3

The shares at my company are becoming unwieldy and we have now officially ran out of letters to map shares to having exhausted A, B, H-Z. Not all of our users need access to some of these shares, but there are enough people who need access to enough different shares that we can't simply recycle letters for them which are used by other shares. At this point we're going to need to start moving shares over to network locations.

Adding a network location shortcut on My Computer isn't difficult, I right click and use the Wizard, but how do I do it through Group Policy? I don't want to have to set up 100 or so computers manually

BpH
  • 41
  • 1
  • 4

2 Answers2

8

This absolutely can be done using only existing Group Policy preferences, but it's a little tedious.

Background Info

When you create a network location shortcut it actually creates three things.

  1. A read-only folder with the name of your network shortcut
  2. A target.lnk within that folder with your destination

  3. A desktop.ini file that contains the following

    [.ShellClassInfo]
CLSID2={0AFACED1-E828-11D1-9187-B532F1E9575D}
Flags=2

I found this information on this Spiceworks community forum post.

How to make it happen

I figured out how to do this from a comment in the same forum post linked above.

You need to create four settings in a group policy. All of the settings are located in the group policy editor under: User Configuration>Preferences>Windows Settings as seen in this image.

Folders Setting

Add a new folder with preference with the following settings as seen in this image.

Path: %APPDATA%\Microsoft\Windows\Network Shortcuts\SHARENAME
Read-only checked

Ini Files Settings

There are two setting that you must make in this setting, as seen in this image.

  1. Create one for the CLSID2 settings image

    File Path: %APPDATA%\Microsoft\Windows\Network Shortcuts\SHARENAME\desktop.ini
Section Name: .ShellClassInfo
Property Name: CLSID2
Property Value: {0AFACED1-E828-11D1-9187-B532F1E9575D}

  2. And another for the Flags setting image

    File Path: %APPDATA%\Microsoft\Windows\Network Shortcuts\SHARENAME\desktop.ini
Section Name: .ShellClassInfo
Property Name: Flags
Property Value: 2

Shortcuts Setting

Add a new shortcut preference with the following settings image

Name: %APPDATA%\Microsoft\Windows\Network Shortcuts\SHARENAME\target
Target type: File System Object
Location: <Specify full path>
Target path: SHARETARGET

Closing Notes

This will work to create the network location using group policy. I would recommend using item level targeting to keep all of your network locations in one group policy.

It can be a handful to manage all of these separate preferences, so I created an application to help with managing the shares, and the user security group filters. Here is my application on github, you must create the first share using the settings above, but the application can handle adding more shares, deleting shares, and updating existing shares.

Jonathan Perry
  • 141
  • 2
  • 6
  • Jonathan: Thank you for this extraordinary effort! Its really a huge disaster that Microsoft implemented drive mapping via Group Policy close to 10 years ago, but has yet to provide a way to do network shortcuts like this in a similar fashion. Kudos for attempting to rectify this with such a great little app! – peelman Feb 05 '19 at 16:37
  • @Jonathan: Thank you very much for this. While I was able to get it work, I would like to point out one issue to be aware of. While testing on client PCs, several users would report missing shortcuts. The Application event log indicates an error code 0x80070002 that the file is missing. This can happen if the user does not have permissions to the share. I was hoping that it would create the link and then prompt for credentials when used in this case, but rather permissions are required when creating the link. – Dono Mar 26 '19 at 02:55
  • @Dono all of that is handled by Windows, and there is nothing we could do about changing this. I would recommend creating an AD security group for the network share, adding all of the users that need the share to that group. Give that group permissions on the share and then use item level targeting on that group so all users in the group will get the shortcut. If someone new needs access to the group, just add them to the security group and the new shortcuts will be created on the next group policy refresh. – Jonathan Perry Mar 27 '19 at 11:40
  • @JonathanPerry Of course. I had it setup as a security group, but unknowingly was missing a few users. Until realized, it was not too immediate what the problem was, which is why I am leaving this note if others encounter similar behavior. I also applied item level targeting (as you suggested) to avoid similar issues. – Dono Mar 28 '19 at 00:14
-1

You can make a bat script which you can add to startup policy to run:

net use <driver letter> \\<servername>\<sharename> /user:<username> <password>

Example:

    @echo off
    net use w: \\server /user:Test TestPassword


And this will add on every computer a network shortcut to \\server with letter W .
And you can modify to make some this only on some computers or users. Let's say you want only on user 'MikeS' to run this command, so you put something like that:

IF %USERNAME% == 'MikeS'(
    net use w: \\server /user:Test TestPassword
)
VladutZzZ
  • 680
  • 1
  • 8
  • 27
  • 1
    This only creates a mapped drive which can be done through group policy anyway. I want to just create a network location like I can do with the Add Network Location Wizard, not mapped to any drive. – BpH Oct 14 '15 at 12:29
  • This is also an unscalable and therefore untenable solution. If you value FutureYou's time, please do not do this. – peelman Feb 05 '19 at 16:39