Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1939
  • Last Modified:

Mapping Drives in SBS 2003 based on Group Membership

I need to map drives based on AD group membership on an SBS 2003 network.  I've been reading that using GPO is not good for this purpose in SBS becuase it goes againt the native config for SBS.  I just need to be able to do this properly once and for all as the network is growing and constantly mapping drives for new users or current users working on other machines is becoming cumbersome.  Thank you, experts.
0
abatemc
Asked:
abatemc
  • 2
1 Solution
 
tigermattCommented:
You can certainly add GPOs to an SBS - I always have done and it is one of the necessary things in order to get your SBS up and running.

The easiest method I would recommend would be to create GPOs in the Group Policy Management Console for each different user group which you want to map the drives for. You add a logon script like the one in the code snippet to the User Configuration, Windows Settings, Scripts (logon/logoff), Logon. You can then configure security filtering as per http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html to ensure the policy is only applied to the correct security groups.

Obviously change drive letters and share paths in the code snippet to match the correct setup for the network.

-tigermatt
rem Map network drive(s)
 
net use Z: \\sbsserver\share /PERSISTENT:YES
net use Y: \\sbsserver\share2 /PERSISTENT:YES

Open in new window

0
 
abatemcAuthor Commented:
Ok i understand that part, but where am I telling the GPO that for example:

map z:\ to \\server\group1SHARE for only group1 and
map t:\ to \\server\group2SHARE for only group2?

I guess what I'm asking is, where do i setup a GPO for a particular group?
0
 
tigermattCommented:
You open the Group Policy Management Console from Administrative Tools. Right-click on your domain in the console tree and press "Create and link a new GPO". Enter a name for the GPO, like "Sales Mapped Drives", then follow the instructions at http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.html to filter it so only specific groups pick up the GPO.

Then, create and save the BAT file as per my above post for each department. Save it to \\servername\NETLOGON with a .BAT extension. Then, where you created your GPO above, go and right-click on the policy and press Edit. In the Policy Editor, drill down to User Config > Windows Settings > Scripts (Logon/Logoff). Choose the Logon option. Press Add, then find \\servername\NETLOGON\scriptname.bat, select it and press OK twice.

The policy is now configured.

-tigermatt
1

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now