GPO to map drive. Better than scripts in many ways.

The best way to map a drive is to use Group Policy Preferences, introduced in Windows Server 2008. Group Policy Preferences removes many of the reasons we had to use scripts in the past.

1. Open an existing Group Policy Object (GPO) (or create a new one linked to the domain or OU you want to map to).

2. Navigate to User Configuration, Preferences, Windows Settings, Drive Maps.

3. Right-click Drive Maps and select New, Mapped Drive.

4. To add a new mapped drive for users, select Create (or select Replace to replace an existing map drive that might already exist with the same letter).

5. Close Group Policy.

6. Enter the details for the share, a name, and letter, then click OK (see the screen shot below).


At next Group Policy refresh, during logon, the drive will be mapped.

Discovery Steps

Been doing a lot of client discovery recently for Managed Services client on-boarding, and documentation of existing clients. This is a somewhat time consuming process as its balance between trusting what’s provided by the client (often from the out-going System admin or company) and finding out for yourself. I tend to use the provided documents to confirm what I have found, with a ton of help from teammates and coworkers.

I don’t pretend to be a Network layer expert I understand the process and can find my way around a bit but I really rely on a top notch Networking coworker. His task really is to look around and find everything from the firewall to the routing and switching. I need from him; the ranges that my tools should scan and the SNMP to be configured to let me discover and eventually monitor.

After I get that email or better yet spreadsheet, onto the infrastructure work and then to the preferred tools…

Well not quite… first its DNS. DNS must be clean and up to date. Best way to do this is Scavenge DNS.

Checking all DNS servers in a Domain and setting up the scavenging attempt frequency, and record aging.

Get a list of DCs in the Domain by…

nltest /dclist:domain.local replacing domain.local with the actual domain.

Under the Advanced Properties of the DNS Servers check the “Enable automatic scavenging of stale records” checkbox and Set the scavenging period. Default is 7 days I think, which is fine in most cases as long as its at least as long as the DHCP lease interval.

Next “Set Aging/Scavenging for All Zones…” check the Scavenge stale resource records, and I like to chose 3 days for No-Refresh intervals and 4 days for Refresh intervals. In the box that appears check the “Apply these settings to the existing Active Directory-integrated zones.



WMI! Without it almost every discovery and management tool is useless.


Microsoft Assessment and Planning toolkit (MAP Toolkit)

ADTD and Visio

Managing Exchange Full Access–Who can see who’s mail?

This is a good snippet that can be run from the Exchange Management Shell (PowerShell) prompt:


Get-Mailbox | Get-MailboxPermission | Where-Object { ($_.AccessRights -eq "FullAccess") -and ($_.IsInherited -eq $false) -and -not ($_.User -like "*nt authority\self*") } | Select Identity, User | Export-CSV c:\fullperm.csv

This returns a CSV with the first column showing the Active Directory path for the “Identity” that is giving full access. The second column shows the domain\<username> of the “User” that has the access to the “Identity” mailbox.

Profile and Folder Redirection In Windows Server 2003


Profile and Folder Redirection In Windows Server 2003

Support guidelines for migrating roaming user profiles data to Windows Vista or to Windows Server 2008


Support guidelines for migrating roaming user profiles data to Windows Vista or to Windows Server 2008

File Replication Service can Kill your Directory


An Ounce of Planning

Planning and Architecture: AD DS

Prepare forest Schema