It how to map network drives on windows clients via group policy

Taylor Gibb
It how to map network drives on windows clients via group policyTaylor Gibb
Writer

Taylor Gibb is a professional software developer with nearly a decade of experience. He served as Microsoft Regional Director in South Africa for two years and has received multiple Microsoft MVP (Most Valued Professional) awards. He currently works in R&D at Derivco International. Read more.

It how to map network drives on windows clients via group policy

Mapping network drives is one of the most common jobs for a network administrator. In the past we used to use a script, but there is a group policy setting that can save us the scripting effort.

Note: this is part of our ongoing series teaching IT administration basics, and might not apply to everybody.

Mapping Network Drives Using Group Policy

Open the Group Policy Management Console by searching for it from the Start Menu.

It how to map network drives on windows clients via group policy

You’ll want to drill down into your domain until you reach the Machines object, where you can right-click and choose to Create a GPO.

Note: Although the OU in our example is called the Machines OU it also contains some users. The Group Policy Setting that allows you to map drives is a User setting and is therefore assigned at logon, this means that the OU that you tie the GPO to should contain Users rather than only computers.

It how to map network drives on windows clients via group policy

We have to give our new policy a name, we will name ours Mapped Drives (General).

It how to map network drives on windows clients via group policy

Now we can right click on the policy and choose edit.

It how to map network drives on windows clients via group policy

The policy that controls mapped drives is located at

User Configuration\Preferences\Drive Maps

We need to select the policy and right click in the white space and select new mapped drive.

It how to map network drives on windows clients via group policy

Change the action to create, and type a location for your shared folder.

It how to map network drives on windows clients via group policy

Now set the label, this is the name that will appear on the drive in my computer. You will also need to choose a drive letter, it is a best practice to choose a static letter across the board, the last thing you need to do is change the radio button at the bottom to Show this drive.

It how to map network drives on windows clients via group policy

Now when the users logon the drives will be effortlessly mapped.

  • › How to Restore Taskbar Labels on Windows 11
  • › Why Do Clear Phone Cases Turn Yellow?
  • › The Worst Thing About Samsung Phones Is Samsung Software
  • › 5 Fonts You Should Stop Using (and Better Alternatives)
  • › What Does XD Mean, and How Do You Use It?
  • › How to Install the Google Play Store on Windows 11

It how to map network drives on windows clients via group policy Taylor Gibb
Taylor Gibb is a professional software developer with nearly a decade of experience. He served as Microsoft Regional Director in South Africa for two years and has received multiple Microsoft MVP (Most Valued Professional) awards. He currently works in R&D at Derivco International.
Read Full Bio »

Mapping network drives is a common task for system administrators. One option is to create a batch script that runs every time the workstation starts. But there is a simpler and more convenient method: using Group Policy. Mapping network drives via Group Policy is faster and easier, so it is a much more scalable approach.

Here is a step-by-step guide for Group Policy drive mapping:

Step #1. On a Microsoft Windows Server with the Active Directory role installed, open the Group Policy Management

Step #2. Create a new GPO and give it a name. Then link it to an OU that contains user accounts because Group Policy drive mapping is a user configuration preference. You can also select an option – create a GPO in this domain and link it here, after that use item-level targeting option which will be described below.

It how to map network drives on windows clients via group policy

Step #3. Right-click the new Group Policy object and go to User Configuration -> Preferences -> Windows Settings -> Drive Maps.

Step #4. Right-click Drive Maps, select New and then click the Mapped Drive

It how to map network drives on windows clients via group policy

Step #5. Then you need to configure the settings for the new mapped drive. Here are the options on the General tab:

    • Action — Select an action that will be performed on the shared drives:
      • Create — creates a new mapped drive for users.
      • Delete — deletes a mapped drive for users.
      • Replace — deletes and then creates mapped drives for users.
      • Update — modifies settings of an existing mapped drive for users. This action differs from Replace in that it only updates settings and don’t delete

      It how to map network drives on windows clients via group policy

      Step #6. Click the Common tab to configure these additional settings for all items:

        • Stop processing items in this extension if an error occurs
        • Run in the security context of the user who is currently logged on
        • Remove this item when it is no longer applied
        • Apply once and do not reapply
        • Item-level targeting (see step 7)

        It how to map network drives on windows clients via group policy

        Step #7. Item-level targeting allows you to apply drive mappings in a very flexible way. For example you could apply a drive mapping only to a certain OU and the users and computers in it, or only to a certain IP address range. If you enable item-level targeting, click the Targeting button to open the Targeting Editor. Click New Item and select the type of item that you want to apply the new shared drive mapping policy to. The screenshot below shows how to select Organizational Unit and then choose the specific users or computers in that OU. Click OK to close the Targeting Editor.

        It how to map network drives on windows clients via group policy

        Step #8. To apply the policy, either reboot the target computers or run gpupdate /force on them. Alternatively, you can go to Group Policy Management, right-click the target OU, and then click Group Policy Update.

        Now, whenever a user logs on to any of the targeted computers, the new network drive will be shown in their file explorer.

        Conclusion

        As you can see, mapping a network drive via Group Policy is a very easy process and doesn’t require any PowerShell scripting experience. It is the best way to assign network drives to your users in a centralized manner, and makes troubleshooting easier — for example, you can simply use gpresult rather than writing logon scripts.

        For years, IT administrators have been relying on logon scripts for mapping users’ network drives in a Windows domain environment. However, more recently, administrators have found an effective alternative in Group Policy preferences and are increasingly making the switch. Mapping network drives using Group Policy preferences is flexible, provides easy control over who receives the drive mappings, and has easy-to-use user interfaces, all of which are in stark contrast with the complexities associated with scripts.

        Setting up drive mappings with Group Policy preferences

        Group Policy preferences are a set of extensions that increase the functionality of Group Policy Objects (GPOs). Administrators can use them to deploy and manage applications on client computers with configurations targeted to specific users. The Drive Maps policy in Group Policy preferences allows an administrator to manage drive letter mappings to network shares.

        Steps involved:

          Open Group Policy Management.

        Right-click the domain or the required subfolder to create a new GPO, or select an already existing one. Right-click and select Edit to open the Group Policy Management Editor.

        Go to User Configuration > Preferences > Windows Settings > Drive Maps.

        Right-click and select New > Mapped Drive.

        Under the General tab (see Figure 1 below), do the following:

        Action: Select Create or Update.

        Location: Specify the full file path, e.g. \\Anjali-dc1\c.

        Reconnect: Enable this to auto connect the drive.

        Label as: Pick a suitable name for the shared drive, e.g. SharedDrive.

        Drive Letter: Select a suitable letter for the drive, e.g. K.

        Connect as: Enter a username and password if you want users to connect with certain credentials other than their own Windows login credentials.

        Hide/Show this drive: Select whether you want to hide the folder or make it visible on the network.

        Hide/Show all drives: Select whether, by default, all the shared drives/folders are hidden or visible.

        It how to map network drives on windows clients via group policy

        Figure 1. Configuring general properties for drive mapping.

          Click Apply and OK.

        For the settings to take effect, open a Command Prompt in the computer receiving the drive mapping, type GPUPDATE, and hit Enter.

        Once the Group Policy settings have taken effect on the desired users/computers, the mapped drives should automatically appear under Network Location(s) as seen in Figure 2.

        It how to map network drives on windows clients via group policy

        Figure 2. Mapped network drive.

        Deploying item-level targeting with Group Policy preferences

        Item-level targeting (ILT) is a feature of Group Policy preferences that allows preference settings to be applied to individual users and/or computers dynamically. ILT allows an administrator to specify a list of conditions that must be met in order for a preference setting to be applied or removed to a user or computer object. The criteria available for targeting settings to users and computers can be seen below in Figure 3.

