In our Windows domain I would like to map a file server's share to drive letter whenever an authenticated user logs in to a desktop, but not when a user (any user) logs into a server. Is there a way to do this through GPO? Basically a GPO based that matches user and computer?
Asked
Active
Viewed 147 times
0
-
Why would your users be logging into servers? – joeqwerty Dec 05 '16 at 20:58
-
Administrators that manage applications do (not ADMINISTRATOR) – Roberto Dec 05 '16 at 21:00
-
I think you can apply logon scripts via GPOs, so it may be possible to create the desired mappings based on the OU rather than the user profile. – Brett Levene Dec 05 '16 at 21:49
1 Answers
1
One way to do this is to detect the operating system in the script and only map the drives if the operating system doesn't contain the word "server" in it. (Perhaps with a Powershell (gwmi win32_operatingsystem).caption.)
Another is to apply a WMI filter on the group policy object assigning the logon object. If you filter for select * from Win32_OperatingSystem where ProductType="1" this will limit the execution to client operating systems.
This WMI filter can be added where the GPO is linked.
Katherine Villyard
- 18,550
- 4
- 37
- 59