Hi,
very cool tool (y)
I have the problem that the minus character "-" on the UNC Path is not accepted.
UNC: \file-server\file-share\ = "Valid UNC path required"
Can you fix that please?

Hi,

Thx for the great script.

Is it possible to insert a username and password to a drive mapping?

Whats the correct syntax for this?

Hey mate, nice work on this, cool stuff.

I've seen the manual mapping generator doesn't support he underline character _. Any chance you can include this?

Hi,

We were looking forward to using your tool, but at the moment it seems to be offline.
Webpage says:

Error 403 - This web app is stopped.
The web app you have attempted to reach is currently stopped and does not accept any requests. Please try to reload the page or visit it again soon.

If you are the web app administrator, please find the common 403 error scenarios and resolution here. For further troubleshooting tools and recommendations, please visit Azure Portal.

Will this be sorted or have you guys stopped developing?

The site does not accept unc paths with spaces. Not sure if the script could be modified manually. Says "Valid UNC Path Required"

Example: \YourDomain\Network\Share Name

Otherwise, this is excellent work.

Less of an issue, more of a question or suggestion if currently not possible, but is there a way to add a NOT option to a group filter? So I want this drive to map if the user is not a member of a particular group? Our environment has a number of network shares with mapped drives which all users except a few should have access to, and maintaining a small group of denied users is much easier than a very large group of allowed users.

I don't think this is currently possible with the code as it is written now (although I could be mistaken!) and while I might be able to write a new section that would do it, each time I updated my mappings via the web generator I'd have to remember to edit the code again, so if this was something that could be added in, that would be extremely useful!

Thanks

Is there any way to set the drive visibility to Hidden?

For some reason the Test-RunningAsSystem is returning false even though the start-transcript header shows the user as DOMAIN\SYSTEM

I am making the following suggestion for changing the fuction:

Original function:

#check if running as system
function Test-RunningAsSystem {
	[CmdletBinding()]
	param()
	process {
		return [bool]($(whoami -user) -match "S-1-5-18")
	}
}

Suggested function (which is working properly in my testing):

#check if running as system
function Test-RunningAsSystem {
	[CmdletBinding()]
	param()
	process {
		return [bool]([System.Security.Principal.WindowsIdentity]::GetCurrent().IsSystem)
	}
}

Hiya, i have trawled through closed tickets but cant seem to find anything that points me in the right direction, i have updated $searchroot with my domain name, machine is connected through VPN and additional variables have been added as per below -
$class = cimclass MSFT_TaskEventTrigger root/Microsoft/Windows/TaskScheduler
$trigger2 = $class | New-CimInstance -ClientOnly
$trigger2.Enabled = $True
$trigger2.Subscription = '*[System[Provider[@name=''Microsoft-Windows-NetworkProfile''] and EventID=10002]]'

$trigger3 = $class | New-CimInstance -ClientOnly
$trigger3.Enabled = $True
$trigger3.Subscription = '*[System[Provider[@name=''Microsoft-Windows-NetworkProfile''] and EventID=4004]]'

#Execute task in users context
$principal= New-ScheduledTaskPrincipal -GroupId "S-1-5-32-545" -Id "Author"

#call the vbscript helper and pass the PosH script as argument
$action = New-ScheduledTaskAction -Execute $wscriptPath -Argument ""$dummyScriptPath" "$scriptPath""

$settings= New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries

$null=Register-ScheduledTask -TaskName $schtaskName -Trigger $trigger,$trigger2,$trigger3 -Action $action -Principal $principal -Settings $settings -Description $schtaskDescription -Force

Start-ScheduledTask -TaskName $schtaskName

upon reviewing the log file it states that 'The running command stopped because the preference variable "ErrorActionPreference" or comman parameter is set to stop: the system cannont contact a domain controller to service the authentication request. please try again later" i am able to ping the DC so have a route to it.

Any help appreciated,
Ryan

Can you create a variation of the script that removes the PARENT group lookup? (We use nested groups, but NOT for drive mapping.)

WITH parent group lookup = 53 seconds
$searcher.Filter = "(member:1.2.840.113556.1.4.1941:=$distinguishedName)"

WITHOUT parent group lookup = 0.2 seconds
$searcher.Filter = "(member=$distinguishedName)"

The parent group lookup (53 seconds per PC) caused our domain controllers to max out CPU when thousands of devices started using the script. We have tens of thousands of objects to lookup in our AD.

Hi There,

Script works great, thank you for working on this :)

Pete

Hi Nicolonsky, Great work on your IntuneDriveMapping generator! We want to use your script to map drive to user's home folder. Is it possible for your script to accept a variable on the UNC path ie. - \server1\users%username%? It doesn't seem to work, specific path works. Any suggestions? Thanks~

we've already mapped several drives with this method and all of them work as expected. So, I wanted to try it for other scenarios as well.