        It how to map network drives on windows clients via group policy

        Figure 3. ILT options for Group Policy preferences.

        In our example of configuring drive mapping, only users in the Product Managers group would receive the mapping. To accomplish this:

        • Under the Common tab of the mapped drive properties, check the Item-level targeting option, and then click Targeting…. Refer to Figure 4 below.

        It how to map network drives on windows clients via group policy

        Figure 4. Configuring item-level targeting for drive mapping.

        In the Targeting Editor window, click New Item and select Security Group.

        Click the … button, and type in the name of the security group.

        Click OK to close the Targeting Editor once you’re finished adding items to the list. See Figure 5.

        It how to map network drives on windows clients via group policy

        Figure 5. Adding preferences for item-level targeting.

        The security group targeting option allows you to pick any Windows Active Directory security group (domain local, global, or universal) to use as a target. The security group targeting option is one of the most flexible and useful ILT setting. Since this target focuses on group membership, it is typically used for the user environment including shortcuts, files, network shares, schedule tasks, data sources, drive mappings, printers, and IE settings.

        Summary

        Setting drive mappings with the help of Group Policy preferences does not require any scripting knowledge and is both easy to use and efficient. The item-level targeting feature of Group Policy preferences allows settings to take effect on individual users and/or computers. This allows flexibility and lets you powerfully manage users and computers.

        You can use Group Policies to flexibly map shared network folders from your SMB file servers as separate Windows network drives. Traditionally, .bat logon scripts containing the net use M: \\ro-fs01\sharename command were used to map network drives in Windows. However, Group Policies are more flexible, faster and may be updated in the background (you don’t need to reboot a computer or log off to map network drives via GPO).

        In this article we’ll show you how to use GPO to map network drives in Windows.

        Lets’ look on how to automatically map a department shared network folder based on AD security groups and users’ personal network drives. Create a new security group for a Marketing department in Active Directory and add the employee accounts to it. You can create and fill the group using the graphic ADUC console ( dsa.msc ) or use the PowerShell cmdlets to manage AD groups (included in the AD for PowerShell module):

        New-ADGroup “IT-Marketing” -path ‘OU=Groups,OU=Rome,OU=IT,dc=woshub,DC=com’ -GroupScope Global -PassThru –Verbose
        Add-AdGroupMember -Identity IT-Marketing -Members b.bianchi, k.rossi, a.russo, m.baffi

        Suppose, you have a file server where shared folders of different departments are stored. The UNC path to the shared folder that your marketing team is using and which should be mapped to all employees in the department is \\ro-fs01\share\marketing .

        Then create a GPO to map the shared folder as a network drive.

        1. Open the Group Policy Management Console ( gpmc.msc ) to manage the domain GPO;
        2. Create a new GPO and link it to the user account OU, then select Edit; It how to map network drives on windows clients via group policy
        3. Go to User Configuration -> Preferences -> Windows Settings -> Drive Maps. Create a new policy setting: New -> Mapped Drive;It how to map network drives on windows clients via group policy
        4. In the General tab, specify the connection settings for your network drive:
          1. Action: Update (this mode is used the most often);
          2. Location: a UNC path to the shared folder you want to connect;
          3. Label as: a drive label;
          4. Reconnect: makes a network drive permanent (it will be reconnected every time you log in, even if you remove the policy. There is a /persistent analog option in net use );
          5. Drive Letter: assign a drive letter for shared folder;
          6. Connect as: this option is not available now since Microsoft currently doesn’t allow storing passwords in Group Policy settings.It how to map network drives on windows clients via group policy

          Create another policy rule to map personal network folders of the users as network drives. Suppose, you have a file server where personal user folders are stored (each folder has individual NTFS permissions so that users cannot access anybody else’s data). You want these folders to be automatically mounted as network drives in user sessions during logon.

          Create a separate folder for each user matching their AD names (sAMAccountName) and assign the corresponding NTFS permissions.

          It how to map network drives on windows clients via group policy

          Create another drive mapping rule in the same GPO.

          Specify the path to the shared folder with user personal folders as \\ro-fs01\shared\home\%LogonUser% . I have set %LogonUser% – Personal as a drive label.

          Save the changes and update the group policy settings on user computers using this command:

          Then users will see their personal folders from a file server mapped as network drives. Users will be able to store their personal data on them. The network drive will be mapped on any computer a user is logged on to.

          Thus, you can create a lot of separate items with different conditions of mapping network drives to users in a single GPO.

          To select different computer or user criteria when connecting network drives, GPP targeting features are used (they are based on WMI filters).

          Last Updated: January 26th, 2020 by It how to map network drives on windows clients via group policy Hitesh J in Guides, Windows

          It how to map network drives on windows clients via group policy

          Mapping a network drive from the network file server to the local system is one of the most common tasks of any system administrator.

          You can easily share files and folders to network users with the map network drive.

          In the past, logon scripts would be used to map the network drive to the local system and this can be achieved using the Group policy as well.

          Mapping a network drive with Group Policy is very flexible and in some case, better than logon scripts because logon scripts will slow down your computers during login.

          Also, Group Policy automatically refreshes periodically in the background.

          In this tutorial, we will show you how to map a network drive using Group Policy in Active Directory.

          Map a Network Drive for Specific Department Using Group Policy

          In this section, we will show you how to map a network drive for the Education Department so that only users in the Education OU get the mapped network drive:

          1. Open the Group Policy Management Console.

          2. Right click on the webserveradc.com domain and click on the “Create a GPO in this domain, and link it here” as shown below:

          It how to map network drives on windows clients via group policy

          3. Provide the name of your New GPO and click on the OK button to create the GPO as shown below:

          It how to map network drives on windows clients via group policy

          4. After creating New GPO, right click on the Map Network Drive GPO and click on the Edit button as shown below:

          It how to map network drives on windows clients via group policy

          5. Next, navigate to User Configuration => Preferences => Windows Settings and right click on the Drive Maps => New => Mapped Drive as shown below:

          It how to map network drives on windows clients via group policy

          6. Next, provide the path of your network share folder, Choose Update in Action, Select drive letter as shown below:

          It how to map network drives on windows clients via group policy

          7. Next, in the Common tab, Select “Run in logged on users’s security context”, Select Item-level Targeting and click on the Targeting Button as shown below:

          It how to map network drives on windows clients via group policy

          8. Next, select New Item => Select Organization Unit => Select Education OU as shown below:

          It how to map network drives on windows clients via group policy

          9. Next click on the OK button, again click on the OK button to save the GPO settings.

          Once the GPO setup has been completed, you will need to restart your system to update the GPO settings.

          After restarting the system, login with a user from the Education department user and go to file explorer. You should see your mapped network drive in the following screen:

          It how to map network drives on windows clients via group policy

          Now, every user from Education OU will get this network drive.

          Map a Network Drive for Individual Users with Group Policy

          In section, we will learn how to map a network drive for individual users so that each user can get their own folder to save files.

          To do so, you will need to create a folder on the file server that matches the user’s login name.

          For the purpose of this tutorial, we will create three folders on the file server as shown below:

          It how to map network drives on windows clients via group policy

          You can follow the below steps to map a network drive for the user jayesh with Group Policy:

          1. Open the Group Policy Management Console.

          2. Right click on the webserveradc.com domain and click on the “Create a GPO in this domain, and link it here” as shown below:

          It how to map network drives on windows clients via group policy

          3. Provide the name of your New GPO and click on the OK button to create the GPO.

          It how to map network drives on windows clients via group policy

          4. After creating New GPO, right click on the All User Map Drive GPO and click on the Edit button as shown below:

          It how to map network drives on windows clients via group policy

          5. Next, navigate to User Configuration => Preferences => Windows Settings and right click on the Drive Maps => New => Mapped Drive as shown below:

          It how to map network drives on windows clients via group policy

          6. Next, provide your file server path, %UserName% as a variable that will match the user’s logon name, Choose Update in Action, Select drive letter as shown below:

          It how to map network drives on windows clients via group policy

          7. Next click on the OK button to save the GPO settings.

          Once the GPO setup has been completed, you will need to restart your system to update the GPO settings.

