User-Preferences-Drive Maps - mapping drive based on security group membership

[poquin]

I apologize in advance if this has been asked previously but I wasn't able to find any related posts to my specific problem. I'm using GPMC on a Windows 2008 server in a 2003 domain. My goal is to stop using scripts for my drive mappings and I'm stumped on a specific issue. Using GP preferences I have successfully mapped drives to \\server\userdata\%username% for home directories and \\server\sharedfolder for universally accessible shares. I need help on mapping a drive letter to different locations based on security group membership. I need it to be the same drive letter for everyone ('R'). Assuming each user is in one of the security groups I'm targeting and not more than one, how do I do this?

For example: Joe works in Budgets, Dan works in IT, Kate works in Research. So when Joe logs in, R: should point to \\server\Budgets, Dan log in, R: points to \\server\IT and when Kate logs in R: points to \\server\research. In drive maps, I created multiple R: drive entries and used item-level targeting to test for security group membership. The problem is it only works for my first R: entry. So Joe will get his R drive mapping correctly but Kate and Dan do not.

Hopefully this all makes sense and someone knows how I should be setting this up. Help!

[trekker]

Yes! You can do that! First off, you'll need to have a Security Group to seperate out the users. If any of your users might need access to more than one of these shares, you may want to consider using different letters for each department.

Next, go into the Properties for one of your drive maps and go to the Common tab. Check "Run in logged-on user's security context (user policy option)." This will make sure that the mapping runs as the user using his/her group memberships. Next, check "Item-Level targeting" and click the "Targeting..." button. Click "New Item" and choose Security Group in the pulldown. Click the "..." button and you can search for the group that will need the folder mapped. Other than adding the group name, you shouldn't need to do anything else. It should say "the user is a member of the security group DOMAIN\Your_Group_Name" when you're done. Click OK on both windows and you should be done.

[poquin]

@ Trekker - Thank you!!!! I was using the group membership item level targeting as you mentioned but I did not have the option for 'run in logged-on users....' selected which did the trick. All my mappings are working correctly and I can dump those logon scripts finally. Thanks again!

[brad]

Thanks for using GPAnswers

Brad Rudisail - MCITP
Technical Support Specialist
GPAnswers and PolicyPak