Domains and mapped drives

ajf

ajf

ajf

Soldato
Joined
30 Oct 2006
Posts
3,067
Location
Worcestershire, UK
Running a 2008r2 based domain.
All users have login scripts on their accounts that map various drives and it has got a bit messy.

The main problem we have that has been asked to be sorted is that the letters are not standardised from user to the next.

So Drive T in one department points to a completely different location to Drive T in another.

What is the best way to start looking at this?
One reason I was given was if there was a standard drive mapping and then just directory permissions users would still see folders they had no access to, causing confusion.

I used to work with Novell and I seem to remember that it only ever showed the user what they had access to.

Is it possible to do this with Windows?

I have also read various articles arguing that mapped drives are now out dated, but what alternatives are there -without spending money on different infrastructure?
 
what i do is use the very good gpo's.

these can be created in the gpo manager on the server manager on the DC.

You assign a gpo to a AD ou and anyone in that ou gets that assigned gpo applied to them.

then you can get shot of the login scripts completely and mange everything from one place.

If you do change the drive letters to make it more standard, be aware of shortcuts people will have created, as these will point to the wrong location.

If they have these shortcuts on the desktop you might see a slow down in log in time and windows has a habit of trying to connect these shortcuts BEFORE loading the desktop.
 
Are your clients XP or Windows 7?

I would suggest you use Group Policy Preferences (built in to 2008 R2 and natively supported on vista/7 but add-on needed for XP). It gets rid of login scripts. If you dont want to create a GPO for every group of people, you can use one GPO and use filters to assign different maps based on their AD group membership or OU
 
Terrier_Jimlad said:
Are your clients XP or Windows 7?

I would suggest you use Group Policy Preferences (built in to 2008 R2 and natively supported on vista/7 but add-on needed for XP). It gets rid of login scripts. If you dont want to create a GPO for every group of people, you can use one GPO and use filters to assign different maps based on their AD group membership or OU
Click to expand...

Sorry to "hijack" your thread ajf. I also the same problem :D

Can this be done in a 2003 R2 domain too or at least something similar?
 
I think you can bodge it to work, but you have to push out the extensions to all XP clients, and also you need to create the GPO on a Windows 7 or 2008 machine or the Preferences bit doesnt show up in GPEDIT if i remember correctly.

On 2003, best just having a single GPO per AD group or OU, and have a logon script (VBS not Batch file) to map the drive for you.
 
What we used was a domain login scriipt using a batch file that called a kix script.

We used this to map printers, drives etc, and can all be done on group membership as well.

So we had a P: drive that mapped to \\FS1\Users for one group then \\FS2\Users for another group.

And as its in the login script didn't need any extensions pushed out, this was from a Win 2k3 R2 domain

Kimbie
 
ajf said:
One reason I was given was if there was a standard drive mapping and then just directory permissions users would still see folders they had no access to, causing confusion.

I used to work with Novell and I seem to remember that it only ever showed the user what they had access to.

Is it possible to do this with Windows?
Click to expand...

This was true of Vanilla Windows 2003 and before, but with SP1 ABE (Access Based Enumeration) was introduced that fixes exactly that - switch it on and you can't see folders you have no access to.
I Just migrated all our file shares from Netware to Windows and yes, Netware shares do exactly that. Don't get me started on setting up subfolder permissions in Windows.....
There is no technical reason all the shares can't reside on the same drive and simplify your life enormously, it really depends on organisational resistance in getting to that point.

I personally think this is the better way to go, even with Group Policy Preferences you'll still be dealing with a tangled nest of drive letters.
 
Access Based Enumeration is your friend for things like this. Create a single share and move the existing ones into it that need to have the same drive letter & share path. Turn ABE on on the share and control who sees what via ntfs permissions. Simple.
 
Thank you for the help and advice.
I will look into the ABE option and hopefully try it out.

It won't be something done quickly though!
 
You must log in or register to reply here.
Back
Top Bottom