          After restarting the system, login with the user jayesh and go to File Explorer.

          You should see your mapped network drive in the following screen:

          It how to map network drives on windows clients via group policy

          Conclusion

          You have successfully mapped a network drive from the network file server to your local system.

          You can now set up your own Group Policy to map a network drive as per your infrastructure requirements without any user interaction at all!

          There are two methods for mapping a shared folder to a network drive (using GUI and group policy). I am focusing on the latter method of using a group policy.

          I assume you have already shared a folder with the right permissions. You can check my recent article on setting correct permissions for a shared folder.

          Map a Shared Folder to Network Drive

          Step 1: Open the group policy management console.

          Step 2: Right-click on your domain or any specific user’s OU for which you want to map the network drive.

          Step 3: Click “Create a GPO in this domain, and Link it here“.

          Step 4: Give a meaningful name to the GPO.

          Step 5: Right-click on the newly created GPO and choose Edit.

          Step 6: Now, go to the following location:

          User Configuration -> Preferences -> Windows Settings -> Drive Maps

          Step 7: Right-click on Drive Maps and then click New -> Mapped Drive.

          Step 8: On the General tab, choose ‘Create’ from the action drop down.

          Step 9: Provide the shared folder location, check the Reconnect checkbox, and give a meaningful label as well as a drive letter.

          Step 10: Go to the common tab, and choose Run in logged-on user’s security context option.

          Step 11: Open the command prompt and execute the gpupdate command to update the group policies.

          It how to map network drives on windows clients via group policyMap drive with group policy

          Group Policy is a hierarchical infrastructure that allows a network administrator in charge of Microsoft’s Active Directory to implement specific configurations for users and computers. Group Policy is primarily a security tool, and can be used to apply security settings to users and computers. Group Policy allows administrators to define security policies for users and for computers. These policies, which are collectively referred to as Group Policy Objects (GPOs), are based on a collection of individual Group Policy settings. Group Policy objects are administered from a central interface called the Group Policy Management Console. Group Policy can also be managed with command line interface tools such as gpresult and gpupdate.

          Group Policy objects are applied in a hierarchical manner, and often multiple Group Policy objects are combined together to form the effective policy. Local Group Policy objects are applied first, followed by site level, domain level, and organizational unit level Group Policy objects.

          The native collection of Group Policy settings pertain exclusively to the Windows operating system. An administrator might for instance use these native Group Policy settings to enforce a minimum password length, hide the Windows Control Panel from users, or force the installation of security patches. However, Group Policy is designed to be extensible through the use of administrative templates. These administrative templates allow various applications to be configured through Group Policy settings. One of the best known examples of this is the collection of administrative templates for Microsoft Office.

          Administrative templates consist of two components. An ADMX file is the XML file containing all of the Group Policy settings that are associated with the template. A corresponding ADML file acts as a language file that allows the Group Policy settings to be displayed in the administrator’s language of choice.

          Group Policy objects can be applied locally to a Windows computer through its own operating system, or Group Policy objects can be applied through Active Directory. Local group policies allow security settings to be applied to either standalone computers or computers managed by a domain controller, but these policy settings cannot be centrally managed. Conversely, Active Directory based Group Policy objects can be centrally managed, but they are only implemented if a user is logging in from a computer joined to the domain.

          Many organizations use a combination of local and Active Directory Group Policy objects. The local policy settings provide security when the user is not logged into a domain, while Active Directory Group Policy objects apply once the user has logged in.

          It how to map network drives on windows clients via group policy

          This guide demos how to map network drive with group policy.

          This guide is for Windows Sys Admins. If you are an end user that needs to map network drive use the steps in this guide – How to Map Network Drive in Windows 10 (5 Methods).

          Steps to Map Network Drive with Group Policy

          The high-level steps covered in this guide:

          1. Create a Group Policy Object (GPO)
          2. Link the GPO to an Active Directory Container
          3. Publish a Network Share in Active Directory
          4. Configure Map Network Drive with Group Policy

          Create a Group Policy Object (GPO)

          It how to map network drives on windows clients via group policy

          The first step to map network drive with Group Policy is to create a new GPO.

          Here are the steps:

          • Logon to a Domain Controller and open Server Manager.
          • From Server Manager, click Tools. Then click Group Policy Management.
          • When Group Policy Management opens expand your domain name. Then expand Group Policy Objects.
          • To create a new GPO, drag Default Domain Policy to Group Policy Objects container.
          • You will then receive a Copy GPO prompt. Click OK. When the copy is completed, click OK (See the second image below).
          • Right-click the new copied GPO and click Rename. Then give the GPO a descriptive name. See mine in the second image below.

          Link the GPO to an Active Directory Container

          It how to map network drives on windows clients via group policy

          After creating a new GPO, the next step to map network drive Group Policy is to link the new GPO to an Active Directory container.

          Here are the steps:

          • From Group Policy Management, drag the new GPO from Group Policy Objects container to the AD container you wish to link the GPO. For this example, I want to link the GPO to the Account Users OU.
          • When you drag the GPO to the AD container, you will receive a prompt to confirm that you wish to link the GPO to the container. Click OK.
          • To confirm that the GPO is linked, expand the container. The GPO should be beneath the container.

          Publish the Shared Folder in Active Directory

          It how to map network drives on windows clients via group policy

          Before you can map network drive with Group Policy the share has to be published in Active Directory.

          Obviously, you have to have shared the folder on the server before you can publish it in Active Directory. For steps to share a folder, click this guide – 3 Ways to Share a Folder in Windows 10.

          Here are the steps to publish a share in Active Directory:

          • Confirm that you can access the share from from another computer: Open File Explorer and type \\ServerName\ShareName.
          • Then logon to a Domain Controller and open Server Manager.
          • From Server Manager click Tools. Then select Active Directory Users and Computers.
          • When Active Directory Users and Computers opens, navigate to the container you wish to publish the share.
          • Then right-click the container. Point to New and select Shared Folder.
          • At the New Object – Shared Folder screen, enter a name for the share. Then enter the path to the share. Path should be entered in the format \\ServerName\ShareName. When you finish, click OK. The share will become available in the container (See the second image below).

          Configure Map Network Drive with Group Policy

          It how to map network drives on windows clients via group policy

          The final step to map network drive with Group Policy is to configure the GPO.

          Here are the steps:

          • Open Group Policy Management. Then expand the AD container you linked the GPO you created earlier.
          • Right-click the GPO and select Edit
          • When the GPO open for editing, navigate to User Configuration -> Preferences-> Windows Settings. Then click Drive Maps.
          • Right-click Drive Maps, point to New. Then select Mapped Drive.
          • When New Drive Properties opens, click the 3 dots beside Location field.
          • When you click the 3 dots, Find Custom Search will open with a list of all published shares in Active Directory. Click the share you wish to use. Then click OK.
          • Finally, check the Reconnect box. Then beneath Drive Letter, you could select Use the first available, starting at: or simply select a drive letter from Use: drop-down. Then click Apply, then OK. The mapped drive will be displayed in the Drive Maps node. See the second image below.
          • When the user logs off and back, the mapped drive should show up in their This PC.

          It is that easy to map network drive with Group Policy!

          If you found the guide useful we would appreciate your feedback. Use the “Leave a Reply” form found at the end of this page.

