Go Premium for a chance to win a PS4. Enter to Win


Setting up domain users with automatic network drive mappings

Posted on 2009-04-02
Medium Priority
Last Modified: 2013-12-23
With my Windows Server 2003 domain controller, how would I set it up so that domain users automatically get a couple of network drives mapped on login? I need this to happen:

     F:\     mapped to    \\mainserver\data
     H:\    mapped to     \\mainserver\jsmith        <-- where "jsmith" is the username

This mapping needs to happen regardless of the computer that the user logs in on (provided the computer is part of the domain).

I don't know much about this... if somebody could tell me not only what to configure, but also HOW to get to the screen, that would be really helpful. Like, if the screen is somewhere deep inside the MMC console... tell me where to go.
Question by:Frosty555
  • 3
  • 2
  • 2
  • +2

Expert Comment

ID: 24055990
That's a very quick task, actually. The easiest way is to use batch files. Check out this site for full instructions and free batch files to get the job done.


Hope this helps. :)
LVL 11

Accepted Solution

ecsrd earned 1600 total points
ID: 24056010
To map your "H" drive (homefolder), open Active Directory Users and Computers and browse to the user in question.  Open up the Profile tab and in the Home Folder section:

Connect H: To: \\path\share

To map other drives, create a logon script with the appropriate drive letter mappings and save it as "<filename>.bat", ie: jsmith.bat in the \\domaincontroller\netlogon folder.  In the User Profile section of the same tab as before, in the Logon script section, type the name of the logon script you created, no path, just a name, ie: jsmith.bat

Then when the user logs on, the drives will be mapped and the home folder will be mapped out.

Remember, you need to ensure you have set the appropriate share settings for the shares so that the user can access it.  For the home folder share, the following MUST be set:
Allow - SYSTEM - Full Control - This folder, Subfolders and Files
Allow - CREATOR OWNER - Special: Traverse Folder/execute file, List folder/read data, Read attributes, Read extended attributes, Read permissions - This folder, Subfolders and files

Windows will create the home folder with the users appropriate permissions for the user at the specified share as long as the share exists, and the permissions are set.  If the folder already exists, Windows will ask you if it should update the folder with the appropriate rights for the user.

As for other shares through the mapping, make sure the share and the file security on the share allows appropriate rights for the user connecting to it.

LVL 18

Expert Comment

ID: 24056227
In the domain user account object, under profile tab, as ecsrd mentioned above, you can set map home drive. Only one drive can be mapped with this option. It is designed more for user home folder as it will automatically create the user home folder and with FULL controll permission assigned. If you are going to use this option, you should precreated the root sharename such as "UserHomes" a level above your user account "jsmith". This way you have all the home folder in one root share call "UserHomes". However, this method is not very flexible in terms of administration. First if the user have FULL control, he/she can share whatever and do whatever on the home which can make a mess for you to manage.
The other downside about it is that you have to map this on every user account object in active directory. It would not be a good option in the long run.

If you used the user object to map the above drive, the F: drive will have to be mapped via script. So, again, if you have to do it by script, why not also do the H: drive with script. In the script, you map drive base on group membership. Afterall, you will have more and more departmental shares with more drive letters to be mapped. It has to be based on group membership if you think this trough. Even for the home drive, you can say Domain Users or Computer Employee map H: etc., and Finance map F: etc.

Here's a sample of script in the VBS format. You can put it on a text file with extension LogonScript.vbs
Then create a GPO by User Configuration>Windows Settings>Scripts>Logon, and place this file there. This file will be placed in your domain  such as \\domainanme\netlogon whcih everyone have read access.
'For drive mappings with VBS:
Option Explicit
Dim oNet, wshShell, sUserName, sUserDomain, oAcct, sGroup, GroupObj, objShell
Set oNet = CreateObject("WScript.Network")
sUserName = oNet.UserName
sUserDomain = oNet.UserDomain
Set oAcct = GetObject("WinNT://" & sUserDomain & "/" & sUserName)
For Each GroupObj In oAcct.Groups
	Select Case GroupObj.Name
		Case "Group Name"
			oNet.MapNetworkDrive "F:" , "\\ServerName\ShareName$"
		Case Else
	End Select

Open in new window

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

LVL 18

Expert Comment

ID: 24056251
BTW, if you haven't done any drive mappings you may want to consider shortcuts instead of drive mappings. To be shortcut is more meaningful than drive mappings. H: drive is meaningless as it could be home share or a share for Human Resources. I prefer shortcuts than drive mappings as you can have tons of shortcuts but only a limited number of meaningless drive mappings. In our enviornment, user access the network resources via a folder at their desktop. This folder will consist all shortcuts to the network shares with meaningful names.
LVL 31

Author Comment

ID: 24062325
Good, we're already using netlogon. I've added the appropriate network drive mapping code in there. The shared "N:\" drive seems to be working properly.

But I am having some trouble setting the "home folder". I have gone into the user account -> profile -> Connect (H:) To \\mainserver\jsmith$, and I've setup a folder share for jsmith with the appropriate account priviledges setup (jsmith and administrators gets full access, everyone else is denied).

However, when I login, the H:\ drive isn't mapped. Typing at the command prompt:
    NET USE H: /home

Results in an error that the network location could not be found.
LVL 11

Assisted Solution

ecsrd earned 1600 total points
ID: 24064819
You need to map a root folder share, NOT the user's folder, ie, if you wanted to have the jsmith folder accessible by jsmith, you would create a folder structure like this:


You would then share C:\HomeFolders with the permissions I have put above in my previous post, (and if you want the share to be hidden, share it as HomeFolder$ if you want)

Then in the profile section: Map H:\ to \\server\homefolder$\%USERNAME% - click apply.

When you click apply, the share will update itself to \\server\homefolder$\jsmith - and as long as security is set correctly on the share, you will get no error messages.  From now on, H:\ for jsmith will be mapped on login to the home folder correctly.
LVL 18

Assisted Solution

Americom earned 400 total points
ID: 24065618
"(jsmith and administrators gets full access, everyone else is denied)."

If you are saying that you have set "everyone" to denied, then you need to know that denied override all other permission as it is the most restricted permission. Also, when the use access a share over the network, the most restrictive of Share+Security(NTFS) is the effective permission. In your case, denied access is the most restrictive permission, therefore no one would have access to the share over the network. Try to just grant access to Everyone group or the Authenticated Users group with FULL Control on the share and restrictive access by only the NTFS permission so that you do run into a mess and end up too much time on troubleshooting permissions.

Expert Comment

ID: 24066128
Batch files.
Make saperate batch files for saperate user
Copy these batch files to Sysvol\domain\script

Also set the  perticular user profile - "in logon script simply type perticular user batch file name

Step 1
At command prompt
C:\copy con accout.bat (account is name for perticular department)
edit  the line(command) in account.bat
net use z: \\Servername\share folder
(you can change drive letter which you want for user)
copy this batch file to \sysvol\domain\scipt folder
Step 2
In perticular user profile simply type name of batch file in Logon script radio.

LVL 31

Author Closing Comment

ID: 31566087
Alright, got it working. It was a combination of what escrd said, and americon. I got my permissions wrong, and I didn't map the root users folder properly.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seveā€¦

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question