Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Course Of The Month
7 days, 20 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Best practice for creating share drives via GPO in server 2008 R2
Posted on 2012-04-07
I want to create a few shared drives in server 2008 R2 and have them linked to GPO. I want is so that when users log in they have shared drives appear as network drives and everyone should have there own personal shared drive on the server. What would be a "best practice" configuration method. Any help or suggestions please.
Thanks
Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3 Comments
Active today
Window s 2008 has the basics of these already defined in the starter GPOs.
My method is thus:
As far as each user's personal storage, that can be done by mapping to \\SERVER\SHARE\%username% - the %username% variable fills in with the user's SAM.
If you're feeling adventurous, you can use Kixtart and scripting logic to create one logon script that parses the user's groups and assign drive mappings based on that. For large companies I've seen it used preferentially due to the enormous upkeep required for having dozens of logon scripts otherwise.
My method is thus:
A GPO for common multiple drive mappings (Everyone gets S: for shared storage, P: for company policy documents, etc.)
A GPO for specific role-based drive mappings (L: for legal documentation, T: for templates, I: for IT department, etc.)
A GPO for user or one-off mappings (Oddball mapping needed for specific users)
As far as each user's personal storage, that can be done by mapping to \\SERVER\SHARE\%username% - the %username% variable fills in with the user's SAM.
If you're feeling adventurous, you can use Kixtart and scripting logic to create one logon script that parses the user's groups and assign drive mappings based on that. For large companies I've seen it used preferentially due to the enormous upkeep required for having dozens of logon scripts otherwise.
Going off of what MidnightOne states, there is no real need to have different GPOs anymore with server 2008R2.
The current best practice is to map drives based on Group Membership. The link below shows directly how M$ recommends implementing this policy. From here you can map whatever is needed, and under the common tab, under Item-Level Targeting, you can use any sort of variable for having only specific groups of users, receive mapped drives. Regarding the scope and security filtering, depending on your AD structure, I usually have it at the top of the Domain/Forest/OU and keep the security filtering default. This is because all specific mapping is done in Item-Level targeting and therefore no need to change the scope.
http://blogs.technet.com/b/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspx
Logon scripts unless specifically needed in your environment (haven't found a reason for them yet) bog down the system and create slow logon times. Group policy is clean, easy, and efficient and is considered the current best practice.
-Jared
The current best practice is to map drives based on Group Membership. The link below shows directly how M$ recommends implementing this policy. From here you can map whatever is needed, and under the common tab, under Item-Level Targeting, you can use any sort of variable for having only specific groups of users, receive mapped drives. Regarding the scope and security filtering, depending on your AD structure, I usually have it at the top of the Domain/Forest/OU and keep the security filtering default. This is because all specific mapping is done in Item-Level targeting and therefore no need to change the scope.
http://blogs.technet.com/b/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspx
Logon scripts unless specifically needed in your environment (haven't found a reason for them yet) bog down the system and create slow logon times. Group policy is clean, easy, and efficient and is considered the current best practice.
-Jared
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Active Directory security has been a hot topic of late, and for good reason. With
90%
of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008.
Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month7 days, 20 hours left to enroll
617 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.