          We can use Group Policies to map shared network folders flexibly from SMB file servers as separate Windows network drives. Initially, .bat logon scripts containing ‘net use M: \\ro-fs01\sharename’ commands were used to map network drives in Windows.

          When we map a network drive, it looks like a new drive under This PC in File Explorer, allowing us to quickly access the shared files we need.

          Here at Bobcres, we map network drives or shared folders with Group Policy for our customers as apart of our Server Management Services. Today let’s see the steps that our Support Engineers follow for this mapping.

          Advantages of Mapping Drives or Shared Folders with Group Policy

          Group Policies are flexible, faster, and can also get updated in the background. It is very easy as it requires no scripting experience.

          Furthermore, it helps to speed up the user login process. Also, there is no need to reboot a computer or log off to map network drives via Group Policy.

          Following are some of the advantages of using group policy:

          1. Firstly, they are much easier than logon scripts. Checkboxes and drop-down lists, no need to understand scripting.
          2. It is scalable, as big as our Active Directory will grow logon scripts will scale no problem.
          3. Also, it is very flexible. With item-level targeting, we can target groups, users, OUs, operating systems, and so on.

          The support of network drive mapping in GPO appeared in Windows Server 2008.

          Steps to Map Network Drive or Shared Folders with Group Policy

          Here we will see how to map a department shared network folder automatically based on AD security groups and users’ personal network drives.

          1. Creating a new security group for a Marketing department in Active Directory.

          We will create a new security group for a Marketing department in AD and add the employee accounts to it.

          We can create and fill the group using the graphic ADUC console (dsa.msc) or use the PowerShell cmdlets to manage AD groups.

          Using the following command we can do this:

          2. Creating a GPO to map the shared folder as a network drive.

          We can do this using the following steps:

          1. Firstly, open the Group Policy Management Console (gpmc.msc) to manage the domain GPO.

          2. Then create a new GPO and link it to the user account OU, then select Edit.

          3. After that Go to User Configuration and take Preferences

          4. From there go to Windows Settings and take Drive Maps.

          5. Now create a new policy setting: New -> Mapped Drive

          4. In the General tab, specify the following connection settings for our network drive:

          a. Action: Update (this mode is used the most often)
          b. Location: a UNC path to the shared folder you want to connect
          c. Label as: a drive label
          d. Reconnect: makes a network drive permanent (it will be reconnected every time we log in, even if we remove the policy. There is a /persistent analog option in net use)
          e. Drive Letter: assign a drive letter for the shared folder
          f. Connect as: this option is not available now since Microsoft currently does not allow storing passwords in Group Policy settings.

          5. After that Go to the Common tab, check the Run in logged-on users’ security context and Item-level Targeting options. Then click Targeting.

          6. Here we will specify that this policy must be applied only to the members of the AD security group created earlier. Select New Item -> Security Group -> our group name
          7. Finally, save the changes

          8. Once the GPO is updated the mapped network drive will be available in File Explorer and other programs appears in the user session.

          3. Using Group Policy to Map a Drive for Individual Users

          We can do this using the following steps:

          1. Firstly create another policy rule to map personal network folders of the users as network drives.

          Suppose, we have a file server where personal user folders are stored. And we want these folders to be automatically mounted as network drives in user sessions during logon.

          2. We will create a separate folder for each user matching their AD names (sAMAccountName) and assign the corresponding NTFS permissions.

          3. Then create another drive mapping rule in the same GPO.

          4. After that we can specify the path to the shared folder with user personal folders as \\ro-fs01\shared\home\%LogonUser%. Let us set %LogonUser% – Personal as a drive label.

          5. For displaying the full list of environment variables available in GPP we can press F3.

          6. Finally, save the changes and update the group policy settings on user computers using the following command:

          Now the users will be able to see their personal folders from a file server mapped as network drives. Also, they will be able to store their personal data on them. The network drive will be mapped on any computer a user is logged on to.

          [Need Assistance? We are available 24*7]

          Conclusion

          In short, we saw how our Support Engineers map network drives or shared folders with Group Policy.

          Related posts:

          PREVENT YOUR SERVER FROM CRASHING!

          Never again lose customers to poor server speed! Let us help you.

          Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

          There are two methods for mapping a shared folder to a network drive (using GUI and group policy). I am focusing on the latter method of using a group policy.

          I assume you have already shared a folder with the right permissions. You can check my recent article on setting correct permissions for a shared folder.

          Map a Shared Folder to Network Drive

          Step 1: Open the group policy management console.

          Step 2: Right-click on your domain or any specific user’s OU for which you want to map the network drive.

          Step 3: Click “Create a GPO in this domain, and Link it here“.

          Step 4: Give a meaningful name to the GPO.

          Step 5: Right-click on the newly created GPO and choose Edit.

          Step 6: Now, go to the following location:

          User Configuration -> Preferences -> Windows Settings -> Drive Maps

          Step 7: Right-click on Drive Maps and then click New -> Mapped Drive.

          Step 8: On the General tab, choose ‘Create’ from the action drop down.

          Step 9: Provide the shared folder location, check the Reconnect checkbox, and give a meaningful label as well as a drive letter.

          Step 10: Go to the common tab, and choose Run in logged-on user’s security context option.

          Step 11: Open the command prompt and execute the gpupdate command to update the group policies.

          It how to map network drives on windows clients via group policy Map drive with group policy

          Using group policy is the ideal method of mapping network drives. Not only is it easier to understand for people who aren’t into scripting, it’s also easier to keep track of and audit.

          This guide will walk you through each step of pushing out a mapped drive as well as taking advantage of item level targeting to make sure that drive only goes to who and what you want it to.

          Mapping Drives with Group Policy vs Logon Scripts

          As mentioned earlier, group policy tends to be much easier for most admins to understand than scripting.

          Using group policy over scripting is also more efficient. It can decrease logon times since scripts have to run every time the user logs in.

          The ability to use item level targeting is also huge for the group policy method. This lets you control exactly who and what gets your policy to push out your drive.

          Since group policy is tightly integrated with your Active Directory, it’s very scalable.

          Let’s take a look at the most common use for mapping network drives with group policy, departmental network shares.

          How to Map a Drive for Departmental Use with Group Policy

          Here we are going to a create a group policy using item level targeting to push out a mapped network drive for Accounting based on a user’s membership to the Accounting security group.

          You could just as easily use item level targeting to push out drives by OU or a number of other things, which we’ll get into during the tutorial.

          Part 1. Create a New Group Policy Object

          1. Open Group Policy Management with a privileged account.
          2. Right click the OU that you want to link the new GPO to and click on “Create a GPO in this domain, and Link it here….” This will be a user GPO so you’ll want to link it to the OU that contains your user accounts.
            It how to map network drives on windows clients via group policy
          3. Enter a name for your new GPO

          Part 2. Edit Your GPOs Settings

          1. Right click your GPO and click on Edit
            It how to map network drives on windows clients via group policy
          2. Expand User Configuration -> Preferences-> Windows Settings -> Drive Mappings
            It how to map network drives on windows clients via group policy
          3. Right click on Drive Mappings and then click on New -> Mapped Drive
            It how to map network drives on windows clients via group policy
          4. In the box that opens, choose Update for the Action (since we want to push a new drive rather than replace an existing drive).
            It how to map network drives on windows clients via group policy
          5. Enter the location of the shared folder you are wanting to push to your users. In my case, I have created an Accounting folder on the file server FileServer1 and shared it with the Accounting Dept security group read/write access to it.

          Pro Tip: You can also use this method to create individual user folders by creating shared folders for each user in your domain named after their username and using the %LogonUser% variable in your share path to point the mapped drive to their matching folder.

          Part 3. Update Group Policy on Your Computers

          We need to update Group Policy in order for the drive to show up. The simplest way to do this is to reboot the computer.