We maintain multiple servers designated for Home Drives (H Drives), and these servers are named according to the usernames and the groups to which they belong. For example, members of Group X should access their drives at \Server01%USERNAME%, whereas Group Y members should use \Server02%USERNAME%, and so forth. This naming convention is intended to work with the %USERNAME% variable. This means that we aim to map different shares depending on the user who logs into a workstation, and making their H drive accessible to them. Additionally, we manage a variety of file servers and shared drives, all identified by %USERNAME%, resulting in multiple UNC Paths. So, I’m wondering how should I address multiple file servers and %USERNAME% on this method?

I've already tried \Server01%USERNAME% and it didn't work, but when I tried the same path for a specific users account (Instead of %USERNAME%), H drive showed up quickly.

Hello,

if the Script runs (offline, or with no active VPN connection) the Script does not retrieve the GroupMemberships and unmapp all drives
with active GroupFilter.

$groupMemberships = Get-ADGroupMembership -UserPrincipalName $(whoami -upn)

this will return nothing

for me i changed it to

if(!$groupMemberships)
{
Write-Output "No GroupMemberships, exit Script"
exit
}

so if no GroupMemberships can be retrieved it stops the processing and does not unmapp my Drives.

ps. failure handling in this part is also important

catch {
#nothing we can do
exit
}

Thank you

First, thanks for the script :)

We have the script running already, and now want to send out an update, with new network paths. But when I create a new script and run on the machine as a system account, Does the file C: \ProgramData\intune-drive-mapping-generator\DriveMapping.ps1 being restored to the old paths, even if I delete the file.

Is there a cache or the like that needs to be deleted first before i run the new script?

I have setup the script with the VPN trigger modification and installed through Intune. When I connect VPN the task is triggered but no drives are mapped and the log shows "Unable to access path '###########' verify permissions and authentication!". I can see in the log that it has the proper account for RunAs and I am using the $searchRoot variable. The very odd thing is if I run the task manually from Task Scheduler it maps the drives. Am I missing something obvious?

Transcript started, output file is C:\Users\ASHIQU~1\AppData\Local\Temp\DriveMapping.log

At C:\Users\Ashique Sayyed\Downloads\DriveMapping (1).ps1:33 char:25

•     GroupFilter = $($d.GroupFilter -split ",")
  

•                     ~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidArgument: (:) [], RuntimeException
  • FullyQualifiedErrorId : ConversionSupportedOnlyToCoreTypes

Hi there,

I have a small Bug Report regarding the Execution Reporting of the Powershell Script in the Intune Web UI. The Powershell Script is executed successfully on the Clients and for te Users and all the needed Drives are mapped (fantastic work on the Script by the way!) but in the Intune Web UI all the Devices and Users are getting Reported as Error/Failed.

I'm guessing that somehow the Exit Codes from the Script are not the ones Intune expects them to be or they need to be implemented. Would be great if you could fix/implement this when you got the time.

Thanks in advance and thanks for the fantastic Script!

How do I ensure that the script can handle updates to UNC paths?
Would I need to look at removing and disconnecting existing drives if the script needs to be rerun?
Thank you

First, thank you for this. It has saved me quite a bit of time.

This isn't an issue per-say but I'm curious if you're able to specify more than one security group within each drive mapping?
How is the code supposed to be structured for that GroupFilter? Or is it 'best' to have one security group per path item?

I've tried a few methods I thought would work but I haven't been successful thus far. Any guidance would be appreciated.

Hi,

First of all Thanx a lot for your solution. I do have a question though.

I created the script for a specific AD group that has nested groups in it and it seems to only works if my user is in the main group itself. Is this correct? And if so would this be easy to change it to also check nested groups?

Regards,
DJITS

First of all thank you so much for this script i've been using it for a long while now in combination with intune.

There is one issue I have and that is that remove-psdrive wont remove disconnected drives and most drive mappings I want replaced are no longer mapped as the share is no longer available. Get-Psdrive wont see them so they wont get removed by the "mapped with wrong config part of the script" Would it be possible to rewrite this part of the script using the get-smbmapping and remove-smbmapping commands? I am aware of the new "remove unnasigned drives" option which is great, but I just want to remove drives that do not match the company drives. For now I just added a few lines in manually using remove-smbmapping and then listing my obsolete drives by hand, but it would be much nicer if it was dynamic as the current "mapped with wrong config" part of the script.

Hi there...

This is a quick question: I have replaced the script DriveMapping.ps1 with a new version in InTune. The new script gets deployed perfectly fine but I have noticed that the already existing script on the endpoints gets renamed to DriveMappping.ps1 (with three "p" in the name).

This is not an issue with the script or its feature-set it's just that I could not find a function in the script that would be responsible for this renaming. Is this intended?

Hello,

Your script was lifesaving for me and worked as intended. I missused it though, and deployed a test script to some devices with assigned letters, let's say G and H. After seeing it working properly, i removed the script from intune and deployed the "correct" script with the same path, and letters I and M. Now it won't work at all because of their computers you have 2 tasks scheduled that conflict with the other. Is there a way to fix that other than manually remove them? Both of them had "remove stale drives" on! Thanks

Hi

I created the XML report which contained X2 drive maps.

