The default scope of a preference item is the users or
computers targeted by the GPO in which the preference item has been
configured. You can modify this default scope by using item-level
targeting, which you can use to create one or more targeting items
for a preference item. These targeting items can be used to
determine whether or not the preference item should be applied based
on various conditions—for example:
-
Whether or not a battery is present in the targeted
computer
-
Whether the name of the targeted computer matches the name
specified in the targeting item
-
Whether an environment variable for the targeted user or
computer has the value specified
The full list of different categories of targeting items is as
follows:
-
Battery Present
-
Computer Name
-
CPU Speed
-
Date Match
-
Disk Space
-
Domain
-
Environment Variable
-
File Match
-
IP Address Range
-
Language
-
LDAP Query
-
MAC Address Range
-
MSI Query
-
Network Connection
-
Operating System
-
Organizational Unit
-
PCMCIA Present
-
Portable Computer
-
Processing Mode
-
RAM
-
Registry Match
-
Security Group
-
Site
-
Terminal Session
-
Time Range
-
User
-
WMI Query
Configuring a preference item
As an example of configuring a preference item, you will
create an item that will map a network drive for a user targeted by
a GPO. To do this, follow this procedure:
-
Open the GPO in the Group Policy Management Editor, and
expand the Windows Settings for the Preferences node under User
Configuration to display the Drive Maps preference extension.
-
Right-click on the Drive Maps preference extension and
select New, and then select Mapped Drive. This opens the New
Drive Properties with the focus on the General tab, which you
will configure as follows:
-
Action Replace.
-
Location UNC path to a
network share.
-
Reconnect This option
is selected to save the mapped drive in the user’s profile
and attempt to restore a connection to it at each subsequent
logon.
-
Label As A descriptive
label for the new mapped drive.
-
Drive Letter Select an
available drive letter for the new mapped drive, or use the
first available drive, starting at the drive letter
specified.
-
Connect As This option
can be used to map the drive using different credentials
from those of the currently logged-on user.
-
Hide/Show This Drive
This option can be used to configure the visibility of the
mapped drive on the client.
-
Hide/Show All Drives
This option can be used to configure the visibility of all
mapped drives on the client.
-
Switch to the Common tab and select Remove This Item When
It Is No Longer Applied so that the mapped drive will be deleted
if the targeted user goes out of scope from the GPO.
After you complete the preceding steps, the new preference
item is displayed in the details pane of the Group Policy Management
Editor when the Drive Maps extension is selected in the context
pane. (See Figure 4.)
As a continuation of the preceding example, let’s now use
item-level targeting to configure the new Drive Maps item so that it
applies only to members of the Sales security group who are targeted
by the GPO:
-
With the Drive Maps preference extension selected in the
console tree of the Group Policy Management Editor, right-click
on the new Drive Map item (S drive) and select
Properties.
-
Switch to the Common tab, and select the Item-Level
Targeting option on this tab.
-
Click the Targeting button to open the Targeting
Editor.
-
Click the New Item menu option, and select Security Group
as the item-level target:
-
In the Group field on the Targeting Editor, select the
Sales security group as shown here:
-
Click OK to finish configuring item-level targeting for
the preference item. As Figure 5 shows, the
information on the Processing tab will be updated to indicate
that the preference item is being filtered using item-level
targeting.
