should be visible in Drive Mappings.

9. Summary of the GPO, by default the drive will be mapped to all users.

Limit mapping to a group

In this part, we will see how to limit the mapping to a user group using Item Level Targeting.

It is also possible to limit the execution of the strategy to the level of the security filtering, which implies to make a strategy per reader.

The targeting at the level of the boundary element not the rights on the share, it is necessary even to set the rights NTFS on the file.

1. Edit your player right click on 1 and Properties.

2. Go to the Common tab 1, tick “Item Level Targeting” 2 and click on Targeting 3.

3. Click New Item 1 and select Security Group 2.

4. Add your group 1 and click OK 2.

5. It’s over, the P drive will be mapped only to users in the Grp_Partage_RW group. If you go back to the overview of the parameters of the strategy, you can see the elements of the targeting 1.

Script

1. Create a new file that should have the vbs extension.

2. Edit the file (Notepad ++, notepad …) and add the codes below:

' En cas d erreur le script continue
On error resume next 
' Declaration des variables 
Dim WshNetwork 
' Declaration des objets 
Set WshNetwork = WScript.CreateObject("WScript.Network") 
' Mappage du lecteur P 
WshNetwork.MapNetworkDrive "P:", "\\LAB-AD1\partage", true

3. Add the script to Group Policy logon to map the network drive.

Limit mapping to a group by script

How for the GPO, we will now modify the script to limit the network drive mapping to Grp_partage_RW group.

1. Edit the file:

As you can see, we added two functions at the end of the code, which allow verification of the group membership of the connected user. The drive mapping is now subject to condition (if).

Conclusion

GPO or script, both solutions work everything depends what you prefer. If you opt for the script, comment well on your code.