One of the cool things I like about our Group Policy Automation Engine product is the scenarios that it’s open up by providing what is essentially an automation portal into GPOs. One of those key scenarios is the ability to automate additions and changes to Group Policy Preferences Drive Mappings, which is used by organizations large and small to map user drives at logon, and is largely replacing traditional logon scripts that used to provide that functionality, as shown below:
GP Preferences also supports “Item-level targeting”–which is the ability to target individual settings, like drive mappings, using a variety of criteria, from group membership, to IP address range, to disk space availlable–in fact, up to 24 different criteria. And, GP Automation Engine (GPAE) supports all of them. Let’s look at how this works. The following script leverages the GPAE and PowerShell to map 4 drives to 4 different shares, each one permissioned to a different user group using GP Preferences Item-Level Targeting. To make it more interesting, I pass the drive letters, share names and group names to the script using a CSV file, as shown here, and the import-csv PowerShell cmdlet:
Now here’s the script that used to create the drive mappings–as shown in the PowerGUI script editor:
The main work of this script is a function called MapDrives that uses the GPAE get-sdmgpobject cmdlet to create the new drive mapping and attach a security group-based item-level target to each mapping. Cool!
Just to show how easy it is to run this script, I recorded the attached video that let’s you watch the script running, and see the results in GPMC! Note that even though my video sample only includes one GPO and 4 drive mappings, I could just as easily populate 200 drive mappings across 50 GPOs if I wanted to, all within the same script.
Another scenario that the GPAE enables is the ability to update existing drive mappings. So for example, if a file server name is changing and I need to update 50 drive mappings with the new name, GPAE can handle that as well, simply by modifying the Location property on existing drive mappings. And of course, GPAE works across not only all the various GP Preferences areas, but also against “traditional” GP policy areas like Software Installation, Administrative Templates, Folder Redirection, Security policy, etc.
For more information and to get a evaluation of the GPAE, visit the product site at www.sdmsoftware.com/products.