Mapped Drive by OU

group-policymappeddriveorganizational-unitwindows-server-2012

I want to implement a mapped drive which is hidden/exposed based on the OU of the user. I have a working version of this in one environment (Windows 2008R2; created by someone else), and I am trying to recreate the exact same setup in another environment (Windows 2012).

As I understand it (I have never done this before), the list of components involved include:

A directory on a server which is setup as a network share (this happens to be on the domain controller on the old 2008R2 setup; ex. \\DC02\ShareFolders$\TEST)
An Active Directory shared folder within the OU which has a UNC name matching the directory in list item #1 (again, \\DC02\ShareFolders$\TEST)
A group policy object linked to the OU in question which implements a mapped drive
1. The path within the GPO to do this is User Configuration >> Preferences >> Windows Settings >> Drive Maps.
2. The location of the mapped drive matches the shared folder setup in list item #2 (again, \\DC02\ShareFolders$\TEST).

I have gotten stuck trying to implement this. I have created the components mentioned above using the same layout, naming convention, and drive letters across both environments. I have even made sure the security tabs within the various folders on the file system share the same ownership and permissions for test users. I have no other group policies which I have configured–this is a brand new environment. I am not even sure if I need group policy to implement what I want, but that was how it was done before.

Questions:

How can I create a mapped drive that will show up for users in File Explorer based on their OU (TEST users should see the TEST share, US users should see US share, etc.)?
Also, how can I make sure this drive shows up under "Computer" as an actual drive with a drive letter (S:)–not a networked shared drive for which has to be browsed within the "Network" tab of File Explorer?

Drive in File Explorer

Environment info:

Windows Server 2012 Standard 64-bit
File Explorer exposed to user via RemoteApp (via 2012 RD Session Host / terminal server)

Best Answer

Questions:

Q1. How can I create a mapped drive that will show up for users in File Explorer based on their OU (TEST users should see the TEST share, US users should see US share, etc.)?

Q2. Also, how can I make sure this drive shows up under "Computer" as an actual drive with a drive letter (S:)--not a networked shared drive for which has to be browsed within the "Network" tab of File Explorer?

THIS ^^ seems to be the only relevant info in the entire question. Everything above it in your OP seems a bit convoluted.

SO...

A1. This is easy enough...you can get complicated, but no reason to. Just create a separate GPO for each OU's mapped drive policy. Create one called TEST Drive Mappings and set the User Configuration drive mappings for the TEST OU users and then link it to the TEST OU. Same for the US users OU.

A2. It will show up as an actual drive letter if you've created an actual drive mapping in the group policy.

The Policy setting best suited for this will be User Configuration, Preferences, Windows Settings, Drive Maps.

Related Solutions

How to determine how map drives are being mapped

Ah, sounds like an ex-NetWare shop. They were always fond of drive letters.

Windows doesn't track where they come from, unfortunately, so you're left with the forensic task of looking at everything that can cause a script to be mapped. That's a long slog, and I feel for you. There are many:

GPO direct maps
GPO indirect maps through scripts
Local registry-based persistent maps (can also be set via GPO when a BOFH is involved, swearing is permitted in these cases)

For tracking GPOs, the way that works for me is to:

Launch the GPO Manager
Go to Group Policy Results
Right click on it and pick Group Policy Results Wizard
Pick a user and computer object you want to check (pick someone with 15 mappings)
Review the resulting report, and go to the Settings tab
Note any scripts and their associated GPOs
- Later on, go to each GPO and review the scripts
- Check for mappings in the scripts
Note any drive mappings under User -> Preferences -> Drive Maps, and their associated GPOs.
Dig through for the various places you can set Registry settings, validate if they have [HKCU/Network/$something$] in them.

That'll give you a big start on the source of the drive-mappings that's coming from automation you manage. You can't do much about stuff users do themselves, some never clear the "remember this mapping" button.

Windows Server 2008 – Mapped Drives Not Showing on Workstations

Group Policy Preferences work great on Vista and newer OS. If your environment is all Vista or newer, use Preferences. It's straight forward, easy, and works. Preferences will not work on XP unless you have the XP CSE installed. Even with the CSE many people have reported "issues" with them working reliably. GPP is not available for older OSes than XP SP2.

Edit:
Here's a copy of the MapDrives.vbs script we use. Works flawlessly on WinXP/Vista/7/2003/2008/R2.

' Author: Chris Stone
' Date: 29 MAY 2009  Version: 1.3
' Purpose: Map network drives

On Error Resume Next
Set objNet = CreateObject("WScript.Network")

Public Sub CheckAndMapNetDrive(Letter, Path, Persist)
    'Check if drive letter is already used
    Set colNetDrives = objNet.EnumNetworkDrives
    For i = 0 To colNetDrives.Count - 1 Step 2
        If colNetDrives.Item(i) = Letter Then
            'Drive Letter Exists, Test if it's the same Path
            If colNetDrives.Item(i+1) = Path Then
                'It's the same, no new mapping necessary.
                Exit Sub
            Else
                'It's different, remove old.
                objNet.RemoveNetworkDrive colNetDrives.Item(i)
            End If
        End If
    Next
    'Drive does not exist now, never did or removed.
    objNet.MapNetworkDrive Letter, Path, Persist
End Sub 

CheckAndMapNetDrive "X:", "\\server\share1", True
CheckAndMapNetDrive "Y:", "\\server\share2", True

Best Answer

Related Solutions

How to determine how map drives are being mapped

Windows Server 2008 – Mapped Drives Not Showing on Workstations

Related Topic