1

For starters, I know about net use for this, but I need a more sophisticated solution.

We have two branches, and both have a server with shared drives, both of which have are (or will have) the same information (files, installaters, etc.). It works OK; users can access it and map drives, etc.

But I'd like configure a GPO for situations where one colleague from branch 1 will be connected to network in branch 2, and have a drive auto-mapped from branch 2 instead of branch 1.

If I tell my colleague "you can find it on Store server" then he only click to mapped drive independently on branch where he is.

Server with AD: Windows 2008 R2

Clients: Windows 7, 8

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
zorbon.cz
  • 195
  • 1
  • 1
  • 6

3 Answers3

2

You want to use Group Policy Preferences Mapped Drive Items. You can use item-level targeting to map drives based on the OU of the computer, which seems like it should satisfy your requirements.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
2

If you have your branches mapped to Active Directory (AD) Sites you can link a GPO at the site with a Group Policy Preferences drive mapping preference.

The computer will automatically "detect" its Site (by way of its IP address and Subnets defined in AD) and apply whatever GPO is linked at the Site. I like this method of locating the computer on the network, physically, a lot better than @DirkTrilsbeek's suggestion because it leverages data that you're already maintaining in AD for the Site / Subnet configuration.

I prefer using the AD site over @hopelessN00b's suggestion of using the OU of the computer because, presumably, the computer object isn't moving around in AD when the computer is physically moving around the network.

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
  • Thank you (and others too) for tips. I use item-leveling with IP subnet as trigger and it is works. – zorbon.cz Oct 17 '14 at 08:16
  • And is there some option for VPN users for mounting? Because I can set mapped drive with IP range, but GPO ape applied only on login, right? But when user will be connected to VPN after login over OpenVPN client is there some option? Thanks – zorbon.cz Oct 17 '14 at 08:21
  • Many VPN clients are going to be problematic because Windows won't process Group Policy on VPN connection. If you were using Microsoft's built-in VPN client I'd recommend using the Connection Manager Administration Kit (CMAK) to execute a script automatically on VPN connection. For OpenVPN, the `--client-connect` option might just do what you're looking for. – Evan Anderson Oct 17 '14 at 08:36
  • You should give the accepted answer to @HopelessN00b-- he suggested the item-level targeting, after all. – Evan Anderson Oct 17 '14 at 08:37
1

you could create GPOs for each branch and use WMI filtering to apply the GPO only when the filter matches. A sample WMI query matching the default gateway could for instance look like this:

Select * FROM Win32_IP4RouteTable
where (Mask='0.0.0.0' and NextHop='10.100.1.1')

Use the command line tool wbemtest to test queries on your local computer to make sure you match the right subset of computers.

Dirk Trilsbeek
  • 296
  • 3
  • 6