Mapping Drives Using Preferences User Drive Maps Extension
Using the new Preferences User Drive Maps extension in domain policies, administrators can now map network drives for end users without scripts. To define a mapped drive for a user using the Preferences User Drive Maps extension in a domain policy, perform the following steps:
- Log on to a designated Windows Server 2008 R2 administrative server.
- If necessary, install the Group Policy Management Console on the system, as detailed previously in this tutorial.
- After the tools are installed, click Start, click All Programs, click Administrative Tools, and select Group Policy Management.
- Add the necessary domains to the GPMC, as required.
- Expand the Domains node to reveal the Group Policy Objects container.
- Create a new GPO called UserDriveMapGPO.
- Open the GPO for editing and, in the Group Policy Management Editor window, select and expand the User Configuration node in the tree pane.
- In the tree pane, expand the Preferences node and the Windows Settings node.
- Select the Drive Maps preference setting, right-click the setting and select New - Mapped Drive.
- When the New Drive Properties window opens, select the Replace action from Actions pull-down menu.
- Type in the location of the network share that will be mapped to a drive letter with this setting. For this example, we will use \\companyabc.com\UserFolders\Sales.
- In the Drive Letter section, select the Use option button and select the desired drive letter by choosing it from the pull-down menu. For this example, select the S drive.
- Check the Reconnect check box to reconnect the Drive Map, enter the Label as Sales, and click OK to complete the creation of the Drive Map setting item.
- Close the Group Policy Management Editor.
- In the Group Policy Management Console, link the GPO to the desired domain, site, or organizational unit that contains a user account for testing.
- Test the new policy and when the policy delivers the desired results, create the necessary GPO links from the administrative server, close the Group Policy Management Console window, and log off of the server.
Configuring Preference Item-Level Targeting
There are many instances in group policy deployments when an administrator desires to apply a particular preference setting to only a subset of computers or users. When this is the case, Preference Item-Level Targeting can be used. For example, a Group Policy administrator can create a single domain policy named UserDriveMapGPO and leave the policy filtering set to authenticated users, and it can be linked to the domain. In this case, if a Drive Map preference is defined, all users in the domain will map the same drive. Now within this single policy, several Drive Maps can be created but each Drive Map can be applied to only specified users or security groups using item-level targeting with the Drive Map preference options. The following steps detail segmenting the application of a Drive Map setting to a security group using item-level targeting:
- Log on to a designated Windows Server 2008 R2 administrative server used to create the UserDriveMapGPO, as detailed in the previous section.
- Click Start, All Programs, Administrative Tools, and select Group Policy Management.
- Add the necessary domains to the GPMC, as required.
- Expand the Domains node to reveal the Group Policy Objects container.
- Select the UserDriveMapGPO and open it for editing.
- In the Group Policy Management Editor window, select and expand the User Configuration node in the tree pane, and expand the Preferences node and Windows Settings node.
- Select the Drive Maps preference setting in the tree pane and locate the S drive map in the Settings pane that was previously created.
- Right-click the S drive map and select Properties.
- Select the Common tab and check the Item-Level Targeting check box.
- Click the Targeting button to open the Targeting Editor.
- In the Targeting Editor window, click the arrow in the New Item pull-down menu to reveal each of the different options that can be used for item-level targeting and select Security Group.
- When the security group item is added to the window, click the "..." button to locate and add a security group from the domain; for this example, it is the companyabc\sales security group.
- Click OK when completed and close the Group Policy Management Editor.
- Test the application of the policy on a test system with a test user account in the sales group to verify that the desired functionality is being delivered.
Configuring Remote Desktop and Remote Administration Support
A common Group Policy request from IT administrators who need to support Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 systems with the Windows Firewall enabled is to allow for remote administration. Group Policy can manage this task with minimal configuration. To enable Remote Desktop on Windows XP, Windows 2003, Windows Vista, or Windows Server 2008 systems, enable the Allow Users to Connect Remotely Using Remote Desktop Services setting. This setting is located in Computer Configuration\Policies\ Administrative Templates\Windows Components\Remote Desktop Session Host\ Connections node. When this GPO is saved and linked to a GPO with computers in it, all the computers will have Remote Desktop enabled. By default, only members of the Administrators group will be able to connect using Remote Desktop. If this needs to be changed, additional users can be added to the local Remote Desktop Users group.
After Remote Desktop is enabled on a system, the firewall exceptions still need to be configured-otherwise, Remote Desktop is not possible. Remote Desktop is a built-in exception in the Windows XP, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 basic firewall. In addition, remote administration is a built-in exception; to configure these exceptions, see the following section, "Configuring Basic Firewall Settings with Group Policy."
In this tutorial:
- Group Policy Management for Network Client
- Windows Group Policies
- Domain Group Policies
- Group Policy Feature Set
- User Configuration Policy Node
- Planning Workgroup and Standalone Local Group Policy Configuration
- Planning Domain Group Policy Objects
- Domain GPOs
- Active Directory Site GPOs
- Managing Computers with Domain Policies
- Managing User Account Control Settings
- Creating a Software Restriction Policy
- Creating Application Control Policies (AppLocker)
- Deploying Printers Windows Server 2008
- Mapping Drives Using Preferences User Drive Maps Extension
- Configuring Basic Firewall Settings with Group Policy
- Configuring Windows Update Settings
- Configuring Power Options Using Domain Policies
- Managing Users with Policies
- Configuring Folder Redirection
- Removable Storage Access
- Managing Active Directory with Policies
- Configuring Restricted Groups for Domain Security Groups
- Extending Group Policy Functionality
- Synchronous Foreground Refresh
- GPO Modeling and GPO Results in the GPMC
- Managing Group Policy from Administrative or Remote Workstations