The following article details how Cloud Drive Mapper can be deployed to multiple machines across an organisation.

Please note that the following information describes just two methods of deploying Cloud Drive Mapper to multiple machines. It can be deployed in many different ways, depending on the environment. We have listed the methods below to help you co-ordinate the best approach to suit your environment. 

  1. Deployment via a Group Policy

  2. Installation Via MSIEXEC

  3. Citrix Deployment

  4. RDS Deployment

  5. License Key Deployment

Download & Preparation 

  1. Download Cloud Drive Mapper from the IAM Cloud Resource Centre.
  2. Identify whether you are using IAM Cloud Authentication services (Single Sign On) or Cloud Drive Mapper ONLY. 
  3. If you are Using  Cloud Drive Mapper Only you will have been supplied with a LicenceKey. 
  4. If you are using the IAM Cloud full service you can disregard the licence as this will be automatically detected on authentication.
  5. If you are deploying Cloud Drive Mapper from a shared location the following share and security permissions must be enabled.
  6. Within the shared location, go to Properties>Security and apply Authenticated Users as per example

Once Authenticated Users have been allocated the correct privileges to view the shared location the Authenticated Users also need to have access to the particular location. To do this go to the shared location and select > Properties > Sharing > Advanced Sharing > Permissions.

Please ensure that you give authenticated users Read access to the shared location.

1. Deployment via a Group Policy

To use Group Policy to manage the Deployment of Cloud Drive Mapper a policy and distribution method needs to be created. In the following example ‘CDM F1’ is defined as the policy and the distribution method is a security group named ‘CDM.' Users/Computers within this group will have the policy assigned to them which contains the MSI installation as shown below.

To install Cloud Drive Mapper, apply the MSI to the following policy path:

Computer Configuration > Policies > Software Settings > Software Installation

(Below Is an example policy)

Once this policy has been completed ensure that user account control has been disabled for this particular policy.

Disabling user account control for a policy

Select Your Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Local Polices > Security Option

The following policies need to be disabled to ensure there are no conflicts during the installation process:

  1. User Account Control: Detect Application Installations and prompt for elevation
  2. User Account Control: only elevate UIAccess applications that are installed in secure locations
  3. User Account Control: Run all administrators in Admin Approval Mode.

Once all the steps above have been applied your policy is ready for execution. You may want to adjust the permissions/roll out method to suit your environment. 

2. Installation Via MSIEXEC

If you roll out preference is via a .Bat Script then push out in the way you would normally but run in quiet mode. Below is an example of a working script.

 :: Stops CDM if already running

tasklist /nh /fi "imagename eq cloud drive mapper.exe" | find /i "cloud drive mapper.exe" >nul && taskkill /im "cloud drive mapper.exe" /f 

:: Adjust the timer below to suit your needs 

timeout /t 10 /nobreak 

:: Uninstall the previous ver if needed 

msiexec /x "C:\Users\admin\Desktop\CDM 1.3\SetupCDM_1.3.msi" /qn 

:: Adjust the timer below to suit your needs 

timeout /t 10 /nobreak 

:: Install the latest ver adjusting the language to EN-GB / EN-US to suit your needs 

msiexec /i "C:\Users\admin\Desktop\CDM 1.4\CDMBuild\Installer_x64\SetupCDM_1.4.msi" /qb LANGUAGE=EN-GB RUN=TRUE 

:: NEXT LINE NOT REQUIRED IF ALREADY PUSHING LIC KEY BY GPO ( Highly recommended in domain environments further exlained below ) 

::REG ADD "HKCU\Software\IAM Cloud\CloudDriveMapper" /v "LicenceKey" /t "REG_SZ" /d "YOUR-LIC-KEY-HERE" /f 

Start "" "c:\program files\IAM Cloud\Cloud Drive Mapper\Cloud Drive Mapper.exe"  

Exit 0 

3. Citrix Deployment

Cloud Drive Mapper also fully supports:

  • XenApp
  • XenDesktop
  • VMWare Horizon
  • MS RDS 

For non-persistent Citrix XenDesktop or XenApp with RES Workspace Manager (RES-WM) please follow the steps below:

Step 1: Install Cloud Drive Mapper in the Golden Image.

a. Change startup type of wuauserv to automatic ( if it’s not running)

b. Install Windows6.1-KB2846960-x64.msu (If this affects you receive an error when opening a SharePoint Document Library in Windows Explorer or map a network drive to the library after you install Internet Explorer 10 in Windows 7 or Windows Server 2008 R2 )

c. Install Cloud Drive Mapper x64 edition from IAM Cloud Resource Centre.

d. Delete CloudDriveMapper key under HKEY_Local_Machine\Software\Microsoft\Windows\Currentversion\Run\

Step 2: Configure in RES Workspace Manager with the correct license-key for a specific user group

a. Browse to Composition >Actions By Type> Execute Command

b. Create New Command

    Edit the Command Line: %script%.

    Check the checkbox for Run Hidden

    Edit Run Task; At logon after other actions

c Go to Tab Script and copy & paste this with file extension “cmd”

REG ADD "HKCU\SOFTWARE\IAM Cloud\CloudDriveMapper" /f /v LicenceKey /t REG_SZ /d yourlicensekeyfromtheportal

start "" "c:\Program Files\IAM Cloud\Cloud Drive Mapper\Cloud Drive Mapper.exe"

d. Go to Tab Access Control and assign the user group from the AD.

If you don’t have the Citrix tools mentioned above, then the same can be achieved via MS Deployment tools and GPO.

4. RDS Deployment

It is important that when you are running in an RDS you do not use the registry to control if the application runs on startup. Firstly, these keys are only invoked when the explorer.exe process runs (which it does not on RemoteApp.) This also means if you allow multiple sessions per user it can cause conflicts.

