Best Practices: Drive Mapping



  • Drive mapping isn't difficult to do. But it should not be a chore to manage. I don't believe that there should be or even needs to be more than just a few scripts needed for log in. Using Net Use is pretty straight forward. But I am now searching for a better and practical way to manage both folder security and drive mapping. One that reduces human error (mine) and time needed to implement.

    Right now I have a few scripts at a clients, and I've sorted out the shares and drive assignments desired.

    :: Disconnect shares
    net use n: /delete
    net use m: /delete
    net use p: /delete
    net use q: /delete
    net use s: /delete
    net use x: /delete
    net use y: /delete
    net use z: /delete
    ::Connect required shares
    ::Uncomment as needed 
    net use n: \\dc1\share1
    net use x: \\dc1\share2
    net use z: \\dc1\share3
    ::net use y: \\dc1\share4
    net use s: \\dc1\share5
    ::net use q: \\dc1\share6
    


  • Will be keeping an eye on this, as we need to change our ways. Also i'm sure i've seen @scottalanmiller mention mapped drives is not the way to go any more. So will be nice to see what people suggest.



  • @hobbit666 said:

    Will be keeping an eye on this, as we need to change our ways. Also i'm sure i've seen @scottalanmiller mention mapped drives is not the way to go any more. So will be nice to see what people suggest.

    It's true, I am very much of the opinion that while drive mapping is mostly a necessary evil at this point and can be widely eliminated with good planning and modern changes. No silver bullet to fix things overnight, most places need a long term migration and planning strategy to get off of them. But the time to evacuate them is now, before investing more and more in technical debt and exposing ourselves more and more to malware designed to leverage this architecture.



  • Why not map those through the use of GPOs?

    As for permissions, if you use groups on the folders, then adding new people to those groups should work for that.


  • Banned

    @gjacobse said:

    Drive mapping isn't difficult to do. But it should not be a chore to manage. I don't believe that there should be or even needs to be more than just a few scripts needed for log in. Using Net Use is pretty straight forward. But I am now searching for a better and practical way to manage both folder security and drive mapping. One that reduces human error (mine) and time needed to implement.

    Right now I have a few scripts at a clients, and I've sorted out the shares and drive assignments desired.

    :: Disconnect shares
    net use n: /delete
    net use m: /delete
    net use p: /delete
    net use q: /delete
    net use s: /delete
    net use x: /delete
    net use y: /delete
    net use z: /delete
    ::Connect required shares
    ::Uncomment as needed 
    net use n: \\dc1\share1
    net use x: \\dc1\share2
    net use z: \\dc1\share3
    ::net use y: \\dc1\share4
    net use s: \\dc1\share5
    ::net use q: \\dc1\share6
    

    Why are you using a Script when you can use GPP mapped drives? with item level targeted to apply it to the same group that gives them security access.. So it's one action.



  • Group Policy is definitely the way I'd go too, if it is available.



  • We just moved to group police for drive mappings. Took some trial and error to get it working the way we wanted but we got it.

    I've never used SharePoint but I'm guessing that something like that could replace the need of mapped drives.



  • I'm starting to test out sharepoint as well... Its taking a while to wrap my arms around it since it can do so many different things.


  • Banned

    @lhatsynot said:

    I've never used SharePoint but I'm guessing that something like that could replace the need of mapped drives.

    We have sharepoint it kinda sucks.



  • one of the main problem with Drive Mapping is Cryptowall.

    Two months ago an user get this virus and encrypt all his 4 drives Mapping,fortunately I could recover all the files.



  • @iroal said:

    one of the main problem with Drive Mapping is Cryptowall.

    Two months ago an user get this virus and encrypt all his 4 drives Mapping,fortunately I could recover all the files.

    Crypto-variants are a concern.. but if you need to have mapped drives,..



  • @scottalanmiller said:

    Group Policy is definitely the way I'd go too, if it is available.

    I can't say I dis/agree with you there. You set it up and deal out as needed.

    But - and maybe inexperience here,.. but not have much success with enabling this. as I seemingly get the GPP incorrect.... which then causes issues with the client...


  • Banned

    @gjacobse said:

    @scottalanmiller said:

    But - and maybe inexperience here,.. but not have much success with enabling this. as I seemingly get the GPP incorrect.... which then causes issues with the client...

    It's a pretty simple GPO it applies to users not computers.



  • @gjacobse said:

    @iroal said:

    one of the main problem with Drive Mapping is Cryptowall.

    Two months ago an user get this virus and encrypt all his 4 drives Mapping,fortunately I could recover all the files.

    Crypto-variants are a concern.. but if you need to have mapped drives,..

    That's the question that needs to be asked. Do they need mapped drives?



