In this guide, I’ll show you step by step instructions on how to map network drives with Group Policy.

If you’re still using login scripts then it’s time to switch to Group Policy.

Mapping drives with group policy is very easy and requires no scripting experience.

Bonus: It can actually speed up the user logon process.

I’ll show you two examples, the first one is mapping a drive for a department, the second will map a drive for individual users.

In addition, I will use item level targeting to map drives based on specific conditions like group membership, OU, operating system, etc.

Logon Scripts VS Group Policy

The ability to map a network drive with Group Policy was introduced in Server 2008.

Logon scripts are a thing of the past.

Logon scripts can actually slow computers down. Yes, group policy is faster.

Unless you have some crazy complex script that does something that Group Policy cannot do then there is no reason not to use it.

Mapping Drives with Group Policy has the following advantages:

  • It’s much easier than logon scripts. Checkboxes and drop down lists, no need to understand scripting
  • It’s scalable, as big as your Active Directory will grow logon scripts will scale no problem.
  • It’s very flexible. With item level targeting you can target groups, users, OUs, operating systems and so on.
  • It’s easy

Now let’s move onto some examples of mapping drives with group policy.

Example 1: Map a Department Network Drive Using Group Policy

In this example, I’m going to map a network drive for the HR department. I’ll use item level targeting so it only maps this drive for users in the HR organizational unit.

You could also use a Security Group to target a specific group of users. This will map to a network share that only the HR department has access to.

Step 1: Create & Link a new GPO

1. Open the Group Policy Management Console

2. In the Group Policy Management Console, Right Click and Select “Create a GPO in this domain, and Link it here”

TIP: This will be a user based GPO so make sure you link the GPO to a location that will target the users.  I have all of my users separated into an OU called ADPRO Users, I’ll create and link the GPO there.

3. Name the new GPO

You can name the new GPO whatever you like, I’ve named mine “Users – Mapped Drives

I can later add additional drive mappings to this GPO.

The new GPO is now created and linked, now it’s time to configure the settings.

Step 2: Configure GPO Settings

1. On the GPO right click and select edit

2. Navigate to User Configuration -> Preferences -> Windows Settings -> Drive Mappings

3. Right Click Drive Mappings, Select New – > Mapped Drive

4. Configure Drive Mapping Properties

General Tab Settings

  • In location put the path to the share/folder you want to map a drive to.
  • Select a drive letter
  • Choose Update for action
  • Label as: This is optional but may be beneficial for users.

Common Tab Settings

Select “Run in logged on users’s security context

Select Item-level Targeting

Click the Targeting Button

Select New Item

Select Organization Unit then select the OU you want to target

Click OK, Click OK again to close the new drive properties

This completes the GPO settings

Step 3: Reboot Computers to Process GPO

For the GPO to run I will need to reboot the users PC or run gpupdate /force. The next time a user from the HR department logs in they should see a mapped drive.

I’ve rebooted the computer, now I’ll log in with an account that is in the HR organizational unit.

Once logged I will go to file explorer and check for the mapped drive.

It works.

Now, any user I put in the HR folder will get this mapped drive. If you don’t want to use an OU you can also target a group of users by using a Security group.

Example 2: Using Group Policy to Map a Drive for Individual Users

This example will map a drive for individual users. This will give the users their own personal folder to save files.

You can create a new GPO or add to your existing one, I have all my drive mappings in one GPO.

This example requires a folder be setup on a network share that matches the user’s logon name. You will want to modify the NTFS permissions so the individual user is the only one that has permissions to it.

I’ll be using Mark Foster as an example, the logon name is mfoster so I’ll need a folder setup on a network share called mfoster.

I’m not going to repeat every step, I’m basically starting at Step 3 from the first example.

Step 1: Create a New Drive Mapped drive

Here are the drive map settings for mapping a drive for an individual user

The %UserName% is a variable that will match the user’s logon name.

Just to be clear you must have folders setup on a network share that matches the location and users logon name.

My file server is file1, the share is users and in the user’s folder is a folder for each user. Screenshot below of users folder on file1 server.

That is it.

Just have the user log off and back on and it should map the M drive

Perfect! Now the user is mapping a department drive and a personal drive.

Final Thoughts

As you can see mapping drives with group policy is very easy. It doesn’t require any scripting experience, it’s just a matter of a few clicks and selecting your desired settings.

If your still using logon scripts follow the steps in this guide and replace them with Group Policy. The biggest challenge is just finding the time to switch them over.

Now it’s time to switch over those logon scripts.

Recommended Tool: SolarWinds Server & Application Monitor

This utility was designed to Monitor Active Directory and other critical services like DNS & DHCP. It will quickly spot domain controller issues, prevent replication failures, track failed logon attempts and much more.

What I like best about SAM is it’s easy to use dashboard and alerting features. It also has the ability to monitor virtual machines and storage.

Download Your Free Trial Here


  1. Basim on August 28, 2018 at 1:36 pm

    my %username% varaible is not working on the server maping drive . like you did in the screenshot you send to me .

    • Robert Allen on August 28, 2018 at 5:32 pm

      What OS version is the server running? Can you log into the server, open up command prompt and type

      echo %username%

      Does it return the username?

  2. Sam Erde on October 29, 2018 at 4:04 pm

    The variable that you can use in GP Preferences is %LogonUser%. There’s a great shortcut that you may want to use while editing GP Preferences: press F3 to show a list of all usable variables.

    • Robert Allen on November 2, 2018 at 11:23 am

      Sam, thanks for info. I did not know about the f3 option.

