Is it possible to create a GPO preference to map a drive for users only when they login to a certain machine? For instance, I need drive E: mapped when they log into a server named TEST, but I don’t want it to try and map E: when they are logging onto their normal PCs (E: is likely used by a DVD drive for example).<\/p>","upvoteCount":10,"answerCount":11,"datePublished":"2015-03-10T16:19:44.000Z","author":{"@type":"Person","name":"moten5324","url":"https://community.spiceworks.com/u/moten5324"},"acceptedAnswer":{"@type":"Answer","text":"
With Item Level targeting it’s possible. You can target multiple conditions IE a certain user AND a certain machine. You’ll probably want to limit the scope of the GPO down so it’s not applied unnecessarily. Perhaps add the computer or user to a security group and use delegation to limit the GPO applying.<\/p>","upvoteCount":24,"datePublished":"2015-03-10T16:24:09.000Z","url":"https://community.spiceworks.com/t/group-policy-map-drive-only-on-certain-computer/386353/3","author":{"@type":"Person","name":"jeremyclark","url":"https://community.spiceworks.com/u/jeremyclark"}},"suggestedAnswer":[{"@type":"Answer","text":"
Is it possible to create a GPO preference to map a drive for users only when they login to a certain machine? For instance, I need drive E: mapped when they log into a server named TEST, but I don’t want it to try and map E: when they are logging onto their normal PCs (E: is likely used by a DVD drive for example).<\/p>","upvoteCount":10,"datePublished":"2015-03-10T16:19:44.000Z","url":"https://community.spiceworks.com/t/group-policy-map-drive-only-on-certain-computer/386353/1","author":{"@type":"Person","name":"moten5324","url":"https://community.spiceworks.com/u/moten5324"}},{"@type":"Answer","text":"
Stab in the dark but assign the drive map GPO to the user / group and WMI bind it to the server?<\/p>","upvoteCount":4,"datePublished":"2015-03-10T16:21:38.000Z","url":"https://community.spiceworks.com/t/group-policy-map-drive-only-on-certain-computer/386353/2","author":{"@type":"Person","name":"bhefty","url":"https://community.spiceworks.com/u/bhefty"}},{"@type":"Answer","text":"\n\n
<\/div>\n
jeremyclark:<\/div>\n
\nWith Item Level targeting it’s possible. You can target multiple conditions IE a certain user AND a certain machine. You’ll probably want to limit the scope of the GPO down so it’s not applied unnecessarily. Perhaps add the computer or user to a security group and use delegation to limit the GPO applying.<\/p>\n<\/blockquote>\n<\/aside>\n
Yep, this is executed/implemented by using what are called “Group Policy Preferences.” One of the best additions to GPO functionality IMO.<\/p>\n
The security filtering will probably complicate things - i.e. is likely unnecessary for the scenario, but if you’re running a larger environment with lots of GPO’s this would be a good idea.<\/p>","upvoteCount":5,"datePublished":"2015-03-10T16:26:24.000Z","url":"https://community.spiceworks.com/t/group-policy-map-drive-only-on-certain-computer/386353/4","author":{"@type":"Person","name":"Rob-Dunn","url":"https://community.spiceworks.com/u/Rob-Dunn"}},{"@type":"Answer","text":"
Another way to skin this is to implement loopback GP processing on those computers that you want that drive mapping to appear on. It’s designed to handle these scenarios. It does, however, complicate things, so I would tend to agree that if you can use Item-level targeting in GP Preferences Drive Mappings to sufficiently control where the drive mapping applies to the user, then that’s probably a better approach.<\/p>\n
Darren<\/p>","upvoteCount":7,"datePublished":"2015-03-10T16:32:24.000Z","url":"https://community.spiceworks.com/t/group-policy-map-drive-only-on-certain-computer/386353/5","author":{"@type":"Person","name":"darren-sdm-software","url":"https://community.spiceworks.com/u/darren-sdm-software"}},{"@type":"Answer","text":"
Just tested item level targeting and it’s working a treat! Thanks all for the quick help<\/p>","upvoteCount":1,"datePublished":"2015-03-10T17:08:03.000Z","url":"https://community.spiceworks.com/t/group-policy-map-drive-only-on-certain-computer/386353/6","author":{"@type":"Person","name":"moten5324","url":"https://community.spiceworks.com/u/moten5324"}},{"@type":"Answer","text":"\n\n
<\/div>\n
Darren (SDM Software):<\/div>\n
\nAnother way to skin this is to implement loopback GP processing on those computers that you want that drive mapping to appear on. It’s designed to handle these scenarios. It does, however, complicate things, so I would tend to agree that if you can use Item-level targeting in GP Preferences Drive Mappings to sufficiently control where the drive mapping applies to the user, then that’s probably a better approach.<\/p>\n
Darren<\/p>\n<\/blockquote>\n<\/aside>\n
Not to mention, depending on how you have your OUs and GPOs laid out, this could cause things to apply that you didn’t intend to have apply. I’d say the odds of that are quite small, but it’s something to consider. Also, Loopback Merge can cause a noticeable increase in logon times if you have a lot of GPOs.<\/p>","upvoteCount":0,"datePublished":"2015-03-10T19:03:06.000Z","url":"https://community.spiceworks.com/t/group-policy-map-drive-only-on-certain-computer/386353/7","author":{"@type":"Person","name":"laurelraven","url":"https://community.spiceworks.com/u/laurelraven"}},{"@type":"Answer","text":"
You can use item level targetting for more than just network mapping, you can also do logon scripts, printers, even allow local admin on specific machines, it has to be one of the coolest things I have done/learned with GPO.<\/p>","upvoteCount":0,"datePublished":"2015-03-11T15:42:52.000Z","url":"https://community.spiceworks.com/t/group-policy-map-drive-only-on-certain-computer/386353/8","author":{"@type":"Person","name":"cweb","url":"https://community.spiceworks.com/u/cweb"}},{"@type":"Answer","text":"
