security filtering<\/a> , but first i’d triple check how you’ve linked the GPO.<\/p>\nHope this helps!<\/p>","upvoteCount":0,"datePublished":"2017-10-11T11:34:00.000Z","url":"https://community.spiceworks.com/t/map-drive-for-specific-user-with-gpo/611399/2","author":{"@type":"Person","name":"elliotthompson7967","url":"https://community.spiceworks.com/u/elliotthompson7967"}},{"@type":"Answer","text":"
I usually create a container and keep all of my GPOs in one container then link them to specific OUs. It helps me find them quickly. In the management console, you can see where the GPO is linked. Even though you created it in a certain OU, you can link it to other OUs. You might consider disabling the GPO until you found the issue then re-enable to test.<\/p>","upvoteCount":0,"datePublished":"2017-10-11T11:37:36.000Z","url":"https://community.spiceworks.com/t/map-drive-for-specific-user-with-gpo/611399/3","author":{"@type":"Person","name":"rstaples","url":"https://community.spiceworks.com/u/rstaples"}},{"@type":"Answer","text":"
No sense keeping another container for policies as they already reside in a Group Policy Objects container by default.<\/p>\n
I am assuming the OP is applying this policy in the default domain policy if it is applying to everyone.<\/p>","upvoteCount":1,"datePublished":"2017-10-11T11:44:09.000Z","url":"https://community.spiceworks.com/t/map-drive-for-specific-user-with-gpo/611399/4","author":{"@type":"Person","name":"rockn","url":"https://community.spiceworks.com/u/rockn"}},{"@type":"Answer","text":"
If you’re mapping a drive, you can further specify groups/OU in the configuration for the drive map. Take a deeper look through the settings for that particular part of the policy. I’m not in front of a computer right now to be able to give a solid direct explanation.<\/p>","upvoteCount":0,"datePublished":"2017-10-11T11:49:43.000Z","url":"https://community.spiceworks.com/t/map-drive-for-specific-user-with-gpo/611399/5","author":{"@type":"Person","name":"rbleattler","url":"https://community.spiceworks.com/u/rbleattler"}},{"@type":"Answer","text":"
Initially I made the GPO amongst the others in the forest (under .local), but the mapped drive showed up for everyone.<\/p>\n
So I deleted that GPO and created a new one under a new MIS OU, which linked it to this OU automatically, and then in ADUC, in Security for this OU, I removed inheritance and I placed only myself with Full control, and SYSTEM remained after removing inheritance). The mapped drive still shows up for everyone, unless they disconnect it manually, then it doesn’t re-appear.<\/p>\n
The GPO was created in User Configuration>>>Preferences>>>Windows Settings>>>Drive Maps I am not seeing any place where I can specify users that this should apply to only. I am not a GPO expert (obvs) and just want a handful of people for this mapped drive to show up and reconnect at login.<\/p>\n
Thank you!<\/p>","upvoteCount":0,"datePublished":"2017-10-11T12:05:44.000Z","url":"https://community.spiceworks.com/t/map-drive-for-specific-user-with-gpo/611399/6","author":{"@type":"Person","name":"robweiss2","url":"https://community.spiceworks.com/u/robweiss2"}},{"@type":"Answer","text":"
It sounds to me like the original policy has set up the drive, and then deleting the GPO hasn’t deleted the drive from there machine. I’d recommend setting up a new policy to delete that drive for everyone, then use your new policy and don’t link it to any OU until you’re happy with it, before then applying it only to MIS OU.<\/p>","upvoteCount":0,"datePublished":"2017-10-11T12:17:13.000Z","url":"https://community.spiceworks.com/t/map-drive-for-specific-user-with-gpo/611399/7","author":{"@type":"Person","name":"elliotthompson7967","url":"https://community.spiceworks.com/u/elliotthompson7967"}},{"@type":"Answer","text":"
To clarify, where i say “before then applying it only to MIS OU” i mean link, not apply.<\/p>","upvoteCount":0,"datePublished":"2017-10-11T12:18:03.000Z","url":"https://community.spiceworks.com/t/map-drive-for-specific-user-with-gpo/611399/8","author":{"@type":"Person","name":"elliotthompson7967","url":"https://community.spiceworks.com/u/elliotthompson7967"}},{"@type":"Answer","text":"
You could create a security group and use Item Level Targeting to give access to just that group. That’s how we do most of our drive maps.<\/p>","upvoteCount":1,"datePublished":"2017-10-11T12:20:44.000Z","url":"https://community.spiceworks.com/t/map-drive-for-specific-user-with-gpo/611399/9","author":{"@type":"Person","name":"ken-esc7-dmac","url":"https://community.spiceworks.com/u/ken-esc7-dmac"}},{"@type":"Answer","text":"\n\n
<\/div>\n
kcactc:<\/div>\n
\nYou could create a security group and use Item Level Targeting to give access to just that group. That’s how we do most of our drive maps.<\/p>\n<\/blockquote>\n<\/aside>\n
This is exactly how we do it.<\/p>","upvoteCount":0,"datePublished":"2017-10-11T12:32:25.000Z","url":"https://community.spiceworks.com/t/map-drive-for-specific-user-with-gpo/611399/10","author":{"@type":"Person","name":"bradrussell2","url":"https://community.spiceworks.com/u/bradrussell2"}},{"@type":"Answer","text":"
Kc22:<\/p>\n
Do you mean in the common tab in the properties of the mapped drive, select Item level targeting and then add security group? Do you leave it at default of User in group (radios at bottom).<\/p>\n
Do you link the GPO to any specific OU or do you just create the GPO and use this Item Level targeting only (and does this prevent the GPO from being applied to any users not in the specific security group?)<\/p>\n
