Does your company use network mapped drives? Do you have so many that things are getting out of hand or do you want to map your drives with more precision? I used to work for a company that almost used every letter in the alphabet. They had mapped drives E – Z and wanted more, things were truly out of hand. One of the other problems was the distributed environment, they sometimes wanted drives from other sites and locations over a WAN connection.
Security was a problem too; everyone could read, write and delete to network shares and everyone mapped every drive possible. A former Network Administrator set it up that way and I was left holding the bag (but that’s OK because I like a challenge!). It’s something I didn’t change because a massive change like that needed planning. People find data on the network and get used to their locations, had I made a sudden change it would be pulling the rug on productivity for sure. It wasn’t a priority at the time as I had bigger fish to fry and management had other plans for the data (SharePoint). The company later closed their doors (it was an Automotive company) but the memory still haunts me of all those networked drives!
There are two ways you can accomplish drive mapping with some precision. One way is by using Group Policy, creating your group, adding your users o that group, creating your logon policy, filtering the policy by the group you created thus all members of that group will execute that script via the logon policy. Anyone not in that group wont’ execute the script. This is my personally preferred method BUT there’s another way for people who already have users using a login script. I’ve used both methods in the past and both work equally well. Most companies still use a logon script located in “\\yourdomain\netlogon” folder. It’s usually a batch file and if it is you’re in luck! You can get to it by clicking “Start > Run > Type in: \\yourdomain\netlogon” > OK”.
What you can do is this…
1 – Download “IFMEMBER.EXE” from M$ —> Here and extract the file (Install it)
2 – Create security groups for your respective shares, add permissions to those shares if they don’t already exist
3 – Copy the “IFMEMBER.EXE” from “C:\Program Files\Resource Kit” to your network “\\yourdomain\netlogon”
4 – Add similar lines of code to your batch file logon script…
__________________________________________________
:: This is a comment – Beginning IFMEMBER process
REM This is another comment – which looks cleaner REM or ::?
ifmember “yourdomain\yoursecuritygroup1”
if not errorlevel 1 goto 1
net use “\\yourserver\yourfolder1”
:1
ifmember “yourdomain\yoursecuritygroup2”
if not errorlevel 1 goto 2
net use “\\yourserver\yourfolder2”
:2
end
__________________________________________________
* I had a mistake in my code, bolded above – needs to always be “errorlevel 1 goto #“, notice it’s always “errorlevel 1”
What this simply does is query if the user running the logon batch file is a member of the listed group, if they’re NOT a member it will error, i.e. “if not” then it will skip the next command “net use” and go to the error number you specify, we specified :2, and so on. This could clean up many network mapping scenarios for network administrators that aren’t too familiar with this utility.
Tip: For IFMEMBER options just type in IFMEMBER from a command prompt.
__________________________________________________
usage: ifmember [/verbose] [/list] groupname …
/verbose will print out all matches.
/list will print out all groups user is a member of.
Return Code shows number of groups this user is a member of.
Example: ifmember /v /l “MyDomain\Domain Users” Users Everyone
__________________________________________________
Lastly, another way to use the tool is to just run it against a group to see who are members of a group.
Try this one: “ifmember /list administrators”
You might turn up some surprises!