  • @scottalanmiller said:

    @gjacobse said:

    @iroal said:

    one of the main problem with Drive Mapping is Cryptowall.

    Two months ago an user get this virus and encrypt all his 4 drives Mapping,fortunately I could recover all the files.

    Crypto-variants are a concern.. but if you need to have mapped drives,..

    That's the question that needs to be asked. Do they need mapped drives?

    I thought the newer crypto variants would actively scan the network?



  • @scottalanmiller said:

    That's the question that needs to be asked. Do they need mapped drives?

    Yes, they have client files on the network ..

    \Server\share\clients\clientname~



  • @dafyre said:

    @scottalanmiller said:

    @gjacobse said:

    @iroal said:

    one of the main problem with Drive Mapping is Cryptowall.

    Two months ago an user get this virus and encrypt all his 4 drives Mapping,fortunately I could recover all the files.

    Crypto-variants are a concern.. but if you need to have mapped drives,..

    That's the question that needs to be asked. Do they need mapped drives?

    I thought the newer crypto variants would actively scan the network?

    Not just mapped drives, but SMB shares themselves.



  • @gjacobse said:

    @scottalanmiller said:

    That's the question that needs to be asked. Do they need mapped drives?

    Yes, they have client files on the network ..

    \Server\share\clients\clientname~

    You've answered that they have SMB shares, but not if they need them. Is it just there because "that's how it has always been done" or is there an actual functional reason for it?



  • @scottalanmiller said:

    @gjacobse said:

    @scottalanmiller said:

    That's the question that needs to be asked. Do they need mapped drives?

    Yes, they have client files on the network ..

    \Server\share\clients\clientname~

    You've answered that they have SMB shares, but not if they need them. Is it just there because "that's how it has always been done" or is there an actual functional reason for it?

    This seems like an odd question. Not say it's not a good one - it just feels odd to me.

    And sadly I can't come up with a better way to perhaps ask it. But I'll try.

    As Scott mentioned, do you need SMB shares? Could you instead get away with SharePoint (free version) or OwnCloud, etc.

    For me, with our current Faxing solution, I need an SMB share for faxing, but I could set that share up as read only for users and read/write for a user I assign to the fax machine. Then as the admin, I can clean out the folder when needed.

    All other files of our could be saved in OwnCloud or Sharepoint.

    Question: Anyone using SP or OC - can you create links between documents in either/both of these solutions?



  • @scottalanmiller said:

    That's the question that needs to be asked. Do they need mapped drives?

    A resounding maybe

    They have files that could be on Sharepoint... Though they are likely to balk at the idea.

    They have files that (as far as I know) simply can't ... they are Quickbook client files.

    They owner refuses to use Outlook,.. and mail is via Google for all staff... so there is that issue too.



  • @gjacobse The owner refuses to use anything Microsoft period. He uses office because QuickBooks requires it.


  • Banned

    Ugh Quickbooks...



  • @gjacobse said:

    They owner refuses to use Outlook,.. and mail is via Google for all staff... so there is that issue too.

    How is this an issue? Heck, ask him to fully commit to Google - you could go all the way to Google Docs - or you could simply use Google Drive with the Google Drive add-in for Office.

    Sure, Quickbooks can't work with that, but hopefully that is a smaller group to worry about.



  • @Minion-Queen said:

    @gjacobse The owner refuses to use anything Microsoft period. He uses office because QuickBooks requires it.

    How so?



  • @Minion-Queen said:

    @gjacobse The owner refuses to use anything Microsoft period. He uses office because QuickBooks requires it.

    You refuse to use Microsoft anything?



  • @Dashrender said:

    @Minion-Queen said:

    @gjacobse The owner refuses to use anything Microsoft period. He uses office because QuickBooks requires it.

    How so?

    Bookkeeper.



  • @scottalanmiller said:

    @Dashrender said:

    @Minion-Queen said:

    @gjacobse The owner refuses to use anything Microsoft period. He uses office because QuickBooks requires it.

    How so?

    Bookkeeper.

    Awww 😞



  • @Jason
    Your are right Jason,.. Shares are dependent on the User - nothing to do with the computer.



  • @DustinB3403 said:

    @Minion-Queen said:

    @gjacobse The owner refuses to use anything Microsoft period. He uses office because QuickBooks requires it.

    You refuse to use Microsoft anything?

    Client. NTG does not (nor will it ever as I know) use QB...



  • @gjacobse said:

    @DustinB3403 said:

    @Minion-Queen said:

    @gjacobse The owner refuses to use anything Microsoft period. He uses office because QuickBooks requires it.

    You refuse to use Microsoft anything?

    Client. NTG does not (nor will it ever as I know) use QB...

    Are they on Windows? Or are they using a Mac?