|
function Map-Drive
{
param(
[string]$DriveLetter,
[string]$Share,
[string]$Domain,
[string]$GroupName
)
Write-Host "Writing Drive Mapping: $DriveLetter"
$gpo = Get-SDMGPObject "gpo://qq.414141.com/Drive Mapping Policy" -OpenbyName
$path ='User Configuration/Preferences/Windows Settings/Drive Maps'
$drives = $gpo.GetObject($path)
$map = $drives.Settings.AddNew($DriveLetter)
$map.Put('Action',[GPOSDK.EAction]'Create')
$map.Put('Drive Letter',$DriveLetter)
$map.Put('Location',$Share)
$map.put('Reconnect', $true)
$map.Put('Label as', $DriveLetter)
# now do ILT
$objUser = New-Object System.Security.Principal.NTAccount $Domain, $GroupName
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$iilt = $GPO.CreateILTargetingList()
$itm = $iilt.CreateIILTargeting([GPOSDK.Providers.ILTargetingType]'FilterGroup')
$itm.put('Group',$groupName)
$itm.put('UserInGroup',$true)
$itm.put('SID',$strSID.Value)
$iilt.Add($itm)
# now add ILT to drive mapping and save the setting
$map.Put('Item-level targeting',$iilt)
$map.Save()
}
$driveInfo = Import-Csv -Path c:\data\drivemaps.csv
foreach ($drive in $driveInfo)
{
Map-Drive -DriveLetter $drive.DriveLetter -Share $drive.Share `
-Domain $drive.Domain -GroupName $drive.GroupName
}
|
|
|