Configure a Mapped Drive Item
Applies To: Windows 8, Windows Server 2008 R2, Windows Server 2012
Drive Map preference items allow you to create, replace, update, and delete mapped drives and their associated properties. Before you create a Drive Map preference item, you should review the behavior of each type of action possible with this extension.
Creating a Mapped Drive item
To create a new Mapped Drive preference item
- Open the Group Policy Management Console . Right-click the Group Policy object (GPO) that should contain the new preference item, and then click Edit .
- In the console tree under User Configuration , expand the Preferences folder, and then expand the Windows Settings folder.
- Right-click the Drive Maps node, point to New , and select Mapped Drive .
- In the New Drive Properties dialog box, select an Action for Group Policy to perform. (For more information, see “Actions” in this topic.)
- Enter drive map settings for Group Policy to configure or remove. (For more information, see “Drive map settings” in this topic.)
- Click the Common tab, configure any options, and then type your comments in the Description box. (For more information, see Configure Common Options.)
- Click OK . The new preference item appears in the details pane.
Actions
This type of preference item provides a choice of four actions: Create , Replace , Update , and Delete . The behavior of the preference item varies with the action selected and whether the drive letter already exists.
Create | Create a new mapped drive for users. |
Delete | Remove a mapped drive for users. |
Replace | Delete and recreate mapped drives for users. The net result of the Replace action is to overwrite all existing settings associated with the mapped drive. If the drive mapping does not exist, then the Replace action creates a new drive mapping. |
Update | Modify settings of an existing mapped drive for users. This action differs from Replace in that it only updates settings defined within the preference item. All other settings remain as configured on the mapped drive. If the drive mapping does not exist, then the Update action creates a new drive mapping. |
Drive map settings
Location | To configure a new drive mapping or recreate a drive mapping, type a fully qualified UNC path for the network share (such as \\server\sharename, \\server\hiddenshare$, or \\server\sharename\foldername).
This field accepts preference processing variables. Press F3 to display a list of variables from which you can select. To modify an existing drive mapping (identified by drive letter), leave this field blank. This option is available only if the action selected is Create , Replace , or Update . |
||
Reconnect | To save this mapped drive in the user’s settings and attempt to restore it at each subsequent logon, select this check box. Otherwise, the drive is mapped, but not saved in the user’s settings.
This option is available only if the action selected is Create , Replace , or Update . |
||
Label as | To provide a descriptive label that appears next to the drive letter, type the label in this field.
This field accepts preference processing variables. Press F3 to display a list of variables from which you can select. This option is available only if the action selected is Create , Replace , or Update . |
||
Drive Letter | Select the mapped drives (identified by drive letter) to configure:
|
||
Connect as | To implement a drive mapping using credentials other than those of the currently logged on user, type the credentials to be used. This option is available only if the action selected is Create , Replace , or Update .
|
||
Hide/Show this drive | Configure the visibility of the mapped drive:
This option is available only if the action selected is Create , Replace , or Update . |
||
Hide/Show all drives | Configure the visibility of all mapped and physical drives in Windows Explorer. The options are comparable to those for Hide/Show this drive , but apply globally to all drives. |
Additional considerations
- Hide/Show this drive options have precedence over Hide/Show all drives . For example, if a Drive Map preference item has the Hide/Show this drive option set to Hide this drive and the Hide/Show all drives option set to Show all drives , then all drives are visible except the drive designated as hidden.
- You can use a Drive Map preference item to configure the visibility of a physical drive rather than a mapped drive. To do so, select the Update action, leave the Location field blank, select the drive letter of the physical drive, and then configure the Hide/Show this drive and Hide/Show all drives options.
- You can use item-level targeting to change the scope of preference items.
- Preference items are available only in domain-based GPOs.
Item-level targeting
We must take advantage of item-level targeting to ensure the drive mapping items works only for users who are members of the group. We can configure item level targeting by clicking the Targeting button, which is located on the Common tab of the drive mapping item. The targeting editor provides over 20 different types of targeting items. We’re specifically using the Security Group targeting item.
Figure 4 Security group targeting item
Using the Browse button allows us to pick a specific group in which to target the drive mapping preference item. Security Group targeting items accomplishes its targeting by comparing security identifiers of the specified group against the list of security identifiers with the security principal’s (user or computer) token. Therefore, always use the Browse button when selecting a group; typing the group name does not resolve the name to a security identifier.
Figure 5 Configured inclusive security group targeting item
The preceding screen shows a properly configured, inclusive targeting item. A properly configured security group targeting item shows both Group and SID fields. The Group field is strictly for administrative use (we humans recognize names better than numbers). The SID field is used by the client side extension to determine group membership. We can determine this is an inclusive targeting item because of the text that represents the item within the list. The word is in the text “the user is a member of the security group CONTOSO\Management.” Our new drive map item and the associated inclusive targeting item are now configured. We can now link the hosting Group Policy object to the domain with confidence that only members of the Management security group receive the drive mapping. We can see the result on a client. The following image shows manager Mike Nash’s desktop from a Windows Vista computer. We can see that Mike receives two drive mappings: the public drive mapping (G: drive) and the management drive mapping (M: drive).
Figure 6 Client view of inclusive drive mapping
Exclusive drive mapping
The last scenario discussed is exclusive drive mapping. Exclusive drive mappings produce the opposite results of an inclusive drive mapping; that is, the drive map does NOT occur if the user is a member of the specified group. This becomes usefully when you need to make exceptions to prevent specific drives from mapping. Let’s add an exclusive drive mapping to our public drive mapping to prevent specific members of management from receiving the public drive mapping.
Figure 7 Configured exclusive drive mapping
The preceding image shows the changes we made to the public drive mapping (from the first scenario). We’ve added a Security Group targeting item to the existing public drive mapping preference item. However, the targeting item applies only if the user IS NOT a member of the ExcludePublicDrives group. We change this option using the Items Options list. The client view of manager Monica Brink shows the results of applying Group Policy.
Reference:
https://technet.microsoft.com/en-us/library/cc770902(v=ws.11).aspx
https://technet.microsoft.com/en-us/library/dn581924(v=ws.11).aspx