Hello, I have an issue that I can't find a solution for. I am writing a PowerShell script that will map on-prem network drives to Autopilot devices that become Entra Joined. The plan is to eventually move to strictly Cloud once we can figure out a solution for moving our on-prem shares and getting old school employees onboard. Currently, we are just planning on using Autopilot to deploy remote devices and use SSO to access on-prem resources. I have already confirmed that this is possible when the user connects to our VPN so the only setback is mapping the drives for the user.
---------------------------------------------------------------- The script I wrote is: # Define variables
$driveLetter = "N:"
$networkPath = "\domain\shares"
$logFile = "C:\install.log"
$ErrorActionPreference = 'Inquire'
Function to log messages
function Log-Message {
param (
[string]$message
)
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
"$timestamp - $message" | Out-File -FilePath $logFile -Append
}
Start logging
Log-Message "Script started."
try {
Map network drive using SSO
Log-Message "Mapping network drive $driveLetter to $networkPath."
$drive = New-PSDrive -Name 'N' -PSProvider FileSystem -Root $networkPath -Persist -Scope Global -ErrorAction Stop -Verbose 4>&1 | Tee-Object -FilePath $logFile -Append
Rename the mapped drive
Log-Message "Renaming mapped drive to 'CustomName'."
$driveInfo = Get-WMIObject -Query "SELECT * FROM Win32_LogicalDisk WHERE DeviceID='$driveLetter'" -ErrorAction Stop -Verbose 4>&1 | Tee-Object -FilePath $logFile -Append
$driveInfo.VolumeName = "CustomName"
$driveInfo.Put() | Out-Null
Add all network printers
Log-Message "Adding all network printers."
$printers = Get-WMIObject -Query "SELECT * FROM Win32_Printer WHERE Network = TRUE" -ErrorAction Stop -Verbose 4>&1 | Tee-Object -FilePath $logFile -Append
foreach ($printer in $printers) {
Add-Printer -ConnectionName $printer.Name -ErrorAction Stop -Verbose 4>&1 | Tee-Object -FilePath $logFile -Append
}
Log-Message "Script completed successfully."
} catch {
Log-Message "An error occurred: $_"
}
End logging
Log-Message "Script ended." ----------------------------------------------------------------------- Interestingly enough, the script seems to work on my work PC which is AD joined and Intune Enrolled but it doesn't work on a AAD joined device using the exact same credentials. The script is set to run with system level permissions and as you can see I have a log to show me what is going on but all it says typically is that access is denied. Here is the log report from the remote device verses the log report from the AD joined device. Both are using my credentials so the user permissions should be the same on both devices: 2025-02-07 08:05:11 - Script started.
2025-02-07 08:05:11 - Mapping network drive N: to \domain\share.
Performing the operation "New drive" on target "Name: N Provider: Microsoft.PowerShell.Core\FileSystem Root:
\domain\share".
2025-02-07 08:05:12 - An error occurred: Access is denied
2025-02-07 08:05:12 - Script ended. ------------------------------------------------------------------------- I am not sure why there would be a difference if the user permissions are the same and the script is running as system anyway. Anything I should try? Thanks in advance for your help!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 54%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)