As always log on to the domain controller and launch the “Group Policy Management” app.
Right click “Group Policy Objects” and select “New”
Type a name for the Policy – f.ex. “Driver mapping”
I use the same policy for all the drive mappings so I don’t get 15+ policies.
Right click the newly created policy and select “Edit…”
And expand [User Configuration] – [Preferences] – [Windows Settings] and select [Drive Maps]
Now right click in the content window – and select “New” – “Mapped Drive”
In Action, select “Update”, this will update create the drive if no drive i mapped, if there is a mapped drive, then it will update the mapped drive with the new settings.
In location give the server path for the fileshare f.ex. “\\server\share$”
Select “Reconnect” if the drive should reconnect.
Label as, is optional but could be used to give an easy to understand name to the users f.ex. “Sales Dept”.
Select a drive letter from the list.
All other settings can be left alone.
On the “Common” tab select “Run in logged-on user’s security context (user policy option)” this is impotant as to do the drive mapping as the logged in user instead of trying to map the drive as the system.
Finally select the “Item-level targeting” but setting the checkmark and press “Targeting,,,” this allows the drive mapping to only hit the correct target instead of hitting at all users.
There are a lot of options to use to pinpoint the targets, f.ex. “Organizational Unit” or “User”. But personally I prefer to use “Security Group”.
When selecting a “Security Group” it is important to pick the group using the “…” button, and find the group using the Select Group tool. This pickes the right group and adds the correct SID for the group to the policy.
Press OK twice to close the Targeting and drive mapping windows
And close the “Group Policy Management Editor” to finish editing the policy.
Back on the “Group Policy Management” window, select the new policy and select the “Scope” tab. Here it shows that the policy is not linked to anything.
To make sure that this policy is added to the users in the correct security groups, we need to link the policy to a point in the AD.
If you have a large AD where there are multiple OU’s for different departments that needs different drive mappings, then you use the top most OU possible.
For this blogpost I will use the domain root instead, as I add the drive policy here to make sure that all users in the AD will get this policy if they are added to the security groups used in the targeting.
Right click the domain root and select “Link an Existing GPO…” and select the new “Drive Mappings” gpo from the list. And press “OK”.
After this, the users should get their new drives mapped when they logon to their computers, if they are member of the right security groups.