How to Map Drive using Item Level Targeting GPO

Steps to Map Drive using Item Level Targeting GPO on Windows Server 2012 R2

As we have already learned the steps to deploy Software using Group Policy, Software restriction policy using Group Policy, Disable USB using Group Policy, etc. In this post, we’ll learn the steps to map drive using item level targeting GPO. Map drive is used to access share folder over the network. If you have created some files and folders on the Server but you want those files and folders to be accessed from any other Server then you can share the folder and map it on the client box. Different level of permissions can be deployed on the share folder e.g. you can restrict modify access or you can restrict delete access, etc.

Item level targeting is a feature in Group Policy through which we can target a group policy to be deployed on a particular set of users. In map drive using Item level targeting GPO, a Group Policy Object would be linked to an OU but the policy would only be deployed to set of users that are member of Security Group (Grp) and not to all the users that are in the Organizational Unit.

To map drive using item level targeting GPO, in this post, we created an OU named Tech and added users Tu1 and Tu2 in the OU. Moreover, we have created a grp (Grp01 in this example) and added user TU1 in the Grp01 security grp. Considering this example assume that we have TU1 and TU1 users in an OU but we only want Group Policy to be deployed on TU1 user and not all the users that are part of an OU.

In the previous posts we have discussed that group policy cannot be applied on GRP but in this example we are deploying policy on a grp. Here we are linking the Group Policy with an OU but the policy targets the grp which results in the deployment of policy on only those users that are the member of the group. To understand it better, let’s start with the steps to map drive using item level targeting GPO.

Steps to Map Drive using Item-level Targeting GPO

1. Create an OU (Tech) in AD Users and Computers and add Users into OU. As we can see that in OU Tech we have multiple users but we only want Map drive policy to be implemented on Tu01 and TU02 users.

2. For deploying the policy of map drive using Item level targeting we need to create a security group in Active Directory Users and Computers and add users in this grp to whom we want settings to be deployed. In this example, we have created a security grp named Grp01 and added users TU01 and TU02 in that grp.

3. We can verify the members of a group (Grp01) through group properties. Group properties console can be opened by right clicking on the GRP then clicking on Properties.

4. Open GPMC and right click on the OU (Tech) and then click on “Create a GPO in this domain and Link it here” to create map drive item level targeting GPO.

5. On New GPO console enter the name of the new GPO. Here, the name of the GPO is “ItemLevelTargeting“.

6. Right click on the created GPO (ItemLevelTargeting) and click on Edit to enable and edit settings of the GPO.

7. Item Level Targeting is a user based policy. On Group Policy Management Editor console expand User Configuration, then expand preferences. Under Windows Settings right click on Drive Maps then click on New then click on “Mapped Drive” to create a new drive map policy.

8. On Properties console, select “Create” for action option. Enter the UNC path of share folder which you want to map in location option. Here, the UNC path of the share folder is \\dc03\Share01. Check reconnect if you want to reconnect mapped drive after next login of the user. Enter the label name if you want to label mapped drive with any other name. Here, we enter the label name ImpDoc. We can assign a drive letter or select ”Use first available, starting at” so that first available drive letter will be selected automatically. Select “Show this drive” under Hide/Show this drive and Hide/Show all drives settings. Click on apply and then click on Ok.

9. To map drive using Item level targeting GPO, select Common tab, select “Item-level targeting” and click on “Targeting” to add target of this policy.

10. Click on New Items on Target Editor console and select Security Group to add that security group which we have created in Active Directory Users and Computers. Item level targeting can also be deployed for other options like user, site, Operating system, domain, etc.

11. On select group, console type the name of the GRP, for this example, we have already created a security group with the name of “GRP01” and click on OK.

12. Again on Targeting Editor console verify the name of the group on which the policy would deploy and click on OK. You can create multiple other combinations by clicking on “New Item“.

13. Login with the user who is a member of GRP01 group that we added in the Targeting Editor console to verify that our policy of mapping drive using Item Level Targeting GPO is deployed or not.

14. Here, we can verify that map drive using item level targeting is deployed successfully by accessing the  map drive naming ImpDoc (M:).

 

Conclusion:

To map drive using item level targeting GPO, we have created an OU and added few users in that OU, as per Group Policy preferences map drive should be deployed to all the users of that OU. But using item level targeting, we would only target some users and not all the users. Therefore, we have created a security group and added two users in that GRP. By using item level targeting, Map drive would be applicable only for those two users that are part of security group and it would not be deployed to all the users of an OU.