• Home  / 
  • Tech
  •  /  OneDrive for Business Map as network drive

OneDrive for Business Map as network drive

Almost a year ago Microsoft announced that Office 365 tenants were going to have their OneDrive for Business storage increased to a massive 1TB per user. We had already embraced the cloud and moved our aging Exchange 2003 installation over the free Exchange Online licence available to all UK education establishments. I mean why wouldn't we? We were faced with hefty hardware purchases just to support the new Exchange 2013 environment along with the administrative headaches that other users were reporting.

As file sizes are rapidly increasing our methods for dealing with them, and more importantly our budget, are not. Certain areas of the college, particularly in the creative arts, are consuming large amounts of space and to keep on buying expensive SAN storage was just not an option. ​We eyed the limit increase from OneDrive  as a possible solution but at the time it was not possible to map a user's OneDrive space to a network drive. Being a very mobile organisation with staff moving rooms and therefore computers all day it was not a possibility to use the supplied sync tool as we did not want local copies of everyone's data spread around across multiple local machines. Not too mention the fact the hard drives on the machines wouldn't have the capacity either! Our users are used to using mapped network drives so we sought a solution involving minimal end user input.

This article goes through the steps required to map a users network drive using Group Policy and PowerShell scripts. The steps mentioned in this article work for both Windows 7 and Windows 8/8.1.

Firstly for our Windows 7 machines there is a Windows Update that is required for this to work. You need to download the hotfix and make sure it is deployed to all of your Win 7 machines. We used Configuration Manager for this. The hotfix article title refers to Internet Explorer 10 but we also found that it was required for Internet Explorer 11. In our testing Windows 8/8.1 worked without the need for any updates. 

Our next step is to make sure certain settings are present in Internet Explorer using Group Policy. All machines need these settings present for the script to run.

  1. ​We need to add our Office 365 SharePoint MySite to our "Trusted Sites" list. Your URL is in the following format: https://[myO365Domain]-my,sharepoint.com replacing [myO365Domain] with the domain name you have against you Office 365 account. If you have multiple you can navigate to your SharePoint administration site from you main Office 365 Admin page and see the list of sites from there.
  2. In Group Policy Management Editor navigate to the following policy: User Configuration>Administrative Templates>Windows Components>Internet Explorer>Internet Control Panel>Security Page. The policy we need to edit is called "Site to zone Assignment List"
  3. Double click to edit the policy and enable it using the radio button. Open the zone assignments list by clicking "Show" then add your O365 MySite URL (including "https://") and type 2 for the value. The value column defines what zone the URL will be in, Intranet (1), Trusted Sites (2), Internet (3) or Restricted (4).
  4. Now that we have added the site to our Trusted sites zone we need to disable "Protected Mode" for the Internet zone. Disabling the protected mode allows the powershell script (which will be running in the Internet Zone) to control Internet Explorer even thought the site we are trying to control (the O365 MySite) is in the Trusted Zone (phew!).
  5. This can be done with another setting in the group policy. From the same location as before in Group Policy Management Editor (User Configuration>Administrative Templates>Windows Components>Internet Explorer>Internet Control Panel>Security Page) double click on "Internet Zone". The policy we are after is "Turn on Protected Mode". This one always confuses me - you have to enable the policy but then choose "Disable" in the drop down box to actually disable the setting.
  6. The next problem arises because disabling this setting causes a horrible yellow banner at the bottom of Internet Explorer informing the user that Protected Mode has been turned off and would they like to turn it back on? To disable this warning message (and only this warning message) we need to update a registry setting.
  7. For one final time in Group Policy Management Editor navigate to: User Configuration>Preferences>Windows Settings> Registry and create an entry with the settings as illustrated below.

​Now that the Group Policy is configured lets take a look at the script. The script neatly gets around the issue of having to obtain a token from the SharePoint site to allow access. Without it users would have to manually navigate to their OneDrive at every logon.

The script runs at logon and does the following:

  1. Logs out the current user from Office 365
  2. Logs the user back in again and ticks the "Keep me Signed in" box (very important!).
  3. Maps the network drive​

The script we use is a cannibalised version of the excellent script provided here. For us this script was overkill, and in some key areas didn't quite work (I suspect these are changes to the O365 infrastructure rather than the script itself). When a user is granted the SharePoint Online plan in O365 the user has to go through an introduction of sorts before their OneDrive is usable, we added a section to the script that would "tick the box" for this first time access. Our modified script is below but all credit must go to the initial creators over at Codeplex.

If you have any questions or comments please use the comments section below. I hope you found this useful!

About the author

Lee Sands

IT Evangelist and generalist for over 10 years spanning everything from virtualisation to Enterprise Lync farm deployment. Currently an IT Manager in the education sector. Co-Founder of ManMadeClub, a blog for post modern family men. I'm into anything and everything but particularly video games, tech and food.