Using variables in Home drive path in AD   -  group policy

Posted on 2015-02-06
Medium Priority
Last Modified: 2015-02-07
Hi there,
Running server 2008 R2 domain.  Need to do:
1) Hide the home drive paths from the user sessions.  Example At the moment all users get the   H:\\server\AllStudents\grade1\Jmisha   mapped.  How/where I can make changes in GPO to have users only see 'H:' instead of the full server path.

2) In the Ad user properties, profile tab, home folder  I simply put \\server\AllStudents\grade1\%username% and the home folder with appropriate permissions is made under 'Each Grade'.  Keeping in mind that the number after the 'grade' changes for each user in different grades what variable path I can put in so that the user home folders are successfully created for each grade.  Example:
\\server\AllStudents  = is a permanent path
grade(number)\%username% = is a variable path.  What can I use for grade(number)?

Need help
Question by:amanzoor
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
LVL 34

Expert Comment

ID: 40593931
The variables in question are set on the client.  Potentially you could create a new environment variable that is retrieved via a script mechanism for the Grade Number (I'm just not certain in the scheme of things if scripts are ran before the home folder is set or after, you may have to do some testing, otherwise, you may have to use a login script to map the drive for you).

As for setting an environment variable.  What operating system is on your client computers?  If they are all Vista and above you can use SETX to set an environment variable; i.e. -

Open in new window

Then you could reference it in your Home Directory setting as -

Open in new window

LVL 37

Accepted Solution

Mahesh earned 1000 total points
ID: 40594468
By default windows sets the mapped drive label with the associated path. Through GPO, you can set a label to the mapped drive under "Label as" option.
Create new GPO, in GPO under user configuration\preferences use drive map GP Preferences and create new home drive as drive map, do not forget to select "Run in logged user security context, otherwise GPO preference will not apply
Apply this GPO to OU containing users
If you have XP machines, download CSE for XP and install it on XP  to apply GP preferences item

Attached here settings
Drive MapCommon tab setting
Either you have to use the GPO or use logon script to map drive and rename it.

Author Comment

ID: 40594492
Mahesh and Saige;
Saige is suggesting to create the environment variable first.  Please look under preferences, drive maps, Environment.  I need help making this for my 'grade1' 'grade2'............................so on
Then I can put this path in the drive maps like:
\\server\allstudents\%grade(1)(2)(3)......%\%username%.  Please help me how to make the environment variable for:
grade(number) where number is the variable.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 34

Expert Comment

ID: 40594501
The first question, then, is where is the grade number stored? If it is stored in Active Directory, which property are you assigning it to?


Author Comment

ID: 40594560
It saves the folders on '\\server' If I want to make a home drive for a group of users in the same OU, I simply highlight them, go to profile tab, in the home drive select H: and put the path like \\server\Allstudents\grade2\%username%.  So under this server, AllStudents I can see folders of all grades(grade1, grade2.....................)  I am trying to play around with Environment in preferences (not productive as yet).  Need help
LVL 37

Expert Comment

ID: 40594640
Anyways you have to enter grade in form of environmental form in home directory path, what I mean you cannot keep it common for all users just like %username%, it will apply to all users
According to my understanding, you can't achieve what you want by deploying environmental variables because you have multiple grades and for that you do require multiple variables defined
Further more it will not hide grade folder

Better you could deploy GP Preferences with "Label As" it will hide home drive path

If you wanted that user would not be able to locate path on server directly, you could enable access based enumeration on server share
Also you need to replace authenticated users with specific students group having same grade on each grade folder
LVL 34

Assisted Solution

it_saige earned 1000 total points
ID: 40594868
I understand that you save the folders as grade1, grade2, etc.  But how do you determine the students grade level?  Normally, you would create an (or use an existing) attribute in order to identify the students grade level.

To create a custom attribute you could do the following:

1. Register schmmgmt.dll

Open an administrative command prompt.Type in 'regsvr32 schmmgmt.dll' and press enter.You should receive a message that schmmgmt.dll registration succeeded.  Press OK to acknowledge the message box.

2. Open the Active Directory Schema mmc snap-in

Open the Microsoft Management Console (mmc.exe).With the Microsoft Management Console open, select File --> Add/Remove Snap-in...In the Add or Remove Snap-ins Dialog, choose 'Active Directory Schema' and click 'Add'.Once added in the Selected snap-ins tree, click OK.

3. Add a new attribute for gradeLevel (or any other name that will assist you with identifying the attribute). Note: In order to add an attribute, you must be a member of the Schema Admins administrative group.

Expand the Active Directory Schema tree.Right-click on 'Attributes' and select 'Create Attribute...'.Click 'Continue' to acknowledge the warning.Since we are dealing with Grade Levels, I chose a syntax of Enumeration with a Minimum value of 0 (Kindergartener) and 12 (High School Senior).Note: You must enter a valid Unique X500 Object ID.  You can generate a valid object id by using the script presented here: https://gallery.technet.microsoft.com/scriptcenter/56b78004-40d0-41cf-b95e-6e795b2e8a06After refreshing the Attributes, you can see your new attribute defined.

4. Assign the attribute to the user class.

Select the Classes tree.Right-click on the user class object and choose 'Properties'.Select the 'Attributes' tab, and press 'Add'.Locate and select the attribute you just added.  Press OK to add the attribute.After adding the attribute.  Press OK.You can then use a script, powershell or ADSI Edit to modify the custom attributes for your users.  Conversely, you can then use a script to get the custom attribute for the user in order to assign it to an environment variable.

Edit:  Another idea (using the custom attribute) is to use the powershell presented here, in order to not only create but set the user's home directory.


Author Closing Comment

ID: 40595706
Thanks guys,
Really appreciate your time.
I was able to achieve what I needed in a very simple way as Mahesh guided,
-Simple connected the Mapped drive in General tab under preferences 'REPLACE' H: to the \\server\Allstudent\grade1\%logonuser%, labeled it 'HOMEDRIVE'  In the common tab, simple pull up the OU in which the users for grade1 reside.
-Do all Maps for H drive for each grade level, and in Common tab keep on pulling down the corresponding OU.
-In the properties of the user in AD, does not matter even if the user already has the H drive mapped to  \\server\Allstudent\grade1\%logonuser% the REPLACE map drive takes care of this.
-End result, I tried with each user in each OU and wallah, I simply got 'HOME DRIVE H:, nicely  mapped to users homedrives.
-no need to tweak down to variable level.
LVL 37

Expert Comment

ID: 40595773
Instead of "Replace" select "Update"

What it will do, it will create map drive 1st time, next time it will look for map drive with appropriate path and if found wrong path, it will just update it to correct one,
if correct path found just skip it

Thanks for excellent walk through wrt new attribute creation.
Thank You.
LVL 34

Expert Comment

ID: 40595795
@Mahesh - Thanks for the compliment.

@amonzoor - Glad you got it sorted out.


Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This program is used to assist in finding and resolving common problems with wireless connections.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this vā€¦
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question