# Mapping Network Drives on Intune Devices

This guide is part of a video series companion guide on setting up mapped drives on Intune devices – you can watch the video here S02E18 – How to Map Network Drives on Microsoft Intune Devices – (I.T) – YouTube! This is rather simple but I will be adding some useful bits of code for people who do not have an always on VPN solution for all those Work From Home scenarios.

## Creating the script

Before we get started let me explain how this process works. We are going to create a script that we deploy via intune, which in turn will create a scheduled task to map the network drives at login. We will then be adding a few lines of code to also have it map on any network changes.

1. Go to https://intunedrivemapping.azurewebsites.net/DriveMapping
4. Edit the powershell script, near the bottom you will see the following line
$trigger = New-ScheduledTaskTrigger -AtLogOn 5. Remove everything below that point and add the following $trigger = New-ScheduledTaskTrigger -AtLogOn

$class = cimclass MSFT_TaskEventTrigger root/Microsoft/Windows/TaskScheduler$trigger2 = $class | New-CimInstance -ClientOnly$trigger2.Enabled = $True$trigger2.Subscription = '<QueryList><Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"><Select Path="Microsoft-Windows-NetworkProfile/Operational">*[System[Provider[@Name=''Microsoft-Windows-NetworkProfile''] and EventID=10002]]</Select></Query></QueryList>'

$trigger3 =$class | New-CimInstance -ClientOnly
$trigger3.Enabled =$True
$trigger3.Subscription = '<QueryList><Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"><Select Path="Microsoft-Windows-NetworkProfile/Operational">*[System[Provider[@Name=''Microsoft-Windows-NetworkProfile''] and EventID=4004]]</Select></Query></QueryList>' #Execute task in users context$principal= New-ScheduledTaskPrincipal -GroupId "S-1-5-32-545" -Id "Author"

#call the vbscript helper and pass the PosH script as argument
$action = New-ScheduledTaskAction -Execute$wscriptPath -Argument ""$dummyScriptPath" "$scriptPath""

$settings= New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries$null=Register-ScheduledTask -TaskName $schtaskName -Trigger$trigger,$trigger2,$trigger3 -Action $action -Principal$principal -Settings $settings -Description$schtaskDescription -Force

Start-ScheduledTask -TaskName $schtaskName stop-Transcript } ## Upload to Intune 1. Navigate to https://endpoint.microsoft.com/ 2. Select Devices 3. Select Scripts 4. Select Add – Windows 10 5. Give it a Name and select Next 6. Select your script file and Next 7. Assign to the desired user group and Next 8. Select Add ## Verify the Scheduled Task Exists Once you have deployed the script to the selected group, you can sync Intune policies through Company Portal. Remember it can take up to 8 hours for this to appear. You should see a scheduled Task named IntuneDriveMapping and the triggers should look like the below. ## 36 Comments on “Mapping Network Drives on Intune Devices” 1. Nice Post.. May I suggest checking out Microsof Endpoint Manager > Reports > Endpoint Analytics > Proactive Remediation for deployments. This way it takes two scripts one to see if a mapped drive exists then a remediation script to deploy the setting if it doesn’t. I have had a lot of success with this of other task like setting up a vpn that’s not compatible with the Device configuration template. 1. Like I point out in the video there are TONS of ways to go about doing this. When I originally did this in my own environment Proactive Remediations weren’t available. I absolutely love them! However in a scenario like this I don’t think it works that well only because it would only run every x hours, days, weeks, or whatever you have it set to. However if it was say writing the paths to the registry that could be a viable option, but in that case seeing the red X when a user isn’t connected to the onprem network is a big no one for me. 2. You say about not wanting remediations, and want it to remap on each logon, but I have found that when you map the drive once, it will stay mapped, but just not show when not on the network. Is there a reason why you would make it map on log on every time? why not assign to the user once and leave it up to windows 1. The script checks to see if the drive is still mapped or if the network folder that the drive letter is mapped to matching what we want it to be. If the user changes the network location for the drive we’re mapping, it will remove and then remap the drive. 3. Hi Jake, Great walktrough! By any chance, do you know where we can change so that it’s possible to use another domain prefix when mapping the drive? Been scratching my head but can’t figure it out. Tried this setting but it didn’t work for me.$searchRoot = “another domain”. The users have gone all AAD but needs mapping to on-prem domain but the script defaults to azuread\username

4. Hi, great post and thanks for the video!
I’m currently using this script, all seemed to be working great. But since a few weeks we’re having issues with autopilot. This scripts is still working fine for enrolled devices.. However after much troubleshooting I found out that this script is causing the issues we’re having with our Autopilot process for some reason.. Was wondering if you are using autopilot and if so, is that still working if this script is targeted to the user who is enrolling a new device with autopilot.

5. Hi there! If I rename the DriveMapping.ps1 file, do I have to make changes to the code? Also, if I use DriveMapping.ps1 with script 1 and make some changes to it to map different drives and use that for script 2, will that affect script 1?

1. @Rich – if you look for “$schtaskName” you’ll see that you’re able to change the name of the scheduled task and leave a description, search for$schtaskDescription, of your task. I would suggest changing this for each of the drives you want to map so they make more sense to you later on.

6. Hi guys. I get a error saying Verify premissions and Authetication in powershell when i run the script on my AAD user. i given him SMB contributor role. is it something am missing?

7. Hi there, sorry to bother you, but all seems ok when running the script. Task is being created and script tries to run, but fails with the message.

WARNING: Exception calling “FindOne” with “0” argument(s): The server is not operational

What can go wrong?

