Solved

Setting up domain users with automatic network drive mappings

Posted on 2009-04-02
9
1,040 Views
Last Modified: 2013-12-23
With my Windows Server 2003 domain controller, how would I set it up so that domain users automatically get a couple of network drives mapped on login? I need this to happen:

     F:\     mapped to    \\mainserver\data
     H:\    mapped to     \\mainserver\jsmith        <-- where "jsmith" is the username

This mapping needs to happen regardless of the computer that the user logs in on (provided the computer is part of the domain).

I don't know much about this... if somebody could tell me not only what to configure, but also HOW to get to the screen, that would be really helpful. Like, if the screen is somewhere deep inside the MMC console... tell me where to go.
0
Comment
Question by:Frosty555
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 1

Expert Comment

by:Evelmike
Comment Utility
That's a very quick task, actually. The easiest way is to use batch files. Check out this site for full instructions and free batch files to get the job done.

http://www.tinyapps.org/docs/auto_map_network_drives.html

Hope this helps. :)
0
 
LVL 11

Accepted Solution

by:
ecsrd earned 400 total points
Comment Utility
To map your "H" drive (homefolder), open Active Directory Users and Computers and browse to the user in question.  Open up the Profile tab and in the Home Folder section:

Connect H: To: \\path\share

To map other drives, create a logon script with the appropriate drive letter mappings and save it as "<filename>.bat", ie: jsmith.bat in the \\domaincontroller\netlogon folder.  In the User Profile section of the same tab as before, in the Logon script section, type the name of the logon script you created, no path, just a name, ie: jsmith.bat

Then when the user logs on, the drives will be mapped and the home folder will be mapped out.

Remember, you need to ensure you have set the appropriate share settings for the shares so that the user can access it.  For the home folder share, the following MUST be set:
Allow - SYSTEM - Full Control - This folder, Subfolders and Files
Allow - CREATOR OWNER - Special: Traverse Folder/execute file, List folder/read data, Read attributes, Read extended attributes, Read permissions - This folder, Subfolders and files

Windows will create the home folder with the users appropriate permissions for the user at the specified share as long as the share exists, and the permissions are set.  If the folder already exists, Windows will ask you if it should update the folder with the appropriate rights for the user.

As for other shares through the mapping, make sure the share and the file security on the share allows appropriate rights for the user connecting to it.




0
 
LVL 18

Expert Comment

by:Americom
Comment Utility
In the domain user account object, under profile tab, as ecsrd mentioned above, you can set map home drive. Only one drive can be mapped with this option. It is designed more for user home folder as it will automatically create the user home folder and with FULL controll permission assigned. If you are going to use this option, you should precreated the root sharename such as "UserHomes" a level above your user account "jsmith". This way you have all the home folder in one root share call "UserHomes". However, this method is not very flexible in terms of administration. First if the user have FULL control, he/she can share whatever and do whatever on the home which can make a mess for you to manage.
The other downside about it is that you have to map this on every user account object in active directory. It would not be a good option in the long run.

If you used the user object to map the above drive, the F: drive will have to be mapped via script. So, again, if you have to do it by script, why not also do the H: drive with script. In the script, you map drive base on group membership. Afterall, you will have more and more departmental shares with more drive letters to be mapped. It has to be based on group membership if you think this trough. Even for the home drive, you can say Domain Users or Computer Employee map H: etc., and Finance map F: etc.

Here's a sample of script in the VBS format. You can put it on a text file with extension LogonScript.vbs
Then create a GPO by User Configuration>Windows Settings>Scripts>Logon, and place this file there. This file will be placed in your domain  such as \\domainanme\netlogon whcih everyone have read access.
'For drive mappings with VBS:
 

Option Explicit

Dim oNet, wshShell, sUserName, sUserDomain, oAcct, sGroup, GroupObj, objShell

Set oNet = CreateObject("WScript.Network")

sUserName = oNet.UserName

sUserDomain = oNet.UserDomain

Set oAcct = GetObject("WinNT://" & sUserDomain & "/" & sUserName)
 

For Each GroupObj In oAcct.Groups

	Select Case GroupObj.Name

		Case "Group Name"

			oNet.MapNetworkDrive "F:" , "\\ServerName\ShareName$"

		Case Else

	End Select

Next

Open in new window

0
 
LVL 18

Expert Comment

by:Americom
Comment Utility
BTW, if you haven't done any drive mappings you may want to consider shortcuts instead of drive mappings. To be shortcut is more meaningful than drive mappings. H: drive is meaningless as it could be home share or a share for Human Resources. I prefer shortcuts than drive mappings as you can have tons of shortcuts but only a limited number of meaningless drive mappings. In our enviornment, user access the network resources via a folder at their desktop. This folder will consist all shortcuts to the network shares with meaningful names.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 31

Author Comment

by:Frosty555
Comment Utility
Good, we're already using netlogon. I've added the appropriate network drive mapping code in there. The shared "N:\" drive seems to be working properly.

But I am having some trouble setting the "home folder". I have gone into the user account -> profile -> Connect (H:) To \\mainserver\jsmith$, and I've setup a folder share for jsmith with the appropriate account priviledges setup (jsmith and administrators gets full access, everyone else is denied).

However, when I login, the H:\ drive isn't mapped. Typing at the command prompt:
    NET USE H: /home

Results in an error that the network location could not be found.
0
 
LVL 11

Assisted Solution

by:ecsrd
ecsrd earned 400 total points
Comment Utility
You need to map a root folder share, NOT the user's folder, ie, if you wanted to have the jsmith folder accessible by jsmith, you would create a folder structure like this:

C:\HomeFolders

You would then share C:\HomeFolders with the permissions I have put above in my previous post, (and if you want the share to be hidden, share it as HomeFolder$ if you want)

Then in the profile section: Map H:\ to \\server\homefolder$\%USERNAME% - click apply.

When you click apply, the share will update itself to \\server\homefolder$\jsmith - and as long as security is set correctly on the share, you will get no error messages.  From now on, H:\ for jsmith will be mapped on login to the home folder correctly.
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 100 total points
Comment Utility
"(jsmith and administrators gets full access, everyone else is denied)."

If you are saying that you have set "everyone" to denied, then you need to know that denied override all other permission as it is the most restricted permission. Also, when the use access a share over the network, the most restrictive of Share+Security(NTFS) is the effective permission. In your case, denied access is the most restrictive permission, therefore no one would have access to the share over the network. Try to just grant access to Everyone group or the Authenticated Users group with FULL Control on the share and restrictive access by only the NTFS permission so that you do run into a mess and end up too much time on troubleshooting permissions.
0
 

Expert Comment

by:cp1041
Comment Utility
Batch files.
Make saperate batch files for saperate user
Copy these batch files to Sysvol\domain\script

Also set the  perticular user profile - "in logon script simply type perticular user batch file name

Example
Step 1
At command prompt
C:\copy con accout.bat (account is name for perticular department)
edit  the line(command) in account.bat
net use z: \\Servername\share folder
(you can change drive letter which you want for user)
copy this batch file to \sysvol\domain\scipt folder
Step 2
In perticular user profile simply type name of batch file in Logon script radio.

0
 
LVL 31

Author Closing Comment

by:Frosty555
Comment Utility
Alright, got it working. It was a combination of what escrd said, and americon. I got my permissions wrong, and I didn't map the root users folder properly.
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Join & Write a Comment

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now