  3. Ben J on March 8, 2019 at 5:09 pm

    Can you explain why you chose the update option, instead of Create?

    • Robert Allen on March 8, 2019 at 8:16 pm

      Update will create the object if it doesn’t exist, it also allows the object to be updated later if I change it. So it works like create plus allows updates. Using the create option does not allow updating the same object.

      When using group policy preferences I almost always use the update option.

  4. Ben Okusogu on March 28, 2019 at 7:55 pm

    Can I re-use a drive letter if I am targeting a different OU or Security group? For instance, I use “S:” to map one shared folder to users in one OU and use the same letter “S” to assign to another resource targeting a Security group.

    • Robert Allen on March 29, 2019 at 12:04 am

      Ben, yes you can do that. I use the same drive letter for each department and target the OU.

  5. Suresh Bhutani on April 17, 2019 at 4:31 am

    Great Article. Helped a lot

  6. Murbot on June 7, 2019 at 3:11 pm

    How can this be leveraged to handle individuals with different mappings within an office?

    We’re moving away from login scripts to GPO mappings, but over the decades many staff have been given individual login scripts to sub-folders on their own or other office’s home drives. Say someone in Budget needs a mapping to Research’s home drive or a sub-folder therein. They currently have scripts for each office, then those scripts were copied and renamed for individuals with extra and specific mappings. Frustrating that it was permitted in the first place.

    • Robert Allen on June 12, 2019 at 12:02 pm

      You can use targeting for this. You could map a drive to a group of users based on OU, security group, site, operating system and so on. For example all users in marketing map an N drive but say you have 5 people in marketing that need to map another drive to another location. You can create a security group put these 5 users in it and create a new drive mapping policy that targets the security group. Then only members of this group will get this drive. Hope that helps.

  7. cookiegal on June 28, 2019 at 9:19 am

    I love to use the %UserName% method. However my mapped drives was shown all over in my server directory when user run “\\servername” . Is there anyway that we can stop it listing in the directory? As we have over 200 users, and its listing alot of folders in a sense

    • Robert Allen on July 3, 2019 at 11:02 am

      You will need to modify the ntfs permissions for each folder and only give the individual user access to it.

    • Alexandr Semyonov on March 15, 2020 at 7:31 pm

      \\servername\%UserName%$ may work
      Adding $ to shared folder name will make it hidden

  8. Karim on July 9, 2019 at 7:31 pm

    I use scripts to map network drives but now since we added another location, I’m looking into mapping drives based on the domain site location. Is this possible?

    for example, if I’m in location 1, I would have the A drive. then if I travel to location 2, the A drive would be gone and I only see drive B.


    • Robert Allen on July 12, 2019 at 1:25 pm

      Assuming location a and location b are on different networks you could use item level targeting and map a drive based on IP address?

      Why not always map them?

  9. JamesS on December 11, 2019 at 8:14 pm

    OK, what am I missing? I followed the steps to the letter and when I run gpupdate /force on my computer the drive gets mounted for me. BUT I am not in the Local Security Group I used/wanted to get the drive?

    • Robert Allen on December 26, 2019 at 2:33 pm

      If the user is in the OU that was used for item level targeting then it will get mapped. If you set the shared and NTFS permissions up the user should not have access but would still map the drive.

      If you don’t want the drive to map for a user then change the settings in the item level targeting.

  10. Ray Drummond on May 21, 2020 at 3:13 pm

    This article is exactly what I was looking for to get info about doing this.

    I did have a question regarding scalability. My enterprise has about 2000 shares that I will eventually be managing. I currently have about 1000. We have had other misc issues with group policy mainly due to mismatched AD configurations since we had mergers and acquisitions going on but no one dedicated to figuring it out until now.

    I wanted to know if there was any threshold concerns with how many shortcuts one GPO manages. My thought was to create a separate policy for each of our locations that have around 10-15 departmental shares to be managed and use item level targeting as we use their computer names to help identify departments for support.

    I was also thinking about that from a troubleshooting perspective. If I have one policy with 1000 shortcuts in it and there’s a typo, it’ll be a bear to find.

    • Robert Allen on May 22, 2020 at 3:18 pm

      That is an insane amount of shares and a security nightmare. I’ve never done a GPO with that many shares, I would expect that to cause issues or really slow down computers. If it was me I would try to reduce the number of shares, I typically setup only one share per department, then use security permissions to lock it down further if needed. Make sure your not using the everyone group to apply share or security permissions.

      Each department can have different subfolders but the only shared folder is the root department folder.

      HR <-- shared folder -Users -User1 -User2 -Dept -Subfolder1 -Subfolder2 -Training -Policy -Vacation Sales <-- shared folder -Users -Users1 -Dept -subfolder1 -Videos -Training

    • DaveMac on June 13, 2020 at 5:15 am

      We have thousands of project shares across multiple sites. We use shortcuts for each share. The security ACL on each shortcut is the same as the security ACL on each NTFS folder system. We place ALL shortcuts on a network share in each site. At user logon (user security context) the process just copies ALL shortcuts *.* to the users home drive H:\My Project Shares. The user only get’s the shortcuts depending on their AD Group Membership. Some users only have 2-3 shortcuts whilst others have more. No one ever gets above 20 shortcuts but there is no limit. The folder H:\My Project Shares only has 1 shortcut placed on the users desktop to keep it visually tidy & efficient.

  11. Anu Skariah on June 17, 2020 at 2:14 pm

    Thank you so very much for making document so easy to follow and everything worked great during my migration. Thanks Again.

Leave a Comment