Solved

Nested groups and GPO mapping

Posted on 2014-01-30
2
1,714 Views
Last Modified: 2014-02-03
We have opted to do drive mapping by GPO using security groups as the determining factor as to who gets what mapped, the issue is say there is a security group called Sales and there is a sub group that is called Marketing. The Sales share contains the Marketing folder, the Sales manager overseas all so his security group is nested in the Marketing group; so when the GPO is created members of the Marketing group get their mapping and the members of the Sales group get both Marketing and Sales when all they really need is Sales as that already contains Marketing. So this is simply an example but what I am dealing with in real world would end up with the Manager (who has a real need to access all folders sub to Sales) that has 10 different drive mappings when s/he only needs one. Any suggestions you could provide that would limit the Sales manager to simply the parent folder and not map the groups he is nested in would be highly appreciated.
0
Comment
Question by:juslearning
2 Comments
 
LVL 25

Accepted Solution

by:
Coralon earned 500 total points
ID: 39822953
The easiest thing to do is to use your Item Level targeting.

You will configure the drive mapping as
the user is a member of security group <groupname>
AND the user is not a member of the security group <groupname>

Go to the GPP for the drive mapping
Go to the Common page
Select the Item Level Targeting
In the targeting dialog:
Click New Item, and select Security Group
Enter in the correct security group information
Click New Item, and select another Security Group (or a user)
Fill in that information
Select the Item Options menu, and select Is Not.

There's obviously a *lot* of options for doing this.  This technology uses WMI, so the more complicated your filtering, the slower the GPP's will be, but you can definitely accomplish what you want.

In your example (with some made up items)
Drive Q = \\server\share
Item Level targeting
User is a member of Sales
User is a member of Marketing
User is not Joe Smith

Or you can create some negative mapping groups for this use
Drive Q = \\server\share
Item Level targeting
User is a member of Sales
User is a member of Marketing
User is not a member of NoDriveQ

Coralon
0
 

Author Comment

by:juslearning
ID: 39823249
Not at work today, I will try that on Monday and see if it works... thanks.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Deploying packaged application using SCCM steps ? 4 37
LastLogonDate for 10000 users in a csv file 2 26
File Screening 1 14
Extend AD schema for SCCM 2012 3 26
Both MMF (multi-mode fiber) and SMF (single-mode fiber) are types of optical fiber that can aid in communication applications. These thin strands of silica or glass will allow communication to occur between devices. The transmission of light between…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question