I recently had a problem which I saw as quite simple. I wanted to automatically map drives, based on user groups, when a user logged in via Remote Desktop or through the network.

One solution that I found was to use some weird configuration (I’m a complete Windows Server noob, ignore my lack of terminology) in order to allow mapping via Group Policy Manager. I hated this immediately.

My next idea was to create the maps via some code. I did some Googling. Nothing useful. After asking about and Googling some more, I have come to the conclusion that a solution is only a few lines of code away.

Introducing: Powershell Magic!

To set this up, here’s what you must do… though I can’t guarantee it’s anything but noobish and lazy.

Go to Group Policy Manager

2. Navigate to User Configuration\Windows Settings\Scripts (Logon/Logoff) and then select Logon

3. Press that lovely Show Files… button. You will then see your Logon scripts directory. Keep this open, and open Powershell ISE.

4. Continue reading.

Powershellito!

In your editor, first define a variable. I will call mine $DOMAIN_ADMINS. Assign it a value of whatever your user group name is. In my case, it’s Domain Admins.

$DOMAIN_ADMINS = "Domain Admins";

Next, you’ll want to get a collection of all the groups the user is in. Copy this mumbo-jumbo to get that ability, and paste it on the line below:

$memberOf = ([ADSISEARCHER]”samaccountname=$($env:USERNAME)”).Findone().Properties.memberof -replace ‘^CN=([^,]+).+$’,’$1'

I’ll try to explain what that does in simple terms. It gets all of the group-y information about the logged in user, and replaces CN=BLOOP with just BLOOP, placing it into a collection (or array, or something like that).

Up next is any default user mounts. On my server, I want users to have their user share automatically mounted as U:, so I will do that like so:

net use U: \\YOUR_DOMAIN_HERE\$env:USERNAME /Persistent:Yes

That line will map U: to \\YOUR_DOMAIN_HERE\bob, assuming bob logs on.

Now we mount any additional shares for groups. I only have one, so here’s what I do:

if ($memberOf -contains $DOMAIN_ADMINS)

{

net use D: \\YOUR_DOMAIN_HERE\_DomainAdmins /Persistent:Yes

}

This essentially checks if the user is in the Domain Admins group (checks the variable we set first), then it proceeds to mount it. For group shares, I use an underscore to make sure I have no username/group clashes.

To add additional group shares, simply copy the if statement and repeat it below. Be sure to add more group variables!

Here is the script in full:

$DOMAIN_ADMINS = "Domain Admins"; $memberOf = ([ADSISEARCHER]"samaccountname=$($env:USERNAME)").Findone().Properties.memberof -replace '^CN=([^,]+).+$','$1' net use U: \\YOUR_DOMAIN_HERE\$env:USERNAME /Persistent:Yes if ($memberOf -contains $DOMAIN_ADMINS)

{

net use D: \\YOUR_DOMAIN_HERE\_DomainAdmins /Persistent:Yes

}

Adding the Logon Script.

Be sure that you save that script as a .ps1 file within your Logon Scripts Directory.

Go back to Group Policy Manager, and press Add under Scripts.

Fill in the following information:

Script Name: powershell.exe

Script Parameters: -F “C:\Path\To\Logon\YourScript.ps1”

Be sure to replace those Medium quotation marks with normal ones (the ones you’d use in code).

To summarise.

Google is not always helpful.

I figured this out.

You can follow my advice, but it’s probably not very good.

Consider yourself maybe done with this brainfart or casual read.

Update: I now know how to do this properly. Update shortly.