Regards

8. Hi guys
Just have a really silly question…….

If I have a personal shared network drive for eache user and this network drive works by connecting users via ID, For example ([email protected] and in active directory Test ID is (jh985), is there a way to do this kind of connection in the script?

1. Hi,

Try to add $Env:Username In this line:$driveMappingJson = ‘[{“Path”:”\\share.local\users\$Env:Username” This should work. 9. Ok getting the following message and I think it’s because we don’t have the AD connector configured properly but what are my options and where do I run/set this? WARNING: You can override your AD Domain in the$overrideUserDnsDomain variable

10. Is there a way we could have the script only disconnect the drive letter that we’re trying to connect instead of all other mapped drives?

1. Are you able to select multiple security groups in a single drive mapping or would you have to create a path item for each group you want to include for the same mapped drive?

If we’re able to have multiple security groups in one path line, can someone provide the syntax of how that would be done?

1. The latest version of the script allows for multiple security security groups for each drive mapping.

11. I cannot get this to work for none admin users.

The task is pushed from the script and created but it doesn’t run and when I run it manually it says the user doesn’t have permission.

How can I make the scheduled task work for none local admin users ?

1. Sorry for the super later reply but standard users can not force scheduled tasks to go off manually you have to have the network change occur for it to work.

12. How can I get the scheduled task to run as a standard user ?

The tasks creates but the users are not local admin and the task doesn’t run. I tried to run manually from task scheduler and it says the user doesn’t have permission.

13. your missing Stop-Transcript at the end of the edited script…. Currently I am getting failed in Intune and cant figure out why.

14. your missing Stop-Transcript at the on line 23. also script is failing for me, part of it makes it to the computer but no schedule task created.
Intune also reports failed

15. So I fixed the failure it was because of missing the stop-Transcript at the end.
also I would recommend adding another event trigger, this one covers for OpenVPN network adapter.

$trigger4 =$class | New-CimInstance -ClientOnly
$trigger4.Enabled =$True
$trigger4.Subscription = ‘*[System[Provider[@Name=”Microsoft-Windows-NetworkProfile”] and EventID=10000]]’ and then update$null=Register-ScheduledTask -TaskName $schtaskName -Trigger$trigger,$trigger2,$trigger3,$trigger4 -Action$action -Principal $principal -Settings$settings -Description $schtaskDescription -Force to add tigger4 to it. Please delete my duplicate posts. 1. Sorry for the late reply I went ahead and added the Stop-Transcript, it shouldn’t have been needed as it’s worked in the past, thank you! 16. Are you able to select multiple security groups in a single drive mapping or would you have to create a path item for each group you want to include for the same mapped drive? If we’re able to have multiple security groups in one path line, can someone provide the syntax of how that would be done? Thanks in advance. 1. Please disregard my previous comment. It looks like someone already created a solution for this on the Github page for this. #…pfilter can be like “group1,group2” #used to create an array for groups$driveMappingConfig = foreach ($d in$driveMappingConfig) {
[PSCustomObject]@{
Path = $($d.Path)
DriveLetter = $($d.DriveLetter)
Label = $($d.Label)
Id = $($d.Id)
GroupFilter = $($d.GroupFilter -split “,”)
}
}

17. Hello. Does this support UNC paths with a space in the name? e.g. \SERVER\Data Folder as it seems to reject it.

18. Hi all. How do you get this to work for a non admin user? The tasks get created, but the drives do not map.

19. Would it be possible to use variables in the drive map label? Our org uses $env:Username to label user network drives. All of the things I’ve tried so far have left me with the variable as the label. 20. Is there a way to use a variable for the drive label? Everything I’ve tried has come out as plaintext when the drives are mapped. Our org uses %username% as our current label via group policy. Would like to use$env:Username with this script. Thanks.

21. Is it not possible to embed the username/password required for mapping in the script?

22. One issue I found for H drive using %logonuser%. Would it be possible to install and update AD module to this script? Would it require GraphAPI to read from the AD module and parse %logonuser%

23. Hi, been using this fine, but if I try and add a UNC Path with spaces in the folder (for example \path\to your share) I get an error “Valid UNC path required” I have tried using speech marks around the path i.e. \path\”to your share” or “\path\to your share”. I have read somewhere that paths with spaces are not supported. Has anyone else had this problem and know a work around?

24. THANKS! Awesome post, love the tweaks.

Trying to connect to the remote share using a specific username & password though, as the remote server won’t recognise the AzAD UPN…

Any Ideas?

25. I am excited to try this out but our main share has a space in it. Is there a way around this or a workaround? It looks like a couple other people have asked but no reply.

26. I created a PowerShell script and upload it on the PowerShell Script option under the Windows devices in Endpoint manager

$schtaskName = “IntuneDriveMapping”$principal= New-ScheduledTaskPrincipal -GroupId “S-1-5-32-545” -Id “Author”
$action = New-ScheduledTaskAction -Execute ‘Powershell.exe’ ` -Argument ‘-ExecutionPolicy Bypass -NoProfile -WindowStyle Hidden -command “& {net use G: \servernameorIP\sharename /Persistent:Yes}”‘$trigger = New-ScheduledTaskTrigger -AtLogOn
$null=Register-ScheduledTask -Principal$principal -Action $action -Trigger$trigger -TaskName $schtaskName -Description “Intune Drive Mapping By MSingh” Start-ScheduledTask -TaskName$schtaskName -Force

This creates a Schedule Task on the end user device and map the share to a drive letter G:

This site uses Akismet to reduce spam. Learn how your comment data is processed.