GPO and timed mapped drives.

I need to create a group policy that disconnects certain users from mapped drives at a certain time. Can this be done?
cnl83Asked:
Who is Participating?
 
Cliff GaliherConnect With a Mentor Commented:
The proper approach is to have two accounts on that computer.  User 1 logs off, user 2 logs on.  Mapped drives are done in the user context so drives mapped for user 1 won't exist in user 2 and vice versa.  And by doing two accounts, you actually get to prevent access at the share level to resources that the other user doesn't need.  Unmapping the drive is not an sufficient security boundary.
0
 
MaheshArchitectCommented:
you need to create schedule tasks which will connect / disconnect mapped drives at certain time

schedule tasks can be pushed via GPO preferences

Also GPO should be filtered to apply only specific group (set of users) and this can be done via item level targeting in GP preferences item
0
 
DonNetwork AdministratorCommented:
You could try using task scheduler and a batch file with

net use /del Z:

or

net use /del *  <<< to delete all
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Cliff GaliherCommented:
Keep in mind that a mapped drive is exactly that.  It *maps* to an SMB share.  Unmapping a drive won't suddenly block the user from accessing the underlying share.  And removing access to a share on a schedule is not a trivial task due to Kerberos tickets lifetimes.  There isn't a simple good way to do what you want.  Perhaps if you explain the business need you are trying to accomplish, we can suggest better ways.
0
 
cnl83Author Commented:
Two employees are sharing the same computer. The second employee gets on at 2PM and does not need to have access to that drive.
0
 
Mitul PrajapatiJunior IT EngineerCommented:
Steps:

 Open Group policy --> right click and edit policy of drive mapping policy --->user configuration -->Preference --> Windows Settings --> Drive Maps --> Right click and select properties of mapped drive --> Common Tab --> Select Targeting --> New Item --> Time Range (Define the time range... )    Done!!!

@Two employees sharing the same computer --> Create new item for both of the employee..
0
 
Cliff GaliherConnect With a Mentor Commented:
That'll only map the drive between those times. But it won't unmap an existing drive while the user is logged in. And GPs only refresh every 90 minutes so even a forced workaround is not reliable.
1
 
Mitul PrajapatiJunior IT EngineerCommented:
You are right Cliff... I totally missed that point..
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
You can and additional conditions to #a42485970 and change it to "Remove policy when going out of scope" or you can use PowerShell to enable/disable the link from DC with a scheduled task
0
 
cnl83Author Commented:
This is one user... so maybe I'll skip the GP and apply a scheduled task with a batch file.
0
 
cnl83Author Commented:
Cliff, I agree that two profiles would resolve the issue, but they want them on the same account, email etc.
0
 
Cliff GaliherConnect With a Mentor Commented:
Sometimes. The job of an I. T. Pro is to educate (thus the "pro") and it sounds like you need to educate them. Even if ther on needs or technical limitations or both.

Shared email is easy. Shared resources are easy but if they don't want the mapped drives shared, then they want two accounts....withour realizing it. That's my. 02 cents.
1
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.