In this tutorial, you’ll learn how to use GPO to configure personal drives that are assigned to individual users when they log on to the domain.
They may be times when you need to set up a network drive that only a specific user has access to. In this situation, the shared-folder model discussed in “How to Configure a GPO for Mapping Shared Drives” won’t be the right option.
In this situation, it’s better to configure a personal drive that is automatically mapped on the server. Not only does this ensure data confidentiality but it also ensures that if the client machine is lost or fails, the data will still be stored on the server, which itself should be backed up.
How to Configure Personal Drives Using GPO
Before you begin
To successfully complete this tutorial and configure a personal drive using GPO, you will need:
- To be registered on the Jotelulu platform and have logged in.
- To have a Windows server with AD DS Server installed.
- To have an account with administrator permissions.
- To have created the folders and permissions, with just the drive mapping remaining.
Part 1 – Creating the PowerShell Commands
In this tutorial, we will assume that the administrator has already created a shared drive with a separate folder for each user. Now, they want to map each folder so that only the user in question has access.
The first thing you’ll need to do is prepare the PowerShell commands that the GPO will run to map the personal drive(s).
As always, there are many different ways to perform tasks like this in PowerShell.
We recommend using the command “New-PSDrive”, specifying the user as an environment variable so that the system, in principle, runs it automatically to give access to any user that has an assigned drive.
New-PSDrive -Name “x” -PSProvider FileSystem -Root “UNIDAD MAPEADA” -Persist
Where “MAPPED DRIVE” is basically the mapped resource or location and should end with “$VARNAME” so that it automatically changes depending on the user that runs the script.
Here’s an example of what this might look like:
This is the smallest script that you can make, but you can add options like assigning an “if-else”, etc.
Once you have your command ready, save it as a file with the “.ps1” extension.
Part 2 – Creating the GPO
Next, launch the Group Policy Manager on AD DS Server. To do this, in Server Manager, click on the Tools menu and click on “Group Policy Management” (1).
NOTE: You can also launch this console using the command “GPMC.msc”.
In the Group Policy Manager window, right-click on the domain (2) and select the option “Create a GPO in this domain, and Link it here…” (3).
You will now see a window asking you to give the new GPO a name (4).
Back in the Group Policy Manager Console, search for the GPO that you just created, right-click on it (4) and select “Edit” (5).
At this point, you will see the GPO Editor but with no elements selected. Here, you need to choose how to implement your new GPO, and you have two options depending on whether your policy will apply to the computer or the user:
- Startup/Shutdown: To run the PowerShell script whenever the device starts up or shuts down, go to “Computer Configuration > Policies > Windows Settings > Scripts (Startup/Shutdown)”.
- Logon/Logoff: To run the PowerShell script whenever a user logs on or off, go to “User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff)”.
In this tutorial, we want to run the GPO when the user logs on, so we’ll choose the first option. To this, click on
- “User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff)” (6), right click on “Logon” (7) and then click on the “PowerShell Scripts” tab (8).
Next, click on “Add” (9), enter the folder path (10) where your script is saved and click on “OK” (11) as many times as necessary to save your selection and use the new policy.
You have now created your new policy. If it does not work at first, try logging off and logging on again, or restarting your computer to refresh the policies. Alternatively, you can always run the command “gpupdate /force” that forces the system to reload the group policies.
As you can see in this tutorial, the process to configure personal drives using GPO is really quite straightforward. This isn’t the only solution either, and there are other types of commands and you can also perform this task using the Group Policy Management Console.
If you’d like to find out more about this topic, we recommend checking out the following tutorials, where you will find additional information and some practical examples of what you can achieve with Group Policies:
- What Are GPOs and What Are They Used for
- Using GPOs to Run PowerShell Commands
- How to Configure a GPO for Mapping Shared Drives
- How to Configure a GPO for Printer Mapping
- How to Deploy a PowerShell Script Using GPO
- How to Configure Your Firewall Using GPO
- How to Hide a Disk Drive on Your Server Using the Local Policy Editor
Thanks for reading!