Hello,
My company is currently mapping drives using a logon script that was created 15 years ago with very little maintenance and thought as to how to properly maintain it. It is at a point where we don't have anymore drive letters to use, more security groups then actual employees to manage NTFS permissions, an enormous amount of custom drive mappings to various locations, and it is getting out of control.
My end goal is to get rid of using the logon script and use group policy to map drives. The thing is I need to keep everyone happy at the same time which I know is most likely going to be impossible.
My first idea is to restructure file servers at the root level and maybe one to two levels by organizing it my location and maybe department. Then create a standard of mapping at a much higher level in the file tree. This of course would break some users ability to find their files and open stuff from recent files in word, excel, etc.
My second idea is to get rid of mapped drives completely. Just map them as network network location using a GPO and then use item level targeting to map the network location using the security groups already in use for NTFS permissions.
The thing is, there are at least 500 security groups currently in use for NTFS permissions and the logon script also uses them to map drives.
If I stuck everything into one GPO and use item level targeting to map 500 different network locations by specifying a security group, will this negatively impact the users login time?
Are there any other ways to tackle this issue? I was thinking about using DFS as well but there are just so many shares I'm not quite sure what is the best way to do this. Are there any 3rd party utilities that I could use?
It seems like the work to move away from the logon script would make users to angry to benefit from moving away from logon scripts.
Any suggestions and ideas are greatly appreciated.
Thanks!