Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Setting up domain users with automatic network drive mappings

Posted on 2009-04-02
Medium Priority
Last Modified: 2013-12-23
With my Windows Server 2003 domain controller, how would I set it up so that domain users automatically get a couple of network drives mapped on login? I need this to happen:

     F:\     mapped to    \\mainserver\data
     H:\    mapped to     \\mainserver\jsmith        <-- where "jsmith" is the username

This mapping needs to happen regardless of the computer that the user logs in on (provided the computer is part of the domain).

I don't know much about this... if somebody could tell me not only what to configure, but also HOW to get to the screen, that would be really helpful. Like, if the screen is somewhere deep inside the MMC console... tell me where to go.
Question by:Frosty555
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2

Expert Comment

ID: 24055990
That's a very quick task, actually. The easiest way is to use batch files. Check out this site for full instructions and free batch files to get the job done.

Hope this helps. :)
LVL 11

Accepted Solution

ecsrd earned 1600 total points
ID: 24056010
To map your "H" drive (homefolder), open Active Directory Users and Computers and browse to the user in question.  Open up the Profile tab and in the Home Folder section:

Connect H: To: \\path\share

To map other drives, create a logon script with the appropriate drive letter mappings and save it as "<filename>.bat", ie: jsmith.bat in the \\domaincontroller\netlogon folder.  In the User Profile section of the same tab as before, in the Logon script section, type the name of the logon script you created, no path, just a name, ie: jsmith.bat

Then when the user logs on, the drives will be mapped and the home folder will be mapped out.

Remember, you need to ensure you have set the appropriate share settings for the shares so that the user can access it.  For the home folder share, the following MUST be set:
Allow - SYSTEM - Full Control - This folder, Subfolders and Files
Allow - CREATOR OWNER - Special: Traverse Folder/execute file, List folder/read data, Read attributes, Read extended attributes, Read permissions - This folder, Subfolders and files

Windows will create the home folder with the users appropriate permissions for the user at the specified share as long as the share exists, and the permissions are set.  If the folder already exists, Windows will ask you if it should update the folder with the appropriate rights for the user.

As for other shares through the mapping, make sure the share and the file security on the share allows appropriate rights for the user connecting to it.

LVL 18

Expert Comment

ID: 24056227
In the domain user account object, under profile tab, as ecsrd mentioned above, you can set map home drive. Only one drive can be mapped with this option. It is designed more for user home folder as it will automatically create the user home folder and with FULL controll permission assigned. If you are going to use this option, you should precreated the root sharename such as "UserHomes" a level above your user account "jsmith". This way you have all the home folder in one root share call "UserHomes". However, this method is not very flexible in terms of administration. First if the user have FULL control, he/she can share whatever and do whatever on the home which can make a mess for you to manage.
The other downside about it is that you have to map this on every user account object in active directory. It would not be a good option in the long run.

If you used the user object to map the above drive, the F: drive will have to be mapped via script. So, again, if you have to do it by script, why not also do the H: drive with script. In the script, you map drive base on group membership. Afterall, you will have more and more departmental shares with more drive letters to be mapped. It has to be based on group membership if you think this trough. Even for the home drive, you can say Domain Users or Computer Employee map H: etc., and Finance map F: etc.

Here's a sample of script in the VBS format. You can put it on a text file with extension LogonScript.vbs
Then create a GPO by User Configuration>Windows Settings>Scripts>Logon, and place this file there. This file will be placed in your domain  such as \\domainanme\netlogon whcih everyone have read access.
'For drive mappings with VBS:
Option Explicit
Dim oNet, wshShell, sUserName, sUserDomain, oAcct, sGroup, GroupObj, objShell
Set oNet = CreateObject("WScript.Network")
sUserName = oNet.UserName
sUserDomain = oNet.UserDomain
Set oAcct = GetObject("WinNT://" & sUserDomain & "/" & sUserName)
For Each GroupObj In oAcct.Groups
	Select Case GroupObj.Name
		Case "Group Name"
			oNet.MapNetworkDrive "F:" , "\\ServerName\ShareName$"
		Case Else
	End Select

Open in new window

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

LVL 18

Expert Comment

ID: 24056251
BTW, if you haven't done any drive mappings you may want to consider shortcuts instead of drive mappings. To be shortcut is more meaningful than drive mappings. H: drive is meaningless as it could be home share or a share for Human Resources. I prefer shortcuts than drive mappings as you can have tons of shortcuts but only a limited number of meaningless drive mappings. In our enviornment, user access the network resources via a folder at their desktop. This folder will consist all shortcuts to the network shares with meaningful names.
LVL 31

Author Comment

ID: 24062325
Good, we're already using netlogon. I've added the appropriate network drive mapping code in there. The shared "N:\" drive seems to be working properly.

But I am having some trouble setting the "home folder". I have gone into the user account -> profile -> Connect (H:) To \\mainserver\jsmith$, and I've setup a folder share for jsmith with the appropriate account priviledges setup (jsmith and administrators gets full access, everyone else is denied).

However, when I login, the H:\ drive isn't mapped. Typing at the command prompt:
    NET USE H: /home

Results in an error that the network location could not be found.
LVL 11

Assisted Solution

ecsrd earned 1600 total points
ID: 24064819
You need to map a root folder share, NOT the user's folder, ie, if you wanted to have the jsmith folder accessible by jsmith, you would create a folder structure like this:


You would then share C:\HomeFolders with the permissions I have put above in my previous post, (and if you want the share to be hidden, share it as HomeFolder$ if you want)

Then in the profile section: Map H:\ to \\server\homefolder$\%USERNAME% - click apply.

When you click apply, the share will update itself to \\server\homefolder$\jsmith - and as long as security is set correctly on the share, you will get no error messages.  From now on, H:\ for jsmith will be mapped on login to the home folder correctly.
LVL 18

Assisted Solution

Americom earned 400 total points
ID: 24065618
"(jsmith and administrators gets full access, everyone else is denied)."

If you are saying that you have set "everyone" to denied, then you need to know that denied override all other permission as it is the most restricted permission. Also, when the use access a share over the network, the most restrictive of Share+Security(NTFS) is the effective permission. In your case, denied access is the most restrictive permission, therefore no one would have access to the share over the network. Try to just grant access to Everyone group or the Authenticated Users group with FULL Control on the share and restrictive access by only the NTFS permission so that you do run into a mess and end up too much time on troubleshooting permissions.

Expert Comment

ID: 24066128
Batch files.
Make saperate batch files for saperate user
Copy these batch files to Sysvol\domain\script

Also set the  perticular user profile - "in logon script simply type perticular user batch file name

Step 1
At command prompt
C:\copy con accout.bat (account is name for perticular department)
edit  the line(command) in account.bat
net use z: \\Servername\share folder
(you can change drive letter which you want for user)
copy this batch file to \sysvol\domain\scipt folder
Step 2
In perticular user profile simply type name of batch file in Logon script radio.

LVL 31

Author Closing Comment

ID: 31566087
Alright, got it working. It was a combination of what escrd said, and americon. I got my permissions wrong, and I didn't map the root users folder properly.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question