          It how to map network drives on windows clients via group policy

          1. Have your user restart their computer.
          2. Have the user log in.
          3. Verify the new drive has appeared. It should be listed under Network Locations.
          4. If the drive has not appeared, perform a gpupdate /force and reboot the computer again or have the user log off and then back on again.

          From this point forward, any user that you create within the OU that you linked this GPO to that is also added to the accounting group will receive this mapped drive.

          Like I said earlier, you could also choose to use item level targeting to push out drives based on what GPO a user is in and many other factors. You can even change the condition to “not” and push the drive to everyone that is not a member of a particular group. The options are endless.

          NOTE: I do have one caution to mention, if the computer is not connected to your network when the user logs in (in the case of laptops and tablets) the drive may not map. This can cause issues if your user logs in and then launches a VPN client.

          To resolve this, you’ll need to edit your GPO and choose the Reconnect option on the General Tab.

          It how to map network drives on windows clients via group policy

          Wrapping Up

          Pushing out mapped drives with group policy is a quick and painless process. It’s incredibly flexible and keeps everything simple. All of this leads to less trouble down the road and a better experience for you users.Hopefully you found this guide useful. Let us know if you have any troubles in the comments below!

          Recommended for You: Solarwinds Server & Application Monitor (SAM)

          It how to map network drives on windows clients via group policyKnow which applications are having issues in your environment before users complain? Know which systems are causing those problems? How about which servers are about to have problems like running out of space or memory?

          Automate collection of data and alerting on your applications and servers with Solarwinds Server & Application Monitor so you have these answers.

          Get insight into Active Directory, DNS, DHCP, and your Virtual and Applications environments without needing to mess with complex templates or knowing a single line of code.

          From my previous blog post, I have discussed on how to implement File Server Resource Manager on windows server 2016 (here). Also we have discussed how to create and configure quota, configuring file screening and generating reports. After implementing file server, many people face the problem of how to map the file server resource (share folder) to the users. From this post let’s discuss on implementing share folders and mapping them to individual users or groups of users with shared access.

          Continuing with previous post I’m using the Windows Server 2016 File Server Resource Manager in a domain environment to configure share folders.

          Map Users Personal Drive with FSRM

          Most IT departments are willing to provide a centralized location to save users valuable data in order to minimize the risks of saving them in users computers. Local saving locations such as PC’s or Laptops can be compromised by a third party or user might accidently delete them and there might be no backups taken to recover. While managing these data in centrally, organizations can make sure data is available with regular backups and secured from a third party. But when managing data centrally, data should be secured and should not be able to access by users other than the owner. Also these data should be in a place that easily access to the user without much hassle.

          In Active directory environments, there is an option called Home Folders. Home folder is a folder created with the user’s SamAccount name and only accessible to the particular user other than the domain admin. First you have to create the share location in the file server with the relevant permissions.

          Following step by step approach can take to create the share folders and publish them using Home Folder option in Active Directory.

          1. Login to the server where you have installed File Server Resource Manager
          2. Open Server ManagerFile and Storage ServicesShares – New Share

          Map Share Using Group Policy

          There are situations you have to map multiple drives to users other than the home folder. In old days, you have to place a logon script on each machine to archive this. But with Windows Server 2008R2 and above you can do this by Group Policies. Also this share or drive can be mapped to a security group with item targeting.

          Before creating the GPO, create the share folder according to the above steps. Then

            Create a new GPO, Edit – User Configurations – Windows Settings – Drive Maps

          Note – Sometimes you may need to target the Drive to a security group without considering the OU. This is called item level targeting, follow the steps from point 5

          Almost everyone uses mapped drives of some flavor in their environments. Creating drive mappings manually as part of a new user start-up process is cumbersome and unnecessary. It is also work that will probably need to be duplicated as users move from one computer to another in the future. If we utilize Group Policy to centralize the creation of these drive mappings, we can ensure that the same users get the same drive mappings wherever they log into the network. Planned correctly, you can enable these mappings to appear on any domain-joined system across the network by the user simply logging in to the computer like they always do. This is a good, simple first task to accomplish within Group Policy to get our feet wet and to learn something that could turn out to be useful in your organization.

          Getting ready

          We are using a Server 2016 domain controller in our environment in order to create and configure this Group Policy Object. We will assume that you have already created a new GPO for this task that has been configured for Links and Security Filtering.

          How to do it…

          To create a drive mapping in Group Policy:

          1. Open the Group Policy Management Console from the Tools menu of Server Manager.
          2. Expand the name of your domain and then expand the Group Policy Objects folder. There we see our new GPO called Map Network Drives .
          3. Right-click on the Map Network Drives GPO and click on Edit… :

          It how to map network drives on windows clients via group policy

          1. Navigate to User Configuration | Preferences | Windows Settings | Drive Maps .
          1. Right-click on Drive Maps and choose New | Mapped Drive :

          It how to map network drives on windows clients via group policy

          1. Set Location as the destination URL of the drive mapping, and use the Label as field if you want a more descriptive name to be visible to users.
          2. Choose a Drive Letter to be used for this new mapping from the drop-down menu listed on this screen:

          It how to map network drives on windows clients via group policy

          1. Click OK .
          2. We are assuming you have already created the Links and Security Filtering appropriate to where you want this GPO to apply. If so, you may now log in to a computer on your domain as a user account to which this policy will apply. Once logged into the computer, open up File Explorer and you should see the new network drive mapped automatically during the login process:

          How it works…

          There are a few different ways that drive mappings can be automated within a Windows environment, and our recipe today outlines one of the quickest ways to accomplish this task. By using Group Policy to automate the creation of our network drive mappings, we can centralize the administration of this task and remove the drive mapping creation load from our helpdesk processes.

          When setting up an Active Directory, one of the first things you want to set up is automatic mapping of network drives to different users.

          As a reminder, a network drive is a share presented to a workstation / user in the form of a letter like a hard disk / USB stick ….

          In this tutorial, I will show you two ways to mount a network drive, by GPO and using a script that must be executed at login, so using group policy as well .

          Through this tutorial, we will see that the result is identical.

          Mapping network drives by group policy has several advantages for me:

          • They are updated regularly by client workstations and it is possible to force the update with the gpupdate command.
          • Using a graphics console
          • Lots of filtering options (even if not script we can do the same).
          • Record events in Windows Viewer for quick debugging.

          The logon script is certainly configured in a group policy, but the command gpupdate does not allow to replay the script, it is imperative to close then reopen the session to apply the script again.

          • Have an Active Directory environment.
          • Have a shared folder accessible to users to which it will be mapped.

          GPO – Group Policy

          1. Open the Group Policy Editor on a domain controller.

          2. Create a new strategy, right-click on the domain name 1 or on an organizational unit and click on Create a GPO object in this domain, and link here 2 .

          3. Give a name with strategy and click OK 1 .

          It how to map network drives on windows clients via group policy

          4. Right-click on Strategy 1 and click on Edit 2 to open the editor.

          It how to map network drives on windows clients via group policy

          5. Go to User Configuration> Preferences> Windows Settings and double click on Drive Mappings 1 .

          It how to map network drives on windows clients via group policy

          6. Right click New 1 > Mapped drive 2 .

          7. Fill out the form:

          • 1 Enter the location of the network share
          • 2 Indicate the letter used
          • 3 Apply
          • 4 OK
          • A and B to label the network drive

          8. Drive 1 should be visible in Drive Mappings.

          9. Summary of the GPO, by default the drive will be mapped to all users.

          Limit mapping to a group

          In this part, we will see how to limit the mapping to a user group using Item Level Targeting.

          It is also possible to limit the execution of the strategy to the level of the security filtering, which implies to make a strategy per reader.

