Dynamic drive maps with Group Policy Preferences
Yeah I know that cloud is the way to go and that everyone should use OneDrive and Teams instead of old style SMB drives. BUT…if you still need to do some dynamic drive mapping e.g. based on a user’s Active Directory group membership or the existence of a server or share, read on.
To map a drive with Group Policy Preferences (GPP) you can use the setting shown below in a GPO of your choice. Just make sure that the GPO is linked to an OU where the USER account is located either directly or to an OU higher in the AD hierarchy (inheritance). You could enable “Configure user Group Policy loopback processing mode” in Merge or Replace mode instead and just link the GPO to a computer OU. Drive mapping is obviously a user setting and will only be applied if and when a user logs on (or signs in as it is called these days) to the PC.
In the example above, a static share name is mapped to a drive letter. But instead you could use an environment variable by enclosing the variable name in percentage charachters e.g. “%variable%” as shown below. Both the UNC path and the label can be named dynamically in this way.
This way you can dynamically map drives with a condition that effectively checks if the share exists. If the share doesn’t exist, the setting will just be skipped and the next drive map will be processed.
And that’s not all. You can use environment variables in item-level targeting settings as well. In the example below, I have created a condition that a specific environment variable must have a specific value. Similarly, environment variables can be used in other conditions e.g. User or Computer group membership.
But wait…there’s more! You can even create item-level targeting conditions that check whether a server exists in Active Directory. The LDAP query filter shown below includes an environment variable as part of the server name:
(&(objectCategory=computer)(objectClass=computer)(cn=servername%testvar%))
At this point you’re maybe wondering how to create custom environment variables on a PC in order to extend the usefulness of dynamic drive maps. So here is a small PowerShell script, which can be run during a ConfigMgr OSD task sequence. The script collects the corresponding machine variables from ConfigMgr and then writes them as local environment variables.
1 2 3 4 5 6 7 8 9 10 11 |
$listofvariables = @("DEPARTMENT","REGION","LANGUAGE","SOMESERVER","SOMEVARIABLE") $tasksequenceenv = New-Object -COMObject Microsoft.SMS.TSEnvironment foreach ($variable in $listofvariables ) { try { $envvalue = $tasksequenceenv.Value($variable) } catch { return "$($_.Exception.Message)" } if ($envvalue){ [Environment]::SetEnvironmentVariable($variable, $envvalue, "Machine") } else { [Environment]::SetEnvironmentVariable($variable , "UNKNOWN", "Machine") } } |
Hopefully this will help you out or at least inspire you to use drive mappings in a more dynamic way. Enjoy!