1

hi all,

want to create a script to map a drive on logon, ive done the below and it works

net use T: \\networkShare\Test /u:username password /p:yes

but how do i add if a member of this AD group add it

ive tried to do this via local gpedit of the local computer but everywhere it says you go to

users > pref > widnows settings > mapped drives

but i dont see the “preferences”

thanks,
rob

6 Spice ups
2

If it’s specific users, you can save it as a bat file and add it as their login script in AD.

4 Spice ups
3

That is correct. Try to make it as a bat file stored in the PC locally in documents, and then you can make a script from GPEDIT at the startup.
It will run at the startup of the PC.

image
image749×514 33.5 KB
2 Spice ups
4

You don’t really have to use a script for this; it can be handled 100% with group policy.

It’s under User Config > Preferences > Windows Settings > Drive Maps

Screenshot 2025-07-09 082127
Screenshot 2025-07-09 0821271189×506 34.2 KB
15 Spice ups
6

And a 3rd way to do this, via AD: assuming you have the security permissions on the shared folder, the users Profile tab allows for this also

image
image1248×828 75.8 KB
4 Spice ups
7

This is exactly how we do it. I use Access Based Enumeration to assign mappings based on user rights. We’re a legal firm and those without rights to certain areas don’t get that access automatically mapped (and are locked out with access rights from those areas as well). Works a treat for us.

1 Spice up
8

as said i dont see pref under local group policy so i cant do this

1 Spice up
9

Any reason you can’t use the AD logon options?

1 Spice up
10

Are you trying to do this on the local machine? The screen shot is from a Domain Controller running Active Directory and group policy services.

Do you have an AD server in your environment?

3 Spice ups
11

yes but i only want it on this pc only and the share is not domain joined so i have to specify a username and password

1 Spice up
12

With these restraints then, I would make a TASK pointing to the mapping script, that runs at login, to map the drive.
the dir/file being hidden and read only, but that’s me.

2 Spice ups
13

You wasn’t clear on this in your first post.

But just because the share isn’t in the domain, doesn’t mean you can’t use the login script if the user accessing the share IS in the domain.

You can add the .bat file to the desktop of all users and allow them to double click it when they need the share, or alternatively, if multiple users will use this device and all need the share, add the PC/Laptop to the permissions, not users.

1 Spice up
14

thanks guys, i want to use the findstr for a command like

whoami /groups | findstr /L "groupname"

but even if i type in group it comes back with the result, i dont want it to come back with the result only when you type in the EXACT match

1 Spice up
15

how is this related to your mapped drive query?

1 Spice up
16

it is as i want to lock it down to only a group

@echo off

whoami /groups | findstr /i /L groupname

if %errorlevel% equ 0 net use T: \\ipaddress\sharename /u:user pass /p:yes
1 Spice up
17

So you want to map a drive, ONLY if the user is in a group, is the group in AD? Is the device and/or users connecting also in the domain?

If so, you seem to be complicating this.

From what you’ve shared, it’s only the share itself that isn’t in the domain.

If you provided this information at the start it would make helping you easier.

1 Spice up
18

yes the users are in AD, i made a group including all the users and all the users conencting to this server are on the domain

1 Spice up
19

Then you can still run this via the AD console under profile>logon script, the script just needs to be accessible by the users.

You wouldn’t need to check for a group this way as you’d specifically add the script to those users you want to access the share.

As noted earlier, if it’s a specific machine and not strictly users, you can add the device to the permissions on the share, so the device has access. So anyone on this device can use it.

1 Spice up
20

Can you help verify a couple of things because I’ve read through your posts a couple of times and I’m getting confused.

  1. The workstation you want to map the drive on, is NOT domain connected.
  2. The share you are mapping is also on a computer NOT domain connected.
  3. The users and user group you want to secure the share with IS on the domain.

Is that correct?

1 Spice up
21

problem solved

whoami /groups | findstr /i "\<exactgroupnamehere\>"
2 Spice ups