          The targeting at the level of the boundary element not the rights on the share, it is necessary even to set the rights NTFS on the file.

          1. Edit your player right click on 1 and Properties.

          2. Go to the Common tab 1 , tick “Item Level Targeting” 2 and click on Targeting 3 .

          3. Click New Item 1 and select Security Group 2 .

          4. Add your group 1 and click OK 2 .

          5. It’s over, the P drive will be mapped only to users in the Grp_Partage_RW group. If you go back to the overview of the parameters of the strategy, you can see the elements of the targeting 1 .

          It how to map network drives on windows clients via group policy

          Script

          1. Create a new file that should have the vbs extension.

          2. Edit the file (Notepad ++, notepad …) and add the codes below:

          3. Add the script to Group Policy logon to map the network drive.

          Limit mapping to a group by script

          How for the GPO, we will now modify the script to limit the network drive mapping to Grp_partage_RW group.

          1. Edit the file:

          As you can see, we added two functions at the end of the code, which allow verification of the group membership of the connected user. The drive mapping is now subject to condition (if).

          Conclusion

          GPO or script, both solutions work everything depends what you prefer. If you opt for the script, comment well on your code.

          Mapping network drives using Group Policy preferences is flexible, provides easy control over who receives the drive mappings, and has easy-to-use user interfaces, all of which are in stark contrast with the complexities associated with scripts. In this post, we will show you how to map a Drive using Group Policy Preferences on Windows 11/10.

          It how to map network drives on windows clients via group policy

          Group Policy preferences are a set of extensions that increase the functionality of Group Policy Objects (GPOs). Administrators can use them to deploy and manage applications on client computers with configurations targeted to specific users. The Drive Maps policy in Group Policy preferences allows an administrator to manage drive letter mappings to network shares.

          Map a Network Drive using Group Policy Preferences

          • Open Group Policy Management.
          • Right-click the domain or the required subfolder to create a new GPO, or select an already existing one.
          • Right-click and select Edit to open the Group Policy Management Editor.
          • Go to User Configuration >Preferences >Windows Settings >Drive Maps.
          • Right-click and select New >Mapped Drive.

          Under the General tab, configure the following parameters accordingly:

          Action: Select Create or Update.

          Location: Specify the full file path, e.g. \\TWC-dc1\c.

          Reconnect: Enable this to auto-connect the drive.

          Label as: Pick a suitable name for the shared drive, e.g. SharedDrive.

          Drive Letter: Select a suitable letter for the drive.

          Connect as: Enter a username and password if you want users to connect with certain credentials other than their own Windows login credentials.

          Hide/Show this drive: Select whether you want to hide the folder or make it visible on the network.

          Hide/Show all drives: Select whether, by default, all the shared drives/folders are hidden or visible.

          Click Apply > OK when done with setting the parameters.

          For the settings to take effect, open a Command Prompt on the computer receiving the drive mapping, and type the command below and hit Enter.

          Once the Group Policy settings have taken effect on the desired users/computers, the mapped drives should automatically appear under Network Location(s) in File Explorer.

          Now when the users’ logon the drives will be effortlessly mapped.

          It how to map network drives on windows clients via group policy

          Related Posts

          It how to map network drives on windows clients via group policy

          How to create a link to File or Folder in Windows 11/10

          It how to map network drives on windows clients via group policy

          Routing and Remote Access Service (RRAS) not starting on Windows 11/10

          It how to map network drives on windows clients via group policy

          Computer appears to be correctly configured, but the web proxy is not responding

          [email protected]

          Obinna Onwusobalu, has studied Information & Communication Technology and is a keen follower of the Windows ecosystem. He runs a computer software clinic. He says it’s best practice to create a System Restore Point before making any changes to your PC.

          Mapping network drive is convenient way to access shared folder on a network. You can manually map a network drive in a PC. But if you want shared folder that’s shared from File Server to be accessible by group of users or a department then it makes more sense to setup network drive mapping using Group Policy from Active Directory server. You can also map network drive for users using logon script. This article shows steps to map network drive using Group Policy. In order to use Group Policy you need to have Domain Controller server in a network.

          How to Map Network Drive using Group Policy Preference

          In this scenario, Domain Controller is installed on Windows Server 2012 R2 named asaputra-dc1, and a client running Windows 10 is joined to domain asaputra.com. A folder in DC is shared to the network with UNC path \\asaputra-dc1\GlobalShared. This example shows how you can map this shared folder to the domain joined machine.

          Step 1. Create GPO object
          Open Group Policy Management Console (GPMC) in a domain controller to create a new GPO. Here, I have named it “Global OS” as shown below.

          It how to map network drives on windows clients via group policy

          Step 2. Modify GPO Settings
          Right click on the policy object and select Edit. The policy that we’re looking for is under User Configuration > Preferences > Windows Settings > Drive Maps, see picture below for reference.

          It how to map network drives on windows clients via group policy

          Right click on Drive Maps and select New > Mapped Drive as shown in below:

          It how to map network drives on windows clients via group policy

          Step 3. Configure Drive Properties
          The prompt window to create drive mapping will appear

          It how to map network drives on windows clients via group policy

          On the Action drop down menu, there are four types of action:

          • Create: This action will create a new mapped drive for user
          • Replace: This action will delete the specified mapped drive, if it exist, and then re-create a new mapped drive. If the mapped drive is not exist, this action will create a new mapped drive for user.
          • Update: This action will modify the configuration of the specified mapped drive, if it exist. If the mapped drive is not exist, this action will create a new mapped drive for user.
          • Delete: This action will delete a specified mapped drive for user

          Other settings are available here are explained below:

          • Location:Specify the location of the network drive in UNC path format
          • Reconnect: If you tick the box, the drive will be persistent. Otherwise, it will be removed on user logoff.
          • Label as: Specify the name of the mapped drive. If you don’t, it will use the folder name by default.
          • Drive letter: Assign the drive letter to be used. There are two options here, you can choose either to automatically assign the first available letter or directly assign a letter to the mapped drive.
          • Connect as: Specify the credential to be used here if the mapped drives requires different username than the current logged on user
          • Hide/show this drive: Decide if you want to make this mapped drive shown or hidden in Windows Explorer
          • Hide/show all drives: Decide if you want to make all physical and mapped drives to be shown or hidden in Windows Explorer.

          Following the scenario explained above, our configuration looks like this, location is the UNC path of the shared folder, label is the drive name or shared folder name that end user will see once its mapped and drive letter can be first available or you can manually assign one.

          It how to map network drives on windows clients via group policy

          We leave all other settings as default. Click OK to save the settings.

          4. Apply to the user OU
          Since this is a user setting, the GPO must be applied to OU where user accounts resides. But in this example we will just going to link it to the domain root because we want it to be applied globally to all user OUs.

          It how to map network drives on windows clients via group policy

          When the policy is applied successfully, the mapped network drive will appear on the client drive list

          It how to map network drives on windows clients via group policy

          Troubleshooting tips

          Mapped network drive will show up almost instantly when the policy has been refreshed. The command gpupdate /force can always be used to force the Group Policy update and expedite the network drive mapping. If mapped drive fails to appear, first thing to do make sure the policy has been applied correctly to the user account. You can check policy being applied to the user by issuing gpresult /r on Command Prompt.

          It how to map network drives on windows clients via group policy

          In our example, drive maps setting is configured in a policy object named “Global OS” and we can see that it has been applied correctly. If policy has been applied but network drive is still not mapped, then the next thing to do is to make sure the assigned drive letter is not already in use for manual mapping.

          Note that drive maps actions are all based on the drive letter. Action “Create” and “Update” will not work if the drive letter already in use. In this case, the action “Delete” or “Replace” might be helpful. And that’s how to map network drive using Group Policy preferences.

