Mapping Network Drives on Intune Devices

Jake ShackelfordEndpoint Management, How-To, Intune, Powershell, Scripting4 Comments

This guide is part of a video series companion guide on setting up mapped drives on Intune devices – you can watch the video here S02E18 – How to Map Network Drives on Microsoft Intune Devices – (I.T) – YouTube! This is rather simple but I will be adding some useful bits of code for people who do not have an always on VPN solution for all those Work From Home scenarios.

Creating the script

Before we get started let me explain how this process works. We are going to create a script that we deploy via intune, which in turn will create a scheduled task to map the network drives at login. We will then be adding a few lines of code to also have it map on any network changes.

  1. Go to https://intunedrivemapping.azurewebsites.net/DriveMapping
  2. Follow the onscreen options to add/remove mapped drives as needed
  3. Select Download Powershell Script
  4. Edit the powershell script, near the bottom you will see the following line
    $trigger = New-ScheduledTaskTrigger -AtLogOn
  5. Remove everything below that point and add the following
$trigger = New-ScheduledTaskTrigger -AtLogOn

$class = cimclass MSFT_TaskEventTrigger root/Microsoft/Windows/TaskScheduler
$trigger2 = $class | New-CimInstance -ClientOnly
$trigger2.Enabled = $True
$trigger2.Subscription = '<QueryList><Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"><Select Path="Microsoft-Windows-NetworkProfile/Operational">*[System[Provider[@Name=''Microsoft-Windows-NetworkProfile''] and EventID=10002]]</Select></Query></QueryList>'

$trigger3 = $class | New-CimInstance -ClientOnly
$trigger3.Enabled = $True
$trigger3.Subscription = '<QueryList><Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"><Select Path="Microsoft-Windows-NetworkProfile/Operational">*[System[Provider[@Name=''Microsoft-Windows-NetworkProfile''] and EventID=4004]]</Select></Query></QueryList>'

#Execute task in users context
$principal= New-ScheduledTaskPrincipal -GroupId "S-1-5-32-545" -Id "Author"

#call the vbscript helper and pass the PosH script as argument
$action = New-ScheduledTaskAction -Execute $wscriptPath -Argument "`"$dummyScriptPath`" `"$scriptPath`""

$settings= New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries

$null=Register-ScheduledTask -TaskName $schtaskName -Trigger $trigger,$trigger2,$trigger3 -Action $action  -Principal $principal -Settings $settings -Description $schtaskDescription -Force

Start-ScheduledTask -TaskName $schtaskName

}

Upload to Intune

  1. Navigate to https://endpoint.microsoft.com/
  2. Select Devices
  3. Select Scripts
  4. Select Add – Windows 10
  5. Give it a Name and select Next
  6. Select your script file and Next
  7. Assign to the desired user group and Next
  8. Select Add

Verify the Scheduled Task Exists

Once you have deployed the script to the selected group, you can sync Intune policies through Company Portal. Remember it can take up to 8 hours for this to appear. You should see a scheduled Task named IntuneDriveMapping and the triggers should look like the below.

4 Comments on “Mapping Network Drives on Intune Devices”

  1. Nice Post.. May I suggest checking out Microsof Endpoint Manager > Reports > Endpoint Analytics > Proactive Remediation for deployments. This way it takes two scripts one to see if a mapped drive exists then a remediation script to deploy the setting if it doesn’t. I have had a lot of success with this of other task like setting up a vpn that’s not compatible with the Device configuration template.

    1. Like I point out in the video there are TONS of ways to go about doing this. When I originally did this in my own environment Proactive Remediations weren’t available. I absolutely love them! However in a scenario like this I don’t think it works that well only because it would only run every x hours, days, weeks, or whatever you have it set to. However if it was say writing the paths to the registry that could be a viable option, but in that case seeing the red X when a user isn’t connected to the onprem network is a big no one for me.

  2. You say about not wanting remediations, and want it to remap on each logon, but I have found that when you map the drive once, it will stay mapped, but just not show when not on the network.
    Is there a reason why you would make it map on log on every time? why not assign to the user once and leave it up to windows

  3. Hi Jake,
    Great walktrough! By any chance, do you know where we can change so that it’s possible to use another domain prefix when mapping the drive? Been scratching my head but can’t figure it out. Tried this setting but it didn’t work for me. $searchRoot = “another domain”. The users have gone all AAD but needs mapping to on-prem domain but the script defaults to azuread\username

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.