I added the script as shown on your example.
I could see it reported back as “Successful” in the InTune portal however no drives mapped etc...

Device is Azure AD / InTune Managed
User logged on has local Admin rights...

I tried running the script locally...
Wouldn’t run until I ran “set-executionpolicy bypass”
Script ran through however no drives mapped or scheduled task created..

Any ideas?

No idea how pull requests work so I will post this here.

Line 219 scriptSavePathName = "DriveMappping.ps1"

One too many P's

Hi,
Some of the drive mapping we are trying to import are having multiple security group in their filtering, is there a way we can assign a drive mapping to multiple security groups?

Hi Team,

Whilst i appreciate this is probably an issue with my setup rather than the script itself, it isn't clear what the issue is. I have a couple of users that when they run the script the log gives the following error (other users are just fine). If i break down the script step by step, I seem to get an issue around the 2 lines:

$distinguishedName = $searcher.FindOne().Properties.distinguishedname
$searcher.Filter = "(member:1.2.840.113556.1.4.1941:=$distinguishedName)"

_PS C:\ProgramData\intune-drive-mapping-generator> $distinguishedName = $searcher.FindOne().Properties.distinguishedname
Exception calling "FindOne" with "0" argument(s): "The (member:1.2.840.113556.1.4.1941:=) search filter is invalid."
At line:1 char:5

• ... $distinguishedName = $searcher.FindOne().Properties.disti ...
• CategoryInfo : NotSpecified: (:) [], MethodInvocationException
• FullyQualifiedErrorId : ArgumentException_

It isn't clear to me what isn't working here beyond it attempting to match the DN of the user and if it exists in a group - however the user is a member of at least one of the specified groups for the drive maps.

Any assistance is much apprecated in troubleshooting and hoping that anyone else who gets this error may also find this help when googling.

I have tested a few things myself and cannot get this to work. I would like to remove all drives before mapping them as we do now with local domain logon scripts. We find this cleaner because if the device boots offline the drives disconnect and do not map. Can someone assist with how and where to add "net use * /delete /y" or some other code to accomplish this and were to place in the script. Thank you

Not an issue as much as a feature request.
I love the fact that you can upload an xml to convert a gpo. Would it be possible to allow upload of a script for editing it. Or possibly download a updated xml alongside the script for the possibility of future uploading and editing?
Yes, I could fairly easilly edit the scipt directly, but I oversee a team of brilliant maintenance people that are great at point and click admining, but useless at reading and implementing code... :)

Can you add support for azure storage accounts?
Azure storage make use of a username en password.

How to modify script to include the ability to map a drive and connect to it using different credentials?
Thank you for your time

Hi great script and with the addition from intune.training is working very well for remote users still needing a vpn connection etc.

This has all deployed via Intune\endpoint manager like a dream. I've now changed a couple of UNC paths to use a DFS path. I can see the new DriveMapping.ps1 is deployed correctly but the drive mapping doesn't update. If I manually delete the drive mapping the next time the task runs it will create the mapping using the new correct path so it's just the deletion of the old one not working.

Looking at DriveMapping.log I do see an error but I can't figure out why it's not deleting and re-creating the drive mapping

Mapping network drive \xxxxx.local\xxxxxxData\Store
PS>TerminatingError(New-PSDrive): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The local device name is already in use"
C:\ProgramData\intune-drive-mapping-generator\DriveMappping.ps1 : The local device name is already in use
At line:1 char:3

• &{C:\PROGRA3\INTUNE1\DRIVEM~2.PS1}

• + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
  + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,DRIVEM~2.PS1
  

C:\ProgramData\intune-drive-mapping-generator\DriveMappping.ps1 : The local device name is already in use
At line:1 char:3

• &{C:\PROGRA3\INTUNE1\DRIVEM~2.PS1}

• + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
  + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,DRIVEM~2.PS1
  
  

Any thoughts?

Thanks
Barry

$env:username$ doesn't seam te work for hidden shares

Hello,

Sometimes the Drive Label ist not correctly translated
(New-Object -ComObject Shell.Application).NameSpace("$($drive.DriveLetter):").Self.Name = $drive.Label

change to

(New-Object -ComObject Shell.Application).NameSpace("$($drive.DriveLetter):").Self.Name = $ExecutionContext.InvokeCommand.ExpandString($drive.Label)

This will correct this Issue

Thank you for this very usefull generator

When using an Always on VPN the script allready ran before the connection is set-up. I would love to see a check somewhere where it waits for the server to be available before running the script any further.

If there is no connection yet the script wil break with a warning:
WARNING: Exception calling "FindOne" with "0" argument(s): "The server is not operational.

Our org uses the $env:USERNAME variable to map our user folders. Looking at the script, I can't see a way that doesn't treat that as a string. Is there a alternative way to map the drive with a variable name?