Are you setting up a new Proof of Concept 
Do you remember the old days when we used the hide drives.adm template to hide specified drives along with some kind of hide drives calculator to get the proper value ? So if we wanted to hide drives for Domain Users but not the Domain Admins, we had to create another policy to lock it up again. Those days are long gone thanks to Group Policy Preferences, for me it’s the life before and after. Get rid of all your adm templates and 30+ page vbs logon scripts once for all. This will speed up the logon time and make your administration much easier.
To leverage Group Policy Preferences (GPP) you’ll need to administrate Group Policy’s from a Windows 2008 server (just member server) or Windows 7 with RSAT. On Windows XP and Windows 2003 machines you’ll need Group Policy Preference Client Side Extensions to properly read GPP settings.
Map network drives :
Open Group Policy Management Console (GPMC) and create a new policy. Browse to User Configuration – Preferences – Windows Settings – Drive Maps
In this example we map K: to the Accounting folder for all users member of the Accounting group. It’s possible to create many rules, if member of group A or B or and so on.
Hide Drives :
In this example we hide C: for all users except for Domain Admins. When you start playing around we GPP you’ll learn how really powerful it is. I highly recommend you start following Group Policy Center for weekly tips.
So here’s what I want you to do now :
- I hope you dig it – and that you’ll love it so much that you’ll share it with others
- You should become a Fan of my FaceBook page here
If you like this post enter your information below to receive our FREE "Citrix XenApp 5.0 on Windows 2008" eBook and a 7 day eCourse with Tips & Tricks never revealed before.
{ 14 comments… read them below or add one }
Nice article. I’m always using RES PowerFuse here. A great product to manage the Workspace and for example hide drives (like in this article).
Hi Martin,
Yes I know, but Group Policy’s are for free
I’ve had problems with 2008 terminal servers in environments with 2003 AD servers… If you create the policy for a 2008 server NEVER edit it on a 2003 server and vice versa – it can corrupt the GPO, and then the fun starts.
Hi Don,
That’s correct, when you start using Group Policy Preferences you ALWAYS do GPO admin from a W2K8 server. Check out this post regarding backup : How To Backup and Restore Group Policy
Using of wrong configured GPO Mapped drives is heavy increasing the logon time.
I recommend always in addition use Security filters on the GPO to reduce the logon time for users who has nothing to do with that GPO.
Thanks Alexey, I do agree. Normally the home drive is common and the rest is based upon Item Target Leveling for the GPO Mapped Drives
Thnaks for the nice post Trond!
I have seen that you in several articles praise the Group Policy Preferences (GPP).
I agree from an administrators point of view. It’s very easy to administrate.
But what about performance in a terminal server environment? Have you read this articel?
http://bit.ly/adfVii
We have made a script that cleans “c:\programdata\microsoft\group policy\history\” on reboot, but it feels like GPP is not realy intended to be used in terminal server environments.
Thanks for your comment Erik, I haven’t read this before but it seems like this is fixed with W2K8 Service Pack 1. In terms of performance we always see faster login with GPP instead of loginscripts. The script you’re using is one way to fix this, but I personally mean that everybody with more than 4 servers should run Citrix Provisioning Services. So in a PVS environment this won’t happen since the disk is write protected.
Hi Eirik,
thank you for your post.
I created the GPO to map a drive from a Win 2008 TS and for a Win 2003 TS.
The policy is applied to the Win 2003 server but the drive never appears on user sessions.
I looked at the event viewer but found nothing.
Have you have had such issue?
Thanks
Hi Seb, try linking the GPO to the Terminal Server OU and make sure you’re using Group Policy Loopback Processing Mode – http://support.microsoft.com/kb/231287
Hi Eirik, the GPO is linked to the OU and GP loopback is enabled. actually from GPRESULT I see the policy applied, but no drives mapped. The GPO config is the same as your post, I also tried to put Create instead of Replace… but same result.
Strange, please check the event log on the Terminal Servers in question. You could also try the same policy on a Windows 7 machine just to make sure. The User Security Context is required.
Solved! The Windows 2003 Server was missing Client Side Extensions for Windows Server 2003 (KB943729).
Thank you for your time Eirik.
Sebastiano
{ 2 trackbacks }