Setting up domain users with automatic network drive mappings

Posted on 2009-04-02
Last Modified: 2013-12-23
With my Windows Server 2003 domain controller, how would I set it up so that domain users automatically get a couple of network drives mapped on login? I need this to happen:

     F:\     mapped to    \\mainserver\data
     H:\    mapped to     \\mainserver\jsmith        <-- where "jsmith" is the username

This mapping needs to happen regardless of the computer that the user logs in on (provided the computer is part of the domain).

I don't know much about this... if somebody could tell me not only what to configure, but also HOW to get to the screen, that would be really helpful. Like, if the screen is somewhere deep inside the MMC console... tell me where to go.
Question by:Frosty555
  • 3
  • 2
  • 2
  • +2

Expert Comment

ID: 24055990
That's a very quick task, actually. The easiest way is to use batch files. Check out this site for full instructions and free batch files to get the job done.

Hope this helps. :)
LVL 11

Accepted Solution

ecsrd earned 400 total points
ID: 24056010
To map your "H" drive (homefolder), open Active Directory Users and Computers and browse to the user in question.  Open up the Profile tab and in the Home Folder section:

Connect H: To: \\path\share

To map other drives, create a logon script with the appropriate drive letter mappings and save it as "<filename>.bat", ie: jsmith.bat in the \\domaincontroller\netlogon folder.  In the User Profile section of the same tab as before, in the Logon script section, type the name of the logon script you created, no path, just a name, ie: jsmith.bat

Then when the user logs on, the drives will be mapped and the home folder will be mapped out.

Remember, you need to ensure you have set the appropriate share settings for the shares so that the user can access it.  For the home folder share, the following MUST be set:
Allow - SYSTEM - Full Control - This folder, Subfolders and Files
Allow - CREATOR OWNER - Special: Traverse Folder/execute file, List folder/read data, Read attributes, Read extended attributes, Read permissions - This folder, Subfolders and files

Windows will create the home folder with the users appropriate permissions for the user at the specified share as long as the share exists, and the permissions are set.  If the folder already exists, Windows will ask you if it should update the folder with the appropriate rights for the user.

As for other shares through the mapping, make sure the share and the file security on the share allows appropriate rights for the user connecting to it.

LVL 18

Expert Comment

ID: 24056227
In the domain user account object, under profile tab, as ecsrd mentioned above, you can set map home drive. Only one drive can be mapped with this option. It is designed more for user home folder as it will automatically create the user home folder and with FULL controll permission assigned. If you are going to use this option, you should precreated the root sharename such as "UserHomes" a level above your user account "jsmith". This way you have all the home folder in one root share call "UserHomes". However, this method is not very flexible in terms of administration. First if the user have FULL control, he/she can share whatever and do whatever on the home which can make a mess for you to manage.
The other downside about it is that you have to map this on every user account object in active directory. It would not be a good option in the long run.

If you used the user object to map the above drive, the F: drive will have to be mapped via script. So, again, if you have to do it by script, why not also do the H: drive with script. In the script, you map drive base on group membership. Afterall, you will have more and more departmental shares with more drive letters to be mapped. It has to be based on group membership if you think this trough. Even for the home drive, you can say Domain Users or Computer Employee map H: etc., and Finance map F: etc.

Here's a sample of script in the VBS format. You can put it on a text file with extension LogonScript.vbs
Then create a GPO by User Configuration>Windows Settings>Scripts>Logon, and place this file there. This file will be placed in your domain  such as \\domainanme\netlogon whcih everyone have read access.
'For drive mappings with VBS:
Option Explicit
Dim oNet, wshShell, sUserName, sUserDomain, oAcct, sGroup, GroupObj, objShell
Set oNet = CreateObject("WScript.Network")
sUserName = oNet.UserName
sUserDomain = oNet.UserDomain
Set oAcct = GetObject("WinNT://" & sUserDomain & "/" & sUserName)
For Each GroupObj In oAcct.Groups
	Select Case GroupObj.Name
		Case "Group Name"
			oNet.MapNetworkDrive "F:" , "\\ServerName\ShareName$"
		Case Else
	End Select

Open in new window

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

LVL 18

Expert Comment

ID: 24056251
BTW, if you haven't done any drive mappings you may want to consider shortcuts instead of drive mappings. To be shortcut is more meaningful than drive mappings. H: drive is meaningless as it could be home share or a share for Human Resources. I prefer shortcuts than drive mappings as you can have tons of shortcuts but only a limited number of meaningless drive mappings. In our enviornment, user access the network resources via a folder at their desktop. This folder will consist all shortcuts to the network shares with meaningful names.
LVL 31

Author Comment

ID: 24062325
Good, we're already using netlogon. I've added the appropriate network drive mapping code in there. The shared "N:\" drive seems to be working properly.

But I am having some trouble setting the "home folder". I have gone into the user account -> profile -> Connect (H:) To \\mainserver\jsmith$, and I've setup a folder share for jsmith with the appropriate account priviledges setup (jsmith and administrators gets full access, everyone else is denied).

However, when I login, the H:\ drive isn't mapped. Typing at the command prompt:
    NET USE H: /home

Results in an error that the network location could not be found.
LVL 11

Assisted Solution

ecsrd earned 400 total points
ID: 24064819
You need to map a root folder share, NOT the user's folder, ie, if you wanted to have the jsmith folder accessible by jsmith, you would create a folder structure like this:


You would then share C:\HomeFolders with the permissions I have put above in my previous post, (and if you want the share to be hidden, share it as HomeFolder$ if you want)

Then in the profile section: Map H:\ to \\server\homefolder$\%USERNAME% - click apply.

When you click apply, the share will update itself to \\server\homefolder$\jsmith - and as long as security is set correctly on the share, you will get no error messages.  From now on, H:\ for jsmith will be mapped on login to the home folder correctly.
LVL 18

Assisted Solution

Americom earned 100 total points
ID: 24065618
"(jsmith and administrators gets full access, everyone else is denied)."

If you are saying that you have set "everyone" to denied, then you need to know that denied override all other permission as it is the most restricted permission. Also, when the use access a share over the network, the most restrictive of Share+Security(NTFS) is the effective permission. In your case, denied access is the most restrictive permission, therefore no one would have access to the share over the network. Try to just grant access to Everyone group or the Authenticated Users group with FULL Control on the share and restrictive access by only the NTFS permission so that you do run into a mess and end up too much time on troubleshooting permissions.

Expert Comment

ID: 24066128
Batch files.
Make saperate batch files for saperate user
Copy these batch files to Sysvol\domain\script

Also set the  perticular user profile - "in logon script simply type perticular user batch file name

Step 1
At command prompt
C:\copy con accout.bat (account is name for perticular department)
edit  the line(command) in account.bat
net use z: \\Servername\share folder
(you can change drive letter which you want for user)
copy this batch file to \sysvol\domain\scipt folder
Step 2
In perticular user profile simply type name of batch file in Logon script radio.

LVL 31

Author Closing Comment

ID: 31566087
Alright, got it working. It was a combination of what escrd said, and americon. I got my permissions wrong, and I didn't map the root users folder properly.

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
An article on effective troubleshooting
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question