In the previous sections we discussed setting up admin accounts and managing printers via group policy. For this installment we will touch on the third section: mapping drives. Without further ado we will jump straight in! We will start with setting up company shares and will then show you the same steps again but this time with user shares as the target and the last bit of this article will show you another layer: item level targeting
1) As you will most likely have guessed we need to go back into the group policy management interface
2) We will start by navigating to “User Configuration”, “Windows Settings” then the “Drive Maps” section
3) From here you will be creating the mappings. There are 4 options: create, update, replace and delete. I will use the create action but the others can be used as needed
4) Right click in the “Drive Maps” window and select “New”, “Mapped Drive”. This will bring up the following window
5) Select the create action to create your first new drive mapping (Yay!)
6) Enter the UNC path to the share. As you learned if you read the previous post on Printer Mapping in GP you will know that you need to create the share (and actually share it) first
7) Now you will pick the drive letter for the mapping
8) You can specify the connection options if you want. For this exercise I will leave them blank. In practice, you should not need to set this unless the share requires special permissions (which most don’t)
9) Then you can select the Hide/Show setting if needed. Again, that is up to you and is not required for setting up a basic share
10) Click Okay and watch the magic happen. Seriously, that is all it takes.
11) So in the preamble I told you that we will also cover user shares. The truth is that we have to do the same steps again but with one small change: In the location section just enter the user variable (%username%)
12) The one “gotcha” here is that the user share must exist on the server in the given path. So one of the first steps (or you can do it now if it was not already done) is to create a share on the server for the user and name it with the same name as the user logon account
13) Here comes the last bit of wisdom for drive mappings: Item Level Targeting. This nifty little option allows you to pick only certain users to have the mapping. I use this to create a “Tech” share that only members of the technical team can see even though it is part of the same policy that all user get. It helps keep GP a little cleaner and easier to manage. Don’t’t worry – the mapping is not hidden from the other users: it is not there. We target a group (or a particular user) and if you are not in the group (or are not the user) the share will not map so it remains totally secure
14) So this is how to do it. Click on the “Common” tab and select “Item-level Targeting” and click the button
15) Pick the group/user in question and like that, you are done
So there you have it. Corporate and user shares all mapped and uniform for everyone. We also targeted the tech team and gave them access to a share only for them even though we did not have to create a whole new policy for them. There are a few little tricks and tips I will impart with you before we wrap up: make sure to select the create action or the drive will not show up and remember to map the GP to the OU in question and make sure the user/group is in the same OU.
This is the last posting in my tour of Group policy. I hope you learned a lot and feel much more comfortable to use this amazing tool. Once you get used to the interface and terminology you will start to see that it is not so intimidating. As a parting piece of advice: the settings that can be controlled via GP are virtually endless. I covered a few of the common ones but there is so much more to play with. Build yourself a test environment or a test machine and start looking around – life is so much easier when it is well managed and GP does this and more!
Keep you stick on the ice!