Mapping Network Drives on Intune Devices-SysManSquad | Systems Management Squad

[utterances-bot]

Mapping Network Drives on Intune Devices-SysManSquad | Systems Management Squad

A community blog and subsidiary of WinAdmins.io

https://sysmansquad.com/2020/12/16/mapping-network-drives-on-intune-devices/

[tclearinghouse]

Great post and I am trying to implement this. Looks like the trigger subscriptions in the code are missing some less-than and greater-than symbols. I have been getting failures running the script in Intune and the error message "Register-ScheduledTask : The specified channel path is invalid." in the client log IntuneDriveMappingScheduledTask.log.

[jshackelford9375]

This should be fixed now, might take 30 minutes to appear, but when we migrated to github it didn't copy all the <> properly. I went and tested with the changes and it's good to go :)

[dfeifer]

The you for the article AND the video. I believe line 23 was accidental since it does not appear in your video..

[aaroneg]

its optional, it only affects what gets logged by default. You'd pair that with a start-transcript higher in the script if you want a text log file written of what the script does.

[Jebba180]

Hi - Is there a way to implement this using local device credentials? We have a NAS on site which im hoping to share one of the folders to all devices (as a "network drive") . The NAS authenticates with its own credentials though. Can you please advise how I would achieve this?

Thanks

[adammsharpe]

Exactly what I was looking for with trigger on log on and network change, thank you for this. Do you know why I would be getting a Windows Script Host error pop up repeatedly.

Script: C:\ProgramData\intune-drive-mapping-generator\IntuneDriveMapping-VBSHelper.vbs Line: 13 Char: 3 Error: 0xFFFFFFFF Code: FFFFFFFF Source (null)

I have checked and the file exists in the path shown and the user has rights to the path and the file to read and execute. Any ideas?

[jshackelford9375]

@Jebba180 I would not recommend doing this, because you'd be having plain text login info in the script. Proactive Remediations come down and are available locally on the device for even a non admin to see. There are cleanup scripts for this but even then it's a huge security risk.

[jshackelford9375]

@adammsharpe How did you deploy out the script? Via Intune? I can't say I've seen this error before or it trying to map to a VBS file.

[adammsharpe]

This is the vb file and the drive mapping file created by the powershell script from Step 1. above in your guide. The script is deployed via Intune in Endpoint Manager according to the DriveMapping generator

[adammsharpe]

From the drivemapping generator, the script states "Create dummy vbscript to hide PowerShell Window popping up at logon". I believe it is this.

[jshackelford9375]

You'll have to forgive me I wrote this article almost 2 years ago! Having said that when I did my deployments, I never added a VBscript. I'm assuming that might be something new the author of the drive mapping site had added.

[jshackelford9375]

I just took a peek at the script that the site creates, and I see what you're talking about, sadly I don't actively have an environment to test this in as I'm purely cloud only at this point :(

[adammsharpe]

Do you have a suggestion for an alternative for hybrid joined devices receiving mapped network shares while establishing connection on a vpn after login?

[adammsharpe]

I have resolved the issue. There was a group policy where Powershell.exe was blocked from being run for standard users

[tclearinghouse]

Hey Jake,

Just wanted to let you know we are using this script heavily in our enterprise for our AAD-joined devices that still need to access on-prem shares. It has worked flawlessly and wanted to thank you for the post. This has solved one of the problems I was trying to overcome in our AAD/Intune migration.

One thing I wanted to note to anyone finding this and maybe having DNS issues, we had to add a DHCP entry, code 15 for the DNS suffix for our domain, so that workstations could find the server by the simple server name. For instance on our network we just connect to \SERVER01 rather than \SERVER1.CONTOSO.COM.

[jshackelford9375]

Well this brightened my day! I'm glad to hear my old post is still helping admins!

[AndyHoveringBeard]

One quick question - when publishing the scripts in Intune, are we supposed to check the box for "Run this script using the logged on credentials" ? I mean I guess so since they use the users account to map drives, but then again it's using a scheduled task to do the mappings etc. etc.

[AndyHoveringBeard]

I just noticed the first lines of the main script say: When executed under SYSTEM authority a scheduled task is created to ensure recurring script execution on each user logon. - so I guess run as System not as User. Will be interesting to test with the users not having admin rights and a mix of hybrid joined and cloud only devices.