          It how to map network drives on windows clients via group policy

          I’ve mapped the drive, and targeted at a security group. Tried with an OU first, but that didn’t work either. It how to map network drives on windows clients via group policy It how to map network drives on windows clients via group policy

          So did I place the GPO wrong, or did I map the drive wrong? The client has a dynamic IP and it’s DNS servers are the IP of the servers It how to map network drives on windows clients via group policy

          When I run gpudate on the client, It seems that the server is unreachable: It how to map network drives on windows clients via group policy

          Let me know if you need additional information

          1 Answer 1

          • Your procedure of mapping a network drive is correct but the error snapshot that you have posted regarding the reachability of the AD/DNS servers is a matter of concern due to which the group policies were not able to replicate and apply authoritatively from the AD or Group policy server. Thus, please check the connectivity of the DC/Group policy server from the client system as below: –

          A) Check the SYSVOL replication is happening correctly or not. DFRS (Distributed File Replication Service) is used for SYSVOL replication, to confirm that run the below command and check its result

          B) Then check whether which DC has the FSMO roles installed on it. For that, run the below command and check the IP and hostname whether it is configured as the correct DNS in IP configuration in the client system or not

          C) Once the above is done, please check the replication between the DCs is working correctly or not by executing the below commands one by one and analyzing their results

          D) Ensure that the ‘gpt.ini’ file exists on your DC at ‘\domain.local\SysVol\domain.local\Policies\’ path and if not then your GPO server might be at risk of corruption of essential system files. Please reset it. Also, do ensure that your DNS server or DC is reachable and pingable through the below commands successfully. Try to reset the DNS resolver cache on client computers.

          Lastly, ensure that your DC and domain is accessible via RPC protocol through the below command: –

          If all of the above commands return positive results, then you should check your client’s network and domain settings for any issues as everything else is correct on the DC end.

          02.09.2013

          The following applies to : Windows Server 2008 R2, Windows SBS 2008 and 2011

          Mapping network drives to your computer is a very quick and easy way of accessing your most frequented data quickly. If you want to map drives for your organization, you can do so using this easy guide. This assumes a moderate understanding of Group Policy and Active Directory!

          First of all, you need to share the folder which you want to map. To do this, right click on your folder and choose Properties . Next, click on Sharing , then Advanced Sharing.

          Choose, Share this folder , and then choose a share name, it can be anything you want, but I’d recommend using a name without spaces (use an underscore “_” instead). Next, click on Permissions , select Everyone and click Remove . Finally, click Add and type Authenticated Users , then click OK. Put a tick in Full Control for Authenticated Users as such:

          Click OK, and then OK again to get back to your Properties windows. Click on the Security tab, and choose Edit . Click Add and add the users or groups into here, with the relevant level of control according to your company policies.

          For best practices and a better understanding of Active Directory Groups, see;

          Next, open the Group Policy Management console from Administrative Tools on your server. Choose the Organizational Unit you want to map the drive to, right click, and choose Create a GPO in this domain, and Link it here.

          Give your GPO a name, and then click OK. Right click on your newly create GPO and click on Edit.

          Go to: User Configuration / Preferences / Windows Settings / Drive Maps

          Right click and choose New > Mapped Drive

          In the pop-up window that appears, under the General tab, choose Create for your Action . Next, copy and paste the location of your share folder into the Location field, such as;

          Tick the Reconnect box, and choose a Label (a name) for your new drive. Next, choose a Drive Letter (either the first available, or specify your own). Finally, fill in the optional sections at the bottom; you can choose to connect to the drive as a different user, or hide the drive.

          That’s it! If you want the changes to update straight away, run gpupdate /force on your File Server and instruct your user to log off and back onto their computer, the new drive will be under My Computer.

          Mapping a drive means that you want permanent access to a shared folder created on another computer. Windows OS will assign a drive letter to the network drive and it can be accessed just like any other local drive connected to your computer.

          Mapping network drives with group policy preference is very easy and it does not require any scripting knowledge. Also, We can use item-level targeting to map drives based on specific conditions like group membership, OU, operating system, etc.

          In this example, We will use item-level targeting so it only maps the network drive for users who are a member of the specific security group.

          For this guide already I have created.

          • Two users with the name HR User1 and HR User2
          • One security group name HRUsers. (HR User1 is a member of this security group)

          One shared folder on a domain controller (\\ws2k19-dc01\HRSahredData)

          Step:1 Create a group policy object to map a network drive:
          Open the Group Policy Management Console.

          In the Group Policy Management Console, right-click on group policy objects and select new.

          Specify a proper name (Map Network Drive using Group Policy Preference GPO) to the new group policy object.

          On the group policy object right-click and select the edit option.

          Navigate to User Configuration -> Preferences -> Windows Settings -> Drive Maps.

          Right Click Drive Maps, Select New – > Mapped Drive.

          On “General” tab specify the details as below:
          Action: Create.
          Location: \\ws2k19-dc01\HRSharedData.
          Label as: Test.
          Use: M. (This is going to be the drive letter)

          On “Common” tab. Select “Run in logged-on user’s security context and item-level targeting check-boxes. Click on targeting button.

          Click on New Item. Select “Security Group” and then select the security group you want to target.

          Click on OK button. (In our case it will be HRUsers security group).

          Click on the apply and OK button to close the new drive properties.

          This completes the GPO settings. Close group policy management editor console.

          Step:2 Link group policy object:
          In the Group Policy Management Console, right-click on the Domain/OU where you want to link the group policy object.

          Select “Link an existing GPO”. Select the GPO (In our case it will be Map Network Drive using Group Policy Preference GPO).
          Click on OK button.

          Step:3 Test the result:
          On the client computer, Login with the user who is a member of HRUsers security group that we have added in the item-level targeting to verify that our policy of mapping drive using Item Level Targeting GPO is deployed or not.

          Log in as an HR User1.

          Verify that mapped drive using item-level targeting is deployed successfully by accessing the mapped drive naming Test(M:).

          Log off from user account HR Users1 and log in as an HR User2 (who is not a member of HRUsers security group).

          Verify that mapped drive is not present under file explorer.

          It works perfectly fine for us.
          Now, any user we put in the HRUsers security group will get this mapped drive.

          Usually mapping the network drives in the Windows Servers 2003, Windows 2008 Server and Windows 2012 Server is very easy process. There are different requirements from the Users to map the network drives depends on the company.

          In Windows 2003 / 2008 / 2012 Server the drive mapping process is almost same. Let me explain here how to map the drive from command line:

          Go to Command Prompt (if it is 2008 or 2012 server, should go Run as Admin – elevated access)

          net use z: \\servername\share /user:username password

          There are other options to map the network drives (could be DFS shares or other server drives) using Group Policy or Login Startup scripts or Registry entry.

          In the above discussed how to map the network drive from Command Prompt, now will discuss how to map drive from Windows Explorer / MyComputer:

          As shown in the below picture, go to ‘My Computer’ and click on the ‘Map Network Drive’

          It how to map network drives on windows clients via group policy

          Even the mapping of DFS namespace can be automated using Logon/Logoff and Startup/Shutdown scripts that can be created and applied to all domain users and/or computers through group policies.

          There you it would ask to choose the drive letter that you want to assign to the remote shared drive and folder path.

          Select the ‘Reconnect at logon’ would help when ever the server get rebooted with the login credentials the drive will get connected automatically without manual intervention.

          It how to map network drives on windows clients via group policy

          In this, there is risk involved, let me explain more here:

          • The mapped which are added to the particular server, who ever logs on can access the network share. In this case, if that shared drive has critical and confidential data. Hence the security permissions take a vital role in this case.
          • Make sure the Security Admini team closely work on this kind of activity and provide only restricted access to those shared drives.