To ensure this is not the case, during install select RDS as the environment or make sure the CloudDriveMapper key is removed from:


To allow Cloud Drive Mapper to work with multiple instances you need to add the following key:


REG ADD "HKLM\Software\IAM Cloud\CloudDriveMapper" /v "MultipleInstanceOveride" /t "REG_SZ" /d "true " /f

This will allow each instance (even multiple user sessions) to be permitted

5. License Key Deployment


CDM allows for a client to have multiple different groups, eg:- IT Dept / Admin / Management / Staff. The current generation of Cloud Drive Mapper uses different license keys for each of these groups in order to pull their mappings down from the admin portal to the client-side application.

Each license key corresponds to a different configuration of drive settings that you set-up in the IAM Cloud Portal. However, it is not always necessary to split groups of users, and 1 license key may be sufficient to meet the needs of a variety of teams. Please see the following example to illustrate:

You have 2 teams - an HR team and a Finance team...

You want your HR team to have:
O:\ mapped to each user's OneDrive for Business storage
H:\ mapped to the HR SharePoint library, e.g.

You want your Finance team to have:
O:\ mapped to each user's OneDrive for Business storage
F:\ mapped to the Finance SharePoint library, e.g.

In this scenario you can actually just use a single group, with a single license key, as follows:

O:\ mapped to each user's OneDrive for Business storage
F:\ mapped to the Finance SharePoint library, e.g.
H:\ mapped to the HR SharePoint library, e.g.

In this scenario, provided that your SharePoint permissions are correctly set for your users - with Finance employees having access to Finance library (and not the HR library), and HR employees having access to the HR library (and not the Finance) - you will achieve your goal, and your users will only see the drives relevant to them. What's even better about this solution is that is also handles cases where a user may have been in two groups, e.g. whereby an employee in your Payroll team worked across HR and Finance and needs access to both libraries. 

So this solution is easier than creating 2 separate groups and deploying 2 different license keys, and it better caters for edge-cases where users transcend groups too. 

But there are also scenarios where the best solution might be to create multiple groups of drive settings. We advise trying to be a minimal as possible initially, as it reduces the overhead of managing lots of license keys and group policies, but ultimately it's down to each customer to decide which approach is right for them.

In some organisations users have roaming profiles and hot-desk to different computers daily. And for this reason we strongly recommend “pushing” out the groups licence key as a registry update against HKCU, thus when a user moves to a different computer then their mappings will always follow them. A good reason for this is that a computer may be shared by persons from different groups which may have different mappings, thus having these set against the computer makes no sense in this scenario. An exception to the above is small office type environments where all staff members are often in a single group with only a single licence and thus having the licence within HKLM is acceptable.

To deploy the license key by GPO see example below :

Action :             Update

Hive :                HKEY_CURRENT_USER

Key Path:         software\IAM Cloud\CloudDriveMapper

Valuename:      LicenceKey

Value Type :     REG_SZ

Value Data :     LIC KEY

REG ADD "HKCU\SOFTWARE\IAM Cloud\CloudDriveMapper" /f /v LicenceKey /t REG_SZ /d insertyourlicensekeyfromtheportal

Additional Registry Settings that may be useful

ADAttribute = mail / UserPrincipalNameUsed in cases where the user logon isn’t the same as the O365 UPN which CDM uses to auth
( Used in conjunction with CredentialCacheOverride = true )
CredentialCacheOverride = true( Used in conjunction with ADAtrribute )
Domainoverride = emaildomain.comUsed when the O365 email domain is different to what the user logs in with. Also allows user to enter only the pre-fix (mail alias) and will auto append the value of the key.
DisableSSO = trueIf set to true (V2.1.8.3 onwards) will NOT store creds in cred manager or pwd file. Stops CDM from trying to auth via SSO when ADFS is present but SSO has been disabled.
Verbose = trueUsed for event logging diagnosis.
MultipleInstanceOverride = trueUsed to allow multiple instances of CDM app to run, used primarily on RDP servers
V1.7.2.0 onwards
Please note though:
If you are wanting to automatically sign into the default AD Authority, you must run the following powershell: (get-adfsproperties).Identifier.OriginalString 
and configure the AdfsHRD key in the registry to that If you would like to use a different Claim Provider that is not the default AD Authority then you must use the identifier for that claim provider.
WriteLogToEventLog = false
V1.7.2.0 onwards
True by default. Setting as false stops CDM from producing large numbers of event logs.
WriteLogToFile = path
V1.6.2.0 onwards
Writes to a txt log file, path should be written something like :-  C:\temp\cdmlogs\cdmlog.txt  ( path to be a location CDM can write logfiles to ) Good when used in conjunction with verbose = true
UseO365AppPassword = true
V1.7.2.0 onwards
( Retired v2.2.3.18 onwards )
HKLM / HKCU - Used for MFA app password when there is also ADFS detected ( client side have their own ADFS ). Setting this key allows the application to “bypass” adfs and directly auth with O365 via the use of an app password.
UseADAL = true
( Retired v2.2.3.18 onwards )
Can be used in either HKCU or HKLM
Allows client to choose ADAL, required for alternative IDP / MFA / AAD
Although can still read the username from cred manager it will NOT use the pwd stored.
UserNameStoreLocation = %path%
( Retired v2.2.3.18 onwards )
Used to specify the location of the username file, this key is only use if the password store location exists, by default if this key does not exist but passwordstore does, it will use the same path as the passwordstore and append #2 to the end
PasswordStoreLocation = %appdata%\OneDriveMapper.tmp
( Retired v2.2.3.18 onwards )
Used where a user has a roaming profile and there is no SSO and credential manager isn’t an option, this creates a secure file within appdata for credential storage.

If you need any assistance  please do not hesitate to contact the IAM Cloud support team at: