Yesterday we had a brief introduction to what Group Policy is and what it can do for you. Today we are going to actually make it do our work for us. Back in the day if you had to map a drive on several machines you did it via the Autoexec.bat or as a login script from your domain controller.
Now I will show you how you can add a map network drive to a computers on your network depending on what OU they are in. An OU is an Organizational Unit in your Active Directory or simply put a container to hold similar stuff.
Why do we put things into OU’s? To make our lives as Admin’s that much easier.
By grouping all of your Accounting users into one OU you can then assign a Group Policy to that OU. Now if there are 5000 people in one department or 5 it is the same amount of work to add a mapped drive (or any of the other GP tasks we will do) to there machines. You can nest OU’s in OU’s like seen above here with the Accounting OU. It holds an AR and an AP department. You can apply policies to all three OU’s at once or individually. You control how GP trickles down like permissions.
By having OU’s and group policy on your network users can have their mapped drives and other resources no matter where they are logging into on your domain.
Are you frightened? Don’t be this is pretty simple! Log into your AD machine and open up your Active Directory Users and Computers Console. It is located in the control panel under administrative tools.
Get in there right click on your OU choose properties and then the group policy tab. Depending on how your AD machine is set up you might have to click on a a button that says open Group Policy Management.
Once you are there you can create and link your Group Policy by right clicking on the OU like seen here.
Now you see your policy appear on the right… Simply right click and edit it.
Navigate down to The User Configuration folder and choose Windows Settings and then Scripts and finally Log-on. Hit the add button. Now you will need to point your GP to a script to run. Create a .bat file with the following line in it. Obviously changing the drive letter and the share name to your own.
net use i: \\AskheAdmin\newaccounting$
Save this file to your domain name under the SysVol folder and into the Scripts folder.
So if your domain name is AskTheAdmin.com it would go into
Save it as logon.bat and simply type logon.bat in the box below:
Hit OK and OK again. Make sure to close out of any open Group Policy windows. Then log the user into any Domain machine and watch the drive mount for you. Of course if the user does not have the proper rights to the drive you specified it won’t work!
If you want to do this to a machine that is not on AD stay tuned for more in our GP series.