Managing Local Mapped Drives through GPO

Hi Everyone,

I will try to layout the situation as best as possible.

We have a login script that maps all network drives to our machines. The problem comes in that we all have different local drive letters that map multiple devices such as 4 SD Card Slots. Is there a way to "block off" the network drive letters to be used for mapping local devices on the machine.


I have A: B: D: H: and L: being mapped locally.
We are mapping the following letters via network mappings:  H:, L:, Q:. S: T:, and Z:

I know I can go to my machine and use "Computer Management -> Disk Management" to just re assign the LOCAL letters of H and L to other letters that don't cross the network mappings BUT that's not the point of this question.

I want way that I can pretty much "reserve" the network letters on the local machines so that network drives can be mapped throughout the office without individually going to each machine's disk management. Can this be accomplished through GPO? Is there a better solution? We do not want to assign different letters to the map drives.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

you are already doing this with a logon script to map network drives. You can create multiple logon scripts:
Let's say the CEO wants to map to shares of auditing, safety and executive folders...

You can map to a specific drive for that using a CEO logon script.

Place that logon script in the netlogon folder and then go into active directory and have only the CO run that logon script.

Then, the IT guy needs acces to files of Network shares, IT downloads, and IT audits shares:

You can create a special logon script for the IT guy.

Place that logon script in the netlogon folder and then go into active directory users and computers and have only the IT guy run that logon script.

Then, you can create your Entire office logon script that maps to the typical shares.


No reservation is needed since you are creating a logon script to a specific virtual drive.

The reservation would be nice. Especially with all the SD card devices in new pc's which take up 6 or worse 10 drive letters.
I guess you're problem is with the H: drive which will be taken now and then by a local device.

I looked into this a few months ago, there isnt a real good solution for this. The only advice i can give, network drives should use high drive letters    (z, y, ......)   Microsoft advices (dont tell me where) to use this high letters.
New devices are just added in alphabetical order

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PssTechAuthor Commented:
@ChiefIT: We already know that but that's not the issue. The issue is if the logon script contains a letter such as H:\ but the local machine maps a LOCAL DRIVE, such as an sd slot, as H:\. The local machine mapping overrides the network mapping and you can't remove the local mapping without using Computer Management -> Disk Management and assigning it a new letter. Is there a way to automatically map the local letter as something that is NOT any of the network letters I provided above?

@peter197911: Yea I'm starting to feel there is no way to do this without locally being on the machine and remapping the sd drive to another letter.
I See:

I have never done that before. Instead, I am the network admin and deleted all mapped drives within my logon script. If they wanted additional drives, I would create a custom logon script for them or their department. It's much cleaner that way. What I had to do is include in my script delet all virtually mapped drives   ; )  This forces them to come to you and create the Second logon scripts for the other drives. This helps me manage their network drives better. I sent out a warning prior to this to all department heads that I needed them to inform me what their clients wanted mapped. After the warning, my script was edited and there mappings (locally) were deleted.
There is a GPO to hide certain drives. You might be able to create a custom .ADM template to restrict the drives you wish to reserve. While hidden, I believe they may also NOT be able to map to these drives. If you apply this GPO to users, you can neglect to apply the GPO to the domain Admin account, and therefore the policy doesn't apply to you.

Thisis a USER GPO, computer based:

I have not tried it this way, but I think it will work for you. I might be a little more authoritative on my network. It's probably not the best customer service ploy, but I often have to remind them that they hired me for my IT expertise, and I know best ; )
PssTechAuthor Commented:
Thanks for your attempt on this but it seems as though what I am looking for can't be done and must be done on the local machine level itself.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.