Share via

Intune Drive Mapping Script

Jesse Haswell 20 Reputation points
2025-02-07T20:11:55.92+00:00

Hello, I have an issue that I can't find a solution for. I am writing a PowerShell script that will map on-prem network drives to Autopilot devices that become Entra Joined. The plan is to eventually move to strictly Cloud once we can figure out a solution for moving our on-prem shares and getting old school employees onboard. Currently, we are just planning on using Autopilot to deploy remote devices and use SSO to access on-prem resources. I have already confirmed that this is possible when the user connects to our VPN so the only setback is mapping the drives for the user.

---------------------------------------------------------------- The script I wrote is: # Define variables

$driveLetter = "N:"

$networkPath = "\domain\shares"

$logFile = "C:\install.log"

$ErrorActionPreference = 'Inquire'

Function to log messages

function Log-Message {

param (

[string]$message

)

$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"

"$timestamp - $message" | Out-File -FilePath $logFile -Append

}

Start logging

Log-Message "Script started."

try {

Map network drive using SSO

Log-Message "Mapping network drive $driveLetter to $networkPath."

$drive = New-PSDrive -Name 'N' -PSProvider FileSystem -Root $networkPath -Persist -Scope Global -ErrorAction Stop -Verbose 4>&1 | Tee-Object -FilePath $logFile -Append

Rename the mapped drive

Log-Message "Renaming mapped drive to 'CustomName'."

$driveInfo = Get-WMIObject -Query "SELECT * FROM Win32_LogicalDisk WHERE DeviceID='$driveLetter'" -ErrorAction Stop -Verbose 4>&1 | Tee-Object -FilePath $logFile -Append

$driveInfo.VolumeName = "CustomName"

$driveInfo.Put() | Out-Null

Add all network printers

Log-Message "Adding all network printers."

$printers = Get-WMIObject -Query "SELECT * FROM Win32_Printer WHERE Network = TRUE" -ErrorAction Stop -Verbose 4>&1 | Tee-Object -FilePath $logFile -Append

foreach ($printer in $printers) {

Add-Printer -ConnectionName $printer.Name -ErrorAction Stop -Verbose 4>&1 | Tee-Object -FilePath $logFile -Append

}

Log-Message "Script completed successfully."

} catch {

Log-Message "An error occurred: $_"

}

End logging

Log-Message "Script ended." ----------------------------------------------------------------------- Interestingly enough, the script seems to work on my work PC which is AD joined and Intune Enrolled but it doesn't work on a AAD joined device using the exact same credentials. The script is set to run with system level permissions and as you can see I have a log to show me what is going on but all it says typically is that access is denied. Here is the log report from the remote device verses the log report from the AD joined device. Both are using my credentials so the user permissions should be the same on both devices: 2025-02-07 08:05:11 - Script started.

2025-02-07 08:05:11 - Mapping network drive N: to \domain\share.

Performing the operation "New drive" on target "Name: N Provider: Microsoft.PowerShell.Core\FileSystem Root:

\domain\share".

2025-02-07 08:05:12 - An error occurred: Access is denied

2025-02-07 08:05:12 - Script ended. ------------------------------------------------------------------------- I am not sure why there would be a difference if the user permissions are the same and the script is running as system anyway. Anything I should try? Thanks in advance for your help!

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
502 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,434 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Prathista Ilango 170 Reputation points Microsoft Employee
    2025-02-25T06:17:31+00:00

    Hello Jesse Haswell,

    My understanding from the script is that you are trying to map a network drive to the domain share on a AAD joined device. While trying to map this target, you are getting an access denied. I am assuming it is trying to access the network share using the credentials you are using to run the script.

    2 things to check,

    1. If using system context, could you confirm if the system account of the device has access to this share?
    2. If using user credentials (which I assume is the case because it worked from AD joined but not AAD joined), check if AD connect sync is successful for this user. This could probably break SSO and hence result in access denied.
    3. Have you tried mapping manually on this AAD joined device and check if it was successful (both in user and system context)? This will give you an idea to troubleshoot the access issue.

    Hope that helps!

    If you found the information above helpful, please Click Yes. This will assist others in the community who encounter a similar issue, enabling them to quickly find the solution and benefit from the guidance provided.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.