\ntechcoord wrote:<\/p>\n
…you can also do logon scripts…<\/p>\n<\/blockquote>\n
Where can you do logon scripts with ILT?<\/p>","upvoteCount":0,"datePublished":"2015-03-11T15:54:20.000Z","url":"https://community.spiceworks.com/t/group-policy-map-drive-only-on-certain-computer/386353/9","author":{"@type":"Person","name":"Rob-Dunn","url":"https://community.spiceworks.com/u/Rob-Dunn"}},{"@type":"Answer","text":"
I don’t believe you can use ILT with logon scripts so you would need to identify registry keys and do aa if,then else on the batch level.<\/p>","upvoteCount":1,"datePublished":"2015-03-11T15:57:04.000Z","url":"https://community.spiceworks.com/t/group-policy-map-drive-only-on-certain-computer/386353/10","author":{"@type":"Person","name":"jasonvivier","url":"https://community.spiceworks.com/u/jasonvivier"}},{"@type":"Answer","text":"
No, Item-level targeting is strictly limited to GP Preferences settings–so Logon/Startup Scripts don’t leverage them. I did blog about a “trick” you could use to essentially leverage Item-level targeting from all policy areas a while back, and for the life of me, I can’t find the blog post, but it amounted to the following:<\/p>\n
Create a GP Preferences Environment Variable policy that delivers an environment variable to the target system, based on the Item-level targeting you’re interested in. Then, use WMI filters on non-GP Preferences GPOs to test for the presence of that Environment Variable and voila! It’s a bit round-about, but in a pinch, it works
Darren<\/p>","upvoteCount":1,"datePublished":"2015-03-11T16:17:27.000Z","url":"https://community.spiceworks.com/t/group-policy-map-drive-only-on-certain-computer/386353/11","author":{"@type":"Person","name":"darren-sdm-software","url":"https://community.spiceworks.com/u/darren-sdm-software"}}]}}
moten5324
March 10, 2015, 4:19pm
1
Is it possible to create a GPO preference to map a drive for users only when they login to a certain machine? For instance, I need drive E: mapped when they log into a server named TEST, but I don’t want it to try and map E: when they are logging onto their normal PCs (E: is likely used by a DVD drive for example).
10 Spice ups
bhefty
March 10, 2015, 4:21pm
2
Stab in the dark but assign the drive map GPO to the user / group and WMI bind it to the server?
4 Spice ups
With Item Level targeting it’s possible. You can target multiple conditions IE a certain user AND a certain machine. You’ll probably want to limit the scope of the GPO down so it’s not applied unnecessarily. Perhaps add the computer or user to a security group and use delegation to limit the GPO applying.
24 Spice ups
Rob-Dunn
March 10, 2015, 4:26pm
4
Yep, this is executed/implemented by using what are called “Group Policy Preferences.” One of the best additions to GPO functionality IMO.
The security filtering will probably complicate things - i.e. is likely unnecessary for the scenario, but if you’re running a larger environment with lots of GPO’s this would be a good idea.
5 Spice ups
Another way to skin this is to implement loopback GP processing on those computers that you want that drive mapping to appear on. It’s designed to handle these scenarios. It does, however, complicate things, so I would tend to agree that if you can use Item-level targeting in GP Preferences Drive Mappings to sufficiently control where the drive mapping applies to the user, then that’s probably a better approach.
Darren
7 Spice ups
moten5324
March 10, 2015, 5:08pm
6
Just tested item level targeting and it’s working a treat! Thanks all for the quick help
1 Spice up
Darren (SDM Software):
Another way to skin this is to implement loopback GP processing on those computers that you want that drive mapping to appear on. It’s designed to handle these scenarios. It does, however, complicate things, so I would tend to agree that if you can use Item-level targeting in GP Preferences Drive Mappings to sufficiently control where the drive mapping applies to the user, then that’s probably a better approach.
Darren
Not to mention, depending on how you have your OUs and GPOs laid out, this could cause things to apply that you didn’t intend to have apply. I’d say the odds of that are quite small, but it’s something to consider. Also, Loopback Merge can cause a noticeable increase in logon times if you have a lot of GPOs.
cweb
March 11, 2015, 3:42pm
8
You can use item level targetting for more than just network mapping, you can also do logon scripts, printers, even allow local admin on specific machines, it has to be one of the coolest things I have done/learned with GPO.
Rob-Dunn
March 11, 2015, 3:54pm
9
techcoord wrote:
…you can also do logon scripts…
Where can you do logon scripts with ILT?
I don’t believe you can use ILT with logon scripts so you would need to identify registry keys and do aa if,then else on the batch level.
1 Spice up
No, Item-level targeting is strictly limited to GP Preferences settings–so Logon/Startup Scripts don’t leverage them. I did blog about a “trick” you could use to essentially leverage Item-level targeting from all policy areas a while back, and for the life of me, I can’t find the blog post, but it amounted to the following:
Create a GP Preferences Environment Variable policy that delivers an environment variable to the target system, based on the Item-level targeting you’re interested in. Then, use WMI filters on non-GP Preferences GPOs to test for the presence of that Environment Variable and voila! It’s a bit round-about, but in a pinch, it works
Darren
1 Spice up
