Drive Mapping through GPO on few Servers

Question

I have a requirement to fulfill related to Drive mapping through GPO.

We have a domain (let's call it contoso.com). Under contoso, we have an OU "InfraComputers" where there are 1000s of Server's Computers Objects Under contoso, we have multiple OUs named NorthAmerica, Europe, Asia, and these OUs have multiple Sub OUs for each site. These Sub OUs have User Objects

The requirement is to Drive Maps to only these 2 Servers (let's call them ServerA & ServerB) so no matter which user logs in to these 2 Servers, they should see Network Drives mapped using GPO

Note: The Drive Maps should not happen on any other servers.

My understanding is the following:

1. Create a GPO and link it to InfraComputers
2. Remove Authenticated Users from Security Filtering and add these 2 Computer Objects
3. Create the Drive Mapping with appropriate Shares Paths
4. Since Drive Mapping is User Configuration and won't apply to Computers unless Loopback is enabled. So I plan to Enable Loopback with Merge Mode

I am trying to understand if this is a good way to implement Drive Mapping through GPO to few Servers? OR if there is a flaw in this approach? Also if there is a better way to map Drives

Answer 1

That's a fine plan, with one exception:

Because you're using these drive mappings for the users logging onto these servers and will be configuring these drive mappings under User Configuration in the GPO, you need to include the users in the Security Filtering of the GPO. If you intend this so apply to all/any users then simply add the Domain Users group to the Security Filtering of the GPO, along with the computer accounts for these two servers.