Microsoft’s official Group Policy blog
Too often, I ask if people are familiar with GP Preferences and get a blank stare. I will say this over and over again:
GP Preferences will dramatically reduce your logon scripts
GP Preferences has clean, easy-to-use reporting and UI
Lots of things get accomplished in scripts (mapped drives, set registry keys, managed devices, etc. ) GP Preferences can do all of that, plus you’ll be able to manage the setting in the UI, target your config with cool filtering, and use the reporting to see what you did. I’ll show you what I mean by using GP Preferences to map a drive.
Open up GPEdit for the GPO in question; click the ‘User Configuration’ folder, then click the ‘Preferences’ folder. You can see all of the user-relevant options you can set in Preferences. Find Drive Maps under ‘Windows Settings.’
Also in Windows Settings: Applications, Drive Maps, Environment, Files, Folders, Ini files, Registry, and Shortcuts.
In Control Panel settings: Data Sources, Devices, Folder Options, Internet Settings, Local Users and Groups, Network Options, Power Options, Printers, Regional Options, Scheduled Tasks, Start Menu.
Now right-click on Drive Maps and select ‘new’. You will see the dialog below: these drop down menus allow you to configure what you’ve been scripting, and more, in UI.
Here, I just filled in a couple things, the location (\\server\Users\%logonuser%) , the label (“User”), and the drive letter to use (“U:\”).
And to see what that Preference item looks like in XML, just click this icon:
I’ll go into the XML part of GP Preferences in another post.
If you’d like to target this drive mapping to be more specific, go to the Common Tab and click on ‘Item-level Targeting’. This is where you can make your targeting really granular: you have 29 different filtering options…what the computer is named, what day it is, what IP range the machine is on, what type of music the user is listening to (ok, that was a joke. I don’t know how you would do that). This also includes some old favorites (WMI Query, MSI Query, LDAP Query) along with new ones (Battery Present, Language, Operating System).
Now check it out in the reporting:
The reporting is precise, clear, and findable. That’s more than what you’d get from a logon script that mapped the same drive. I think I have proved my point. Now go – explore GP Preferences! Map drives! Create shortcuts, folders, and scheduled tasks!
Get GP Preferences (and read more) here
Get more tips on how to use GP Preferences here
Hope this helps,
Group Policy PM
PingBack from http://smbtn.wordpress.com/2009/02/12/group-policy-preferences-will-reduce-logon-scripts-mapping-drives/
Great feature. Wish I could use it. Whenever I logon wireless nothing maps.
Here's a brain teaser for the GPTeam:
Can a location (UNC) be set using both an environmental variable and a static entry?
I'll explain by example. Let's say that there are shares named %username%Folder (FredFolder, SallyFolder, EricFolder, etc.). Is there a way to set this as the location in a single GPP item for all users? I've already determined that \\server\Users\%logonuser%Folder won't work. Is there some syntax that can make this happen?
We're having a problem with the GPP for drive mapping.
1. Domain is 2k8
2. Client is XP.sp3 with CSE installed; joined to domain
3. GPP to 'CREATE' maps a drive letter to a share on a computer that is NOT on the domain, but is in a workgroup. (location: \\ip.ip.ip.ip\sharename)
4. set to reconnect
5. entered for connect as / user name: "workgroupComputer\username"
6. enter the password and confirm.
7. show this drive
GPO will map the drive, but will not apply password entered into the 'connect as' password field.
When the domain user browses to the drive letter, a prompt will appear with the username field populated correctly (workgroupComputerName\Username), but the password is never remembered. The user must manually enter the password to connect to that drive.
When GPP is set to REPLACE or UPDATE, the drive letter mapping is being deleted, not updated or replaced. REPLACE is supposed to create when it doesn't exist but it isn't.
Hey Robert -
THanks for sharing your experience, but the blog isn't really a good venue for troubleshooting. Please repost this to the Group Policy forum for a quick and detailed response:
The behavior of Drive Maps that you're seeing could be an issue of synchronous vs. asynchronously. Drive mapping does not run unless you logon synchronously. Ask for more details on the forum :)
Just curious which Resource Toolkit youve obtained your GPEDIT from. Im using the Windows 2003 Kit and I dont have the options youve listed here.
I had already pretty much exhausted myself with Google, MS white papers I could find and had just launched into usenet, when I found this closest-to-the-issue blog.
I'll pop over to your forums next.
Thank you for the pointer and... thank you for the pointer. 8)
Please include the system level information at the top of this doc. No where does it say this is for 2008 and Vista.
Policy editing for W2K8 must be performed via Vista with RSAT(Remote Server Administration Tools) installed or another W2K8 for Group Policy Preferences to be editable.
Then of course for a WXP box to be able to understand those extended GPP options, you need Client Side Extensions and XML Lite installed on it.
Here are the requirements for managing Preferences:
In the idea of setting up a GPO to map user network drives mapped as follows:
What Share and NTFS permissions are recommended for the \\fileserver\share$ folder to allow the folder to be automatically created upon logon if it does not exist?
I'd follow the NTFS ACL listings for redirected folders, found at http://technet.microsoft.com/en-us/library/cc778661(WS.10).aspx
Possibel to do this on winserver2003?
I fail to see any advantage over a logon script. It's replacing a single concise line of typing with numerous, labor-intensive GUI steps.
The settings are deeply-embedded in a complex subsystem, making it extremely hard to find or navigate-to.
With a script you can see at a glance what mappings will be created. In a large script you can use your texteditor's search function to find a particular driveletter or path.
Plus -and a VERY big plus- you can copy your script and make experimental changes. If it doesn't work-out you can put the original script back.
OTOH, make an ill-advised change here and you are basically up the creek, because you are dealing with an 'opaque' system which cannot be backed-up in any simple way.
-Explain to me, how is this better?
Hi Lilia, loved your Tech.ed session on this stuff, I think it will work a treat for us.
Wanted to share something with you that made me laugh today, we had a support call in with MS for an e-mail issue and the recommendation from MS was to add some Kix script into our logon script to set a registry value when the user logs on...... I immediately thought of your Tech.ed session - perhaps some internal education may be worth while :-)