Thank you!!<\/p>","upvoteCount":0,"datePublished":"2017-10-11T12:55:28.000Z","url":"https://community.spiceworks.com/t/map-drive-for-specific-user-with-gpo/611399/11","author":{"@type":"Person","name":"robweiss2","url":"https://community.spiceworks.com/u/robweiss2"}},{"@type":"Answer","text":"
do an item level targetting<\/p>\n
I did Item level targeting in the common tab in the properties of the mapped drive, removed any links, did not select enfoce (but the GPO is enabled) and it’s still not showing up as a mapped drive, despite gpupdate 'force miultiple times, restarting, loggin off, then on…for some reason the GPO is not mapping a drive.<\/p>","upvoteCount":0,"datePublished":"2017-10-11T13:31:57.000Z","url":"https://community.spiceworks.com/t/map-drive-for-specific-user-with-gpo/611399/13","author":{"@type":"Person","name":"robweiss2","url":"https://community.spiceworks.com/u/robweiss2"}},{"@type":"Answer","text":"
Thank you. This is working as wanted now. Appreciated the assistance!<\/p>\n
-Rob<\/p>","upvoteCount":1,"datePublished":"2017-10-11T15:44:47.000Z","url":"https://community.spiceworks.com/t/map-drive-for-specific-user-with-gpo/611399/15","author":{"@type":"Person","name":"robweiss2","url":"https://community.spiceworks.com/u/robweiss2"}}]}}
robweiss2
October 11, 2017, 11:27am
1
Hello!
We have a new OU for MIS, with specific IT users in it.
I created a new GPO under this OU to map a drive, but it is mapping a drive for everyone, not just for this OU and the users within. As a test I have added myself only to the OU.
How do I make a GPO that will map a drive only for the specific users in this OU?
Any assistance greatly appreciated!
-Rob
5 Spice ups
Are there any OU’s within this target OU that would inherit the GPO settings?
Was this previously applied to another OU containing all users (perhaps during testing or setup?) It may need to be deleted from them if so.
If you want to target specific users in an OU you could use security filtering , but first i’d triple check how you’ve linked the GPO.
Hope this helps!
rstaples
October 11, 2017, 11:37am
3
I usually create a container and keep all of my GPOs in one container then link them to specific OUs. It helps me find them quickly. In the management console, you can see where the GPO is linked. Even though you created it in a certain OU, you can link it to other OUs. You might consider disabling the GPO until you found the issue then re-enable to test.
rockn
October 11, 2017, 11:44am
4
No sense keeping another container for policies as they already reside in a Group Policy Objects container by default.
I am assuming the OP is applying this policy in the default domain policy if it is applying to everyone.
1 Spice up
rbleattler
October 11, 2017, 11:49am
5
If you’re mapping a drive, you can further specify groups/OU in the configuration for the drive map. Take a deeper look through the settings for that particular part of the policy. I’m not in front of a computer right now to be able to give a solid direct explanation.
robweiss2
October 11, 2017, 12:05pm
6
Initially I made the GPO amongst the others in the forest (under .local), but the mapped drive showed up for everyone.
So I deleted that GPO and created a new one under a new MIS OU, which linked it to this OU automatically, and then in ADUC, in Security for this OU, I removed inheritance and I placed only myself with Full control, and SYSTEM remained after removing inheritance). The mapped drive still shows up for everyone, unless they disconnect it manually, then it doesn’t re-appear.
The GPO was created in User Configuration>>>Preferences>>>Windows Settings>>>Drive Maps I am not seeing any place where I can specify users that this should apply to only. I am not a GPO expert (obvs) and just want a handful of people for this mapped drive to show up and reconnect at login.
Thank you!
It sounds to me like the original policy has set up the drive, and then deleting the GPO hasn’t deleted the drive from there machine. I’d recommend setting up a new policy to delete that drive for everyone, then use your new policy and don’t link it to any OU until you’re happy with it, before then applying it only to MIS OU.
To clarify, where i say “before then applying it only to MIS OU” i mean link, not apply.
You could create a security group and use Item Level Targeting to give access to just that group. That’s how we do most of our drive maps.
1 Spice up
This is exactly how we do it.
robweiss2
October 11, 2017, 12:55pm
11
Kc22:
Do you mean in the common tab in the properties of the mapped drive, select Item level targeting and then add security group? Do you leave it at default of User in group (radios at bottom).
Do you link the GPO to any specific OU or do you just create the GPO and use this Item Level targeting only (and does this prevent the GPO from being applied to any users not in the specific security group?)
Thank you!!
jitensh
October 11, 2017, 1:23pm
12
do an item level targetting
robweiss2
October 11, 2017, 1:31pm
13
I did Item level targeting in the common tab in the properties of the mapped drive, removed any links, did not select enfoce (but the GPO is enabled) and it’s still not showing up as a mapped drive, despite gpupdate 'force miultiple times, restarting, loggin off, then on…for some reason the GPO is not mapping a drive.
Yes, leave it as User in group. Make sure that “run in logged-in user’s security context” is checked. Make sure action is Update. Also, under Scope, link the GPO to an OU and Authenticated Users should be in the Security filtering.
@robweiss2
robweiss2
October 11, 2017, 3:44pm
15
Thank you. This is working as wanted now. Appreciated the assistance!
-Rob
1 Spice up