          The above said solution works in all the Windows Server versions and windows 2012 server the Group Policy option would be preferred as per Microsoft.

          It how to map network drives on windows clients via group policy

          Do you remember the old days when we used the hide drives.adm template to hide specified drives along with some kind of hide drives calculator to get the proper value ? So if we wanted to hide drives for Domain Users but not the Domain Admins, we had to create another policy to lock it up again. Those days are long gone thanks to Group Policy Preferences, for me it’s the life before and after. Get rid of all your adm templates and 30+ page vbs logon scripts once for all. This will speed up the logon time and make your administration much easier.

          To leverage Group Policy Preferences (GPP) you’ll need to administrate Group Policy’s from a Windows 2008 server (just member server) or Windows 7 with RSAT. On Windows XP and Windows 2003 machines you’ll need Group Policy Preference Client Side Extensions to properly read GPP settings.

          Map network drives :

          Open Group Policy Management Console (GPMC) and create a new policy. Browse to User Configuration – Preferences – Windows Settings – Drive Maps

          It how to map network drives on windows clients via group policy

          It how to map network drives on windows clients via group policy

          It how to map network drives on windows clients via group policy

          In this example we map K: to the Accounting folder for all users member of the Accounting group. It’s possible to create many rules, if member of group A or B or and so on.

          Hide Drives :

          It how to map network drives on windows clients via group policy

          It how to map network drives on windows clients via group policy

          In this example we hide C: for all users except for Domain Admins. When you start playing around we GPP you’ll learn how really powerful it is. I highly recommend you start following Group Policy Center for weekly tips.

          Create the Map Network Drive Group Policy Object (GPO):

          1. In Server Manager, select Tools > Group Policy Management.
          2. Right-click on the Group Policy Objects folder and select New.
          3. Give the object a name and select OK.

          In this example, the object is named IT Mapped Network Drives.

          It how to map network drives on windows clients via group policy

          Edit the Map Drive Drive GPO

          1. Right-Click on newly create object and select Edit.
          2. Expand User Configuration > Preferences > Windows Settings and select Drive Maps.
          3. Right-click in Drive Maps and select New > Mapped Drive.
          4. Complete the New Drive Properties dialog box and select OK.

          In this example, the Z: drive maps to \\fs1.software.eng.us\share.

          It how to map network drives on windows clients via group policy

          It how to map network drives on windows clients via group policy

          Link the Map Drive Drive GPO to your domain

          1. Right-click on your domain name and select Link an Existing GPO.
          2. Select your mapped network drive object and select OK.

          In this example, the IT Mapped Network Drives object is linked to the software.eng.apl domain.

          It how to map network drives on windows clients via group policy

          Delegation

          1. In the left panel of Group Policy Management, select the your mapped network drive object.
          2. In the right panel, select the Delgation tab.
          3. Add or remove users or groups that should have access to the mapped network drives.

          In this example, member of the Domain Admins, Enterprise Admins, Enterprise Domain, IT, or System group will have access the the IT Mapped Network Drives.

          It how to map network drives on windows clients via group policy

          Client side

          The mapped network drive should now appear in File Explorer for members of one of the groups under the Delegation tab. In this example, the Z: Drive appears in File Explorer for a member of the IT group.

          It how to map network drives on windows clients via group policy

          Drive mapping and the local administrator group.
          Or: What do you have to do that mapped drives are available (if you are an admin)?

          Besides them being integrated into the logon script, the drives are not visible.

          The reason is the different treatment of “standard” and “privileged” context.

          Recently, I had to create a login script for a customer. During that task, I faced a well-known fact which I want to explain in this article: mapped drives are not visible in the Explorer, even though they have been integrated correctly.

          At first, I’d like to explain the circumstances in which I bumped into the problem. After that, I am going to explain the technical background and the solution.

          Drive mapping in a login script

          Let’s take a look at the login script:

          This command causes a connection to the share „share“ and the subfolder „folder“ on the server „server“ with the drive letter „X:“.

          Please pay attention to the parameter “/persistent:no”: it validates connections only during one session. The validation will be lost after the user logs off. In case the user logs off and then in again without a network connection (or without the login script), the drive is no longer connected.

          Without the parameter “/persistent:no” the connection would be there even without network connection / login script after the next login.
          For this reason, it is common practice to set “/persistent:no” for drive connections.

          Usually this is not a problem, but in my case the script seemed not to work for some users. After a quick analysis I realized that these users were in the local administrator group on their PCs.

          Note: It is generally not recommended to make your users local admins.

          Background: standard and privileged context

          Since Windows Vista, Microsoft offers the User Account Control (UAC). The UAC does the following:
          When a user who is a local administrator logs in to his or her PC, two contexts are created:

          • A “standard” context and
          • a “privileged” context

          Most of the time, the user works in the standard context. As soon as he or she wants to use his or her administrative privileges, the system prompts him or her to confirm it:

          It how to map network drives on windows clients via group policy

          Here the application (here: the command line cmd.exe) has been started in the privileged context.

          Another specialty is that login scripts are always run in the “admin“ context in case the user is member of the local administrator group.

          View members of local administrator group

          You can view all members of the local administrator group by starting “Local User Manager”.
          The easiest way to do that is typing in “lusrmgr.msc” into the Start menu:

          It how to map network drives on windows clients via group policy

          Windows 7 Lusrmgr.exe – (Use the Modern-UI in Windows 8.x to run it)

          In our case, the application is “net use”.
          With other words: the drive mapping is run in the “Admin” context.

          Due to security reasons, the two contexts do not share all available information. Besides other things, drive mappings are not shared between “Admin” and “User” contexts.

          Analysis

          We can easily reproduce and prove this behavior.

          First, let’s take a look at our local administrator group:

          It how to map network drives on windows clients via group policy

          As we can see, user SANCTUARY\tuser1 is a member of the local admin group. We are going to use him for our tests.

          Open the command line (cmd) and run the command from our login script with true data:

          It how to map network drives on windows clients via group policy

          Checking our explorer, we can see that the drive has been connected successfully:

          It how to map network drives on windows clients via group policy

          When we now run a cmd as administrator and try to access our newly connected drive, there seems to be a problem:

          It how to map network drives on windows clients via group policy

          Note: With the command “whoami” you can quickly see on Windows 7 and newer PCs which user is logged in and which domain he is authenticated against!

          With “net use” we can have mapped drives displayed in the two command lines and compare them:

          It how to map network drives on windows clients via group policy

          Below is the “privileged” DOS-box and above the „standard” one.

          As we can see, the drive connection is only active in the “standard” context.

          For our login script this effect happens exactly vice versa. The login script is executed in the “Admin” context. That’s why “net use” runs in the “privileged” context and the connection can only be seen there.

          It how to map network drives on windows clients via group policy

          Solution: How to make mapped drives visible

          The solution is really simple and supported by Microsoft (Technet).

          Via the Registry-Key

          HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections

          you can force the automatic “copying” of drive connections created in either one of the contexts into the other.
          Expressed differently: drive mappings are then automatically available in the “Admin” as well as in the “User” context.

          The key is not available by default and has to be created as REG_DWORD and set to the value “1”.

          The whole thing looks like this:

          It how to map network drives on windows clients via group policy

          Alternatively you can change the /persistent:no into a /persistent:yes. This causes the drive connections to be displayed in the “User” context as well. With the side effect of being valid until manual disconnection, however.

          Note: The error “0x8007003” (“The system cannot find the path specified.”) during the installation of a network drive, it has most likely the same reason. When starting the installation program, the user is prompted to change into the “privileged” context (UAC). The system, however, “forgets” the drive connection to the installation file. Error 0x8007003 can thus be solved with Registry Key EnableLinkedConnections as well!

          Feel free to contact us if you would like to know more.