Mapping network drives is very useful for accessing files over the network. Setting these connections up manually is not the most practical solution though because after your computer restarts you will need to recreate the connection. One solution is to create login scripts for the computers on your network to use.
This works fine for smaller networks, but when you have hundreds of computers to load scripts onto it becomes an issue.
The solution we will be looking at today is to use Group Policies to accomplish this instead.
This option lets you leverage the power of your network’s capabilities to run drive mapping functions in the background. This isn’t the only way to accomplish this kind of result, but it is definitely one of the best ways to get it done in an Active Directory environment.
One of the key advantages of this method is that it is very easy to setup and it requires almost no scripting experience. We will look at a few different implementations of this idea, for both single users and for groups within Active Directory.
We will also look at other determining characteristics of each mapping instance such as the OS of the computer, Organizational Unit membership, and more.
Logon Scripts Or Group Policy?
The only way to get a mapped network drive in the past was by creating a login script. This was traditionally a command such as net use x: \\server\share wrapped up in a simple batch file and placed in the user’s ‘startup’ folder.
All items in this folder such as executables, batch files and shortcuts to programs, will launch when a user logs into their Windows PC.
Startup Scripts work great if you have an optimal network with no connectivity issues, but there can be bigger issues.
Logon scripts can cause slow boot times when there are problems resolving the network communications, making the user wait while the script either finishes or fails.
For this reason, most administrators prefer using group policies to accomplish the same thing, mapping drives, but in a more streamlined and uniform way through Group Policies.
There are instances where more command intensive scripts need to be run, like a PowerShell script, so running start-up scripts make more sense in these scenarios.
The main reasons that you would want to map network drives with a group policy are:
- It is simple to set up and requires no need to understand how to write scripts. There are a few simple graphical boxes to click on and select, then a button to enable or disable the options.
- It is suitable for all sized environments and can accommodate your users even when your company grows larger.
- It can be tailored to your specific requirements.
- It is not difficult to do.
We will look at the 2 different methods of mapping your drives below.
Scenario 1: Map Network Drive with a Group Policy
Item level targeting is a form of Group Policy Drive Mapping and is commonly used. We will map a network drive and look at the steps needed to get this up and running. We will use the OU details as an Item Level Target for our mapping, but Security Groups can also be used to select targeted users and groups, allowing for a more granular type of drive mapping and file sharing.
1: Create & Configure the test GPO
First you will need to open the Group Policy Management Console
Then once you have opened-up the Group Policy Management Console, you will need to Right Click and then Select the option that reads ‘Create a GPO in this domain and Link it here’. In this example we will be using a user-based GPO which means that we have to ensure that we link the GPO to the correct location. This means that we also be targeting the users that we wish to give access to. We’ve got all of our users in an OU, so we will be adding them.
After we’ve done this, we will need to allocate a name our new GPO. We can call it whatever we want but in this case I called it User Drive Mappings. The great thing about this method is that we can later add additional drive mapping onto the same GPO, which we will actually do with individual user drive mappings for home directories.
As we can see, the new GPO has been created and the link has been setup. We can now move on to configuring other settings.
2: Configure Our GPO Settings
Next we need to right click on the GPO and then click on edit.
Afterwards you will need to navigate through User Configuration, then Preferences, then Windows Settings, and then Drive Mappings.
After that you need to right click on Drive Mappings, then click on Select New, and then click on Mapped Drive.
Next we need to configure Drive Mapping Properties
We will be working in the General tab of this window, and the following details have to be entered into the following forms.
- We need to type in the path to your network share in the ‘Location’ form
- Select a drive letter from the drop-down box
- From the top drop-down box click the ‘Update’ option
- If you want to enter a label then you can enter that as well but it is not essential
Next, click on the ‘Common’ tab so that we can edit the settings in there. Click on the “Run in logged on users’ security context” option in order to make this work properly.
Then we will have to select the Item-level Targeting option and then click on the ‘Targeting’ button.
Choose New Item and then choose the Organization Unit we want to use.
To finish, click Ok. We are done with the configuration.
3: Restart the PCs on your Network to run the new GPO
In order for the new GPO to run we will need to restart the computer. You can also run the command gpupdate /force from the command line in Windows. To access the command line click on ‘Start’ and type in cmd and then press ‘Enter’. You can now run the command and force the update to process the new GPO that we have created. After the PC has rebooted, we will log in with a user that is from the OU that we originally targeted. We will see a new mapped drive in showing up in the computer’s hard drive selection under ‘This Computer’.
We can now access this mapped drive whenever we log in with these credentials. Logging in with another user from a different OU will not map the drive, giving us layered control over our drive mapping resources, which is both convenient and more secure. To give access to this mapped drive, a user will need to belong to the same OU that we granted access for in the Security Group.
Scenario 2: Let’s Use a Group Policy to Map a Drive for a Single User
What we will do here is map a user drive, also called a home drive in some organizations. This is a mapped network drive that is private for each user and allows them to work on files while logged onto the network. It provides security and convenience for the user as the threat of theft of the computer or laptop will not affect the data that the user normally accesses. This is because the data is usually stored on a secure server within the organization.
We could look at creating a new GPO from scratch, or we can add this new policy to an existing one. In our case we can just add to an existing GPO for demonstrative purposes. To make this work, we will need to have a folder created for the user with the correct permissions on the network. Because this is a home folder, we need to make sure that nobody else can access its contents, due to privacy considerations.
1: Map the Drive
These are the settings that the user needs to map a drive.
In order for us to make this work for each individual user that logs on, we need to use a variable. In this case, the percentage signs encase the UserName variable and will pull the data for each user that logs onto the system. The script will create the folder that corresponds with the username, and grants access to the folder at the same time.
And just like that we have created a new user drive mapping.
All that is left to do is to have the user log off and log back on again. The home folder will now show up under the Devices and Drives window and it will be labelled as the H drive.
Our user now has access to the department’s mapped drive, and their own personal data too. Easy peasy.
We have learned just how simple it is to get mapped network drives automated via a simple GPO configuration. We don’t need to know how any scripting works or rely on potentially system slowing scripts. This is great news if you don’t feel like typing out all of these commands for each user in your organization, especially if you have hundreds of people working there. That is a huge time saver. The way that we have configured everything means that a new user that joins the organization will have their H drive mapped out automatically, and the departmental drive will automatically be assigned based on the OU membership of the user.
An Alternative to Manually Monitoring Active Directory is SolarWinds Server and Application Monitor (SAM)
SolarWinds has created a whole host of different applications to help you keep tabs on your operational environments, and SAM is the gold standard to monitor your Active Directory setup on the network.
It is also ideal for keeping a watchful eye over mission critical apps, data bases and services. It is a proactive solution that detects common Active Directory issues without the hassle and intensive setup on log management software such as SCOM.
SAM comes with built in support for Virtual Machines and much more!