Jaa


GP Preferences Will Reduce Logon Scripts : Mapping Drives

Too often, I ask if people are familiar with GP Preferences and get a blank stare. I will say this over and over again:

 

 GP Preferences will dramatically reduce your logon scripts

 GP Preferences has clean, easy-to-use reporting and UI

 

Lots of things get accomplished in scripts (mapped drives, set registry keys, managed devices, etc. ) GP Preferences can do all of that, plus you’ll be able to manage the setting in the UI, target your config with cool filtering, and use the reporting to see what you did. I’ll show you what I mean by using GP Preferences to map a drive.

 

Open up GPEdit for the GPO in question; click the ‘User Configuration’ folder, then click the ‘Preferences’ folder. You can see all of the user-relevant options you can set in Preferences. Find Drive Maps under ‘Windows Settings.’

 

Also in Windows Settings: Applications, Drive Maps, Environment, Files, Folders, Ini files, Registry, and Shortcuts.

In Control Panel settings: Data Sources, Devices, Folder Options, Internet Settings, Local Users and Groups, Network Options, Power Options, Printers, Regional Options, Scheduled Tasks, Start Menu.

 

Drive Map UI screen

 

Now right-click on Drive Maps and select ‘new’. You will see the dialog below: these drop down menus allow you to configure what you’ve been scripting, and more, in UI.

 

 

Here, I just filled in a couple things, the location (\serverUsers%logonuser%) , the label (“User”), and the drive letter to use (“U:”).

 

And to see what that Preference item looks like in XML, just click this icon:

 

I’ll go into the XML part of GP Preferences in another post.

 

If you’d like to target this drive mapping to be more specific, go to the Common Tab and click on ‘Item-level Targeting’. This is where you can make your targeting really granular: you have 29 different filtering options…what the computer is named, what day it is, what IP range the machine is on, what type of music the user is listening to (ok, that was a joke. I don’t know how you would do that). This also includes some old favorites (WMI Query, MSI Query, LDAP Query) along with new ones (Battery Present, Language, Operating System).

 

Now check it out in the reporting:

 

The reporting is precise, clear, and findable. That’s more than what you’d get from a logon script that mapped the same drive. I think I have proved my point. Now go – explore GP Preferences! Map drives! Create shortcuts, folders, and scheduled tasks!

 

Get GP Preferences (and read more) here

Get more tips on how to use GP Preferences here

 

Hope this helps,

 

 Lilia Gutnik,

 Group Policy PM

Comments

  1. Domain is 2k8
  2. Client is XP.sp3 with CSE installed; joined to domain
  3. GPP to 'CREATE' maps a drive letter to a share on a computer that is NOT on the domain, but is in a workgroup. (location: \ip.ip.ip.ipsharename)
  4. set to reconnect
  5. entered for connect as / user name: "workgroupComputerusername"
  6. enter the password and confirm.
  7. show this drive GPO will map the drive, but will not apply password entered into the 'connect as' password field. When the domain user browses to the drive letter, a prompt will appear with the username field populated correctly (workgroupComputerNameUsername), but the password is never remembered.  The user must manually enter the password to connect to that drive. Also ... When GPP is set to REPLACE or UPDATE, the drive letter mapping is being deleted, not updated or replaced.  REPLACE is supposed to create when it doesn't exist but it isn't. Any ideas?
  • Anonymous
    May 07, 2009
    Just curious which Resource Toolkit youve obtained your GPEDIT from. Im using the Windows 2003 Kit and I dont have the options youve listed here.

  • Anonymous
    May 07, 2009
    I had already pretty much exhausted myself with Google, MS white papers I could find and had just launched into usenet, when I found this closest-to-the-issue blog. I'll pop over to your forums next. Thank you for the pointer and... thank you for the pointer. 8)

  • Anonymous
    May 12, 2009
    Please include the system level information at the top of this doc. No where does it say this is for 2008 and Vista.

  • Anonymous
    May 14, 2009
    The comment has been removed

  • Anonymous
    May 24, 2009
    In the idea of setting up a GPO to map user network drives mapped as follows: \fileservershare$%LogonUser% What Share and NTFS permissions are recommended for the \fileservershare$ folder to allow the folder to be automatically created upon logon if it does not exist? Thanks, -B

  • Anonymous
    June 05, 2009
    Brock, I'd follow the NTFS ACL listings for redirected folders, found at http://technet.microsoft.com/en-us/library/cc778661(WS.10).aspx

  • Anonymous
    June 08, 2009
    Possibel to do this on winserver2003?

  • Anonymous
    July 13, 2009
    The comment has been removed

  • Anonymous
    September 16, 2009
    Hi Lilia, loved your Tech.ed session on this stuff, I think it will work a treat for us. Wanted to share something with you that made me laugh today, we had a support call in with MS for an e-mail issue and the recommendation from MS was to add some Kix script into our logon script to set a registry value when the user logs on...... I immediately thought of your Tech.ed session - perhaps some internal education may be worth while :-)