Apply Group Policy To a Security Group

KB ID 0001653


On EE this morning someone asked how to map a drive to only two users, so that wherever they logged in, they got their mapped drive. Seemed like a good Idea for a post so here you go;


If you do not already have one, create a group for your users.

Create Security Group

Add the users, (as appropriate).

Add Users to Security Group

On a Domain Controller > Administrative Groups > Locate the OU that contains your users (Note: if your users are in multiple OU’s, then after you have created the policy simply ‘Link‘ it to the applicable OUs).

Create Group Policy

Edit the policy.

Edit Group Policy

User Configuration > Preferences > Windows Settings > Drive Maps > New  > Mapped Drive > Action = Create > Location = Set the UNC path to the mapped drive > Tick ‘reconnect’ > Label as ‘What you want the user to see it called’ > Select the drive letter you want > Apply > OK > Close the policy editor.

GPO to Map a Drive

With the policy selected > Delegation. > Advanced > Authenticated Users > REMOVE ‘Apply Group Policy’.

Apply GPO to Security Group

Add. >Add in your ‘Security Group’.

Apply GPO oonly to Security Group

ALLOW ‘Apply Group Policy’ > Apply > OK.

Map Drive to Securiry Group

Then either wait, or force a group policy update.

To prove it’s not all ‘Smoke and Mirrors‘, I log on as one of those users and…

Drive Mapped to via GPO

Related Articles, References, Credits, or External Links


Author: PeteLong

Share This Post On


  1. Group Policy Item-Level Targeting?

    Post a Reply
    • Good call! Yes, because its a GPP and Not a GPO It can be targeted directly to a security group 🙂

      Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *