You can use Group Policies to flexibly map shared network folders from your SMB file servers as separate Windows network drives. Traditionally, .bat logon scripts containing the net use M: \\ro-fs01\sharename command were used to map network drives in Windows. However, Group Policies are more flexible, faster and may be updated in the background (you don’t need to reboot a computer or log off to map network drives via GPO).
In this article we’ll show you how to use GPO to map network drives in Windows.
Lets’ look on how to automatically map a department shared network folder based on AD security groups and users’ personal network drives. Create a new security group for a Marketing department in Active Directory and add the employee accounts to it. You can create and fill the group using the graphic ADUC console (dsa.msc) or use the PowerShell cmdlets to manage AD groups (included in the AD for PowerShell module):
New-ADGroup "IT-Marketing" -path 'OU=Groups,OU=Rome,OU=IT,dc=woshub,DC=com' -GroupScope Global -PassThru –Verbose
Add-AdGroupMember -Identity IT-Marketing -Members b.bianchi, k.rossi, a.russo, m.baffi
Suppose, you have a file server where shared folders of different departments are stored. The UNC path to the shared folder that your marketing team is using and which should be mapped to all employees in the department is \\ro-fs01\share\marketing.
Then create a GPO to map the shared folder as a network drive.
- Open the Group Policy Management Console (
gpmc.msc) to manage the domain GPO; - Create a new GPO and link it to the user account OU, then select Edit;
- Go to User Configuration -> Preferences -> Windows Settings -> Drive Maps. Create a new policy setting: New -> Mapped Drive;
- In the General tab, specify the connection settings for your network drive:
- Action: Update (this mode is used the most often);
- Location: a UNC path to the shared folder you want to connect;
- Label as: a drive label;
- Reconnect: makes a network drive permanent (it will be reconnected every time you log in, even if you remove the policy. There is a /persistent analog option in
net use); - Drive Letter: assign a drive letter for shared folder;
- Connect as: this option is not available now since Microsoft currently doesn’t allow storing passwords in Group Policy settings.
- Go to the Common tab, check the Run in logged on users’s security context and Item-level Targeting options. Then click Targeting;
- Here we will specify that this policy must be applied only to the members of the AD security group created earlier. Select New Item -> Security Group -> your group name;
- Save the changes;
- The mapped network drive will be available in File Explorer and other programs appears in the user session after the GPO is updated.
Create another policy rule to map personal network folders of the users as network drives. Suppose, you have a file server where personal user folders are stored (each folder has individual NTFS permissions so that users cannot access anybody else’s data). You want these folders to be automatically mounted as network drives in user sessions during logon.
Create a separate folder for each user matching their AD names (sAMAccountName) and assign the corresponding NTFS permissions.
Create another drive mapping rule in the same GPO.
Specify the path to the shared folder with user personal folders as \\ro-fs01\shared\home\%LogonUser%. I have set %LogonUser% - Personal as a drive label.
Save the changes and update the group policy settings on user computers using this command:
gpudate /force
Then users will see their personal folders from a file server mapped as network drives. Users will be able to store their personal data on them. The network drive will be mapped on any computer a user is logged on to.
Thus, you can create a lot of separate items with different conditions of mapping network drives to users in a single GPO.
To select different computer or user criteria when connecting network drives, GPP targeting features are used (they are based on WMI filters).