Setting up domain users with automatic network drive mappings

With my Windows Server 2003 domain controller, how would I set it up so that domain users automatically get a couple of network drives mapped on login? I need this to happen:

     F:\     mapped to    \\mainserver\data
     H:\    mapped to     \\mainserver\jsmith        <-- where "jsmith" is the username

This mapping needs to happen regardless of the computer that the user logs in on (provided the computer is part of the domain).

I don't know much about this... if somebody could tell me not only what to configure, but also HOW to get to the screen, that would be really helpful. Like, if the screen is somewhere deep inside the MMC console... tell me where to go.
LVL 31
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

That's a very quick task, actually. The easiest way is to use batch files. Check out this site for full instructions and free batch files to get the job done.

Hope this helps. :)
To map your "H" drive (homefolder), open Active Directory Users and Computers and browse to the user in question.  Open up the Profile tab and in the Home Folder section:

Connect H: To: \\path\share

To map other drives, create a logon script with the appropriate drive letter mappings and save it as "<filename>.bat", ie: jsmith.bat in the \\domaincontroller\netlogon folder.  In the User Profile section of the same tab as before, in the Logon script section, type the name of the logon script you created, no path, just a name, ie: jsmith.bat

Then when the user logs on, the drives will be mapped and the home folder will be mapped out.

Remember, you need to ensure you have set the appropriate share settings for the shares so that the user can access it.  For the home folder share, the following MUST be set:
Allow - SYSTEM - Full Control - This folder, Subfolders and Files
Allow - CREATOR OWNER - Special: Traverse Folder/execute file, List folder/read data, Read attributes, Read extended attributes, Read permissions - This folder, Subfolders and files

Windows will create the home folder with the users appropriate permissions for the user at the specified share as long as the share exists, and the permissions are set.  If the folder already exists, Windows will ask you if it should update the folder with the appropriate rights for the user.

As for other shares through the mapping, make sure the share and the file security on the share allows appropriate rights for the user connecting to it.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
In the domain user account object, under profile tab, as ecsrd mentioned above, you can set map home drive. Only one drive can be mapped with this option. It is designed more for user home folder as it will automatically create the user home folder and with FULL controll permission assigned. If you are going to use this option, you should precreated the root sharename such as "UserHomes" a level above your user account "jsmith". This way you have all the home folder in one root share call "UserHomes". However, this method is not very flexible in terms of administration. First if the user have FULL control, he/she can share whatever and do whatever on the home which can make a mess for you to manage.
The other downside about it is that you have to map this on every user account object in active directory. It would not be a good option in the long run.

If you used the user object to map the above drive, the F: drive will have to be mapped via script. So, again, if you have to do it by script, why not also do the H: drive with script. In the script, you map drive base on group membership. Afterall, you will have more and more departmental shares with more drive letters to be mapped. It has to be based on group membership if you think this trough. Even for the home drive, you can say Domain Users or Computer Employee map H: etc., and Finance map F: etc.

Here's a sample of script in the VBS format. You can put it on a text file with extension LogonScript.vbs
Then create a GPO by User Configuration>Windows Settings>Scripts>Logon, and place this file there. This file will be placed in your domain  such as \\domainanme\netlogon whcih everyone have read access.
'For drive mappings with VBS:
Option Explicit
Dim oNet, wshShell, sUserName, sUserDomain, oAcct, sGroup, GroupObj, objShell
Set oNet = CreateObject("WScript.Network")
sUserName = oNet.UserName
sUserDomain = oNet.UserDomain
Set oAcct = GetObject("WinNT://" & sUserDomain & "/" & sUserName)
For Each GroupObj In oAcct.Groups
	Select Case GroupObj.Name
		Case "Group Name"
			oNet.MapNetworkDrive "F:" , "\\ServerName\ShareName$"
		Case Else
	End Select

Open in new window

Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

BTW, if you haven't done any drive mappings you may want to consider shortcuts instead of drive mappings. To be shortcut is more meaningful than drive mappings. H: drive is meaningless as it could be home share or a share for Human Resources. I prefer shortcuts than drive mappings as you can have tons of shortcuts but only a limited number of meaningless drive mappings. In our enviornment, user access the network resources via a folder at their desktop. This folder will consist all shortcuts to the network shares with meaningful names.
Frosty555Author Commented:
Good, we're already using netlogon. I've added the appropriate network drive mapping code in there. The shared "N:\" drive seems to be working properly.

But I am having some trouble setting the "home folder". I have gone into the user account -> profile -> Connect (H:) To \\mainserver\jsmith$, and I've setup a folder share for jsmith with the appropriate account priviledges setup (jsmith and administrators gets full access, everyone else is denied).

However, when I login, the H:\ drive isn't mapped. Typing at the command prompt:
    NET USE H: /home

Results in an error that the network location could not be found.
You need to map a root folder share, NOT the user's folder, ie, if you wanted to have the jsmith folder accessible by jsmith, you would create a folder structure like this:


You would then share C:\HomeFolders with the permissions I have put above in my previous post, (and if you want the share to be hidden, share it as HomeFolder$ if you want)

Then in the profile section: Map H:\ to \\server\homefolder$\%USERNAME% - click apply.

When you click apply, the share will update itself to \\server\homefolder$\jsmith - and as long as security is set correctly on the share, you will get no error messages.  From now on, H:\ for jsmith will be mapped on login to the home folder correctly.
"(jsmith and administrators gets full access, everyone else is denied)."

If you are saying that you have set "everyone" to denied, then you need to know that denied override all other permission as it is the most restricted permission. Also, when the use access a share over the network, the most restrictive of Share+Security(NTFS) is the effective permission. In your case, denied access is the most restrictive permission, therefore no one would have access to the share over the network. Try to just grant access to Everyone group or the Authenticated Users group with FULL Control on the share and restrictive access by only the NTFS permission so that you do run into a mess and end up too much time on troubleshooting permissions.
Batch files.
Make saperate batch files for saperate user
Copy these batch files to Sysvol\domain\script

Also set the  perticular user profile - "in logon script simply type perticular user batch file name

Step 1
At command prompt
C:\copy con accout.bat (account is name for perticular department)
edit  the line(command) in account.bat
net use z: \\Servername\share folder
(you can change drive letter which you want for user)
copy this batch file to \sysvol\domain\scipt folder
Step 2
In perticular user profile simply type name of batch file in Logon script radio.

Frosty555Author Commented:
Alright, got it working. It was a combination of what escrd said, and americon. I got my permissions wrong, and I didn't map the root users folder properly.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.