[tclearinghouse]

You would not select that option since you want the actual powershell script installer to run with system privileges. I am including my settings on how I have this setup in our org in a screenshot, hopefully it comes through in Github. The mapping in the users logged in session actually maps using their credentials.

Our users don't have local workstation privileges either btw and it works perfectly.

[rpertusio]

Hi. Just a warning on this script! Our AD is large (tens of thousands of objects), and this line in the PS1 script killed our Domain Controllers:

$searcher.Filter = "(member:1.2.840.113556.1.4.1941:=$distinguishedName)"

Each PC took 51 seconds to do the LDAP query for group membership. Multiplied by 1000s of devices it created problems. If you remove the backwards (inherited group membership) lookup, it completes in less than 0.2 seconds:

$searcher.Filter = "(member=$distinguishedName)"

[JStricklandAFMC]

@jshackelford9375 What happens when you need to add a new mapped drive? Do you have to go through the entire process again to generate the PowerShell script will all drive map configs in it, or can you set up a new script for each future mapped drive? Could/Should I do a script for each mapped drive?

[rpertusio]

set up a new script for each future mapped drive?

If you open up the generated .PS1 file, you'll see the array. Watch for commas/quotes, but you should be able to edit as you see fit.

[Runescom]

Hi!

If we deployed this script to 100+ devices, how can we remove a drivemapping of add a drivemapping? When we do a reupload of the script the script is not updated on the devices that has already the script.

Have someone there a solution for?

[saqib-s]

anyone put together code to clean up / remove the mappings / artifacts from this script?

I've tried to use Remove-PSdrive but its fails when pushed as a script. Any pointers on what to use?

The simple code I am using:

# Set Task name to match that in the original script 
$schtaskName = "DriveMappingxxxTaskName"

# Set specific drive letters to be removed from original script 
Get-PSDrive R,P,T | Remove-PSDrive -Force 

#Remove scheduled task
Unregister-ScheduledTask -TaskName $schtaskName -Confirm:$false

#Remove Script Files
$scriptSavePath = $(Join-Path -Path $env:ProgramData -ChildPath "intune-drive-mapping-generator")
Remove-item -Path $scriptSavePath -Recurse -Force

[Menz01]

Hello... trying very hard to get this to work. i followed this guide and the video but when i look at the script in Intune it says is failing to my test machines. there is no failure code or a link to click so i have no idea why it is failing. can someone help me troubleshoot this?

[ameerar]

I am getting this error in Intune: {"error":{"code":"InternalServerError","message":"{\r\n \"_version\": 3,\r\n \"Message\": \"An internal server error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 17c9764e-d780-4577-aad2-907648090bad - Url: https://fef.msua09.manage.microsoft.com/DeviceFE/StatelessDeviceFEService/deviceManagement/deviceManagementScripts('768bdad7-bc75-4b07-8940-f4d12855212b')/runSummary?api-version=5023-09-09\",\r\n \"CustomApiErrorPhrase\": \"\",\r\n \"RetryAfter\": null,\r\n \"ErrorSourceService\": \"\",\r\n \"HttpHeaders\": \"{}\"\r\n}","innerError":{"date":"2023-12-17T18:42:18","request-id":"64614eb0-251a-415c-bfca-af74f1281d03","client-request-id":"17c9764e-d780-4577-aad2-907648090bad"}}}

[rasans]

Hi. Thank you for your effort to put this together. It was very helpful for our environment. we've already mapped several drives with this method and all of them work as expected. So, I wanted to try it for other scenarios as well.

We maintain multiple servers designated for Home Drives (H Drives), and these servers are named according to the usernames and the groups to which they belong. For example, members of Group X should access their drives at \Server01\%USERNAME%, whereas Group Y members should use \Server02\%USERNAME%, and so forth. This naming convention is intended to work with the %USERNAME% variable. This means that we aim to map different shares depending on the user who logs into a workstation, and making their H drive accessible to them. Additionally, we manage a variety of file servers and shared drives, all identified by %USERNAME%, resulting in multiple UNC Paths. So, I’m wondering how should I address multiple file servers and %USERNAME% on this method?

I've already tried \Server01\%USERNAME% and it didn't work, but when I tried the same path for a specific users account (Instead of %USERNAME%), H drive showed up quickly.

[Addy-4]

Hi - I have used the script and see that deployed successfully on the devices, but the drive still dont show up.