The following article details how Cloud Drive Mapper can be deployed to multiple machines across an organisation.


Please note that the following information describes just two methods of deploying Cloud Drive Mapper to multiple machines. It can be deployed in many different ways, depending on the environment. We have listed the methods below to help you co-ordinate the best approach to suit your environment. Cloud Drive Mapper is also compatible with VDI environments, we have a separate guide for this here.



Download & Preparation 

  1. Download Cloud Drive Mapper from the IAM Cloud Resource Centre.
  2. If you are deploying Cloud Drive Mapper from a shared location the following share and security permissions must be enabled.
  3. Within the shared location, go to Properties>Security and apply Authenticated Users as per example


Once Authenticated Users have been allocated the correct privileges to view the shared location the Authenticated Users also need to have access to the particular location. To do this go to the shared location and select > Properties > Sharing > Advanced Sharing > Permissions.





Please ensure that you give authenticated users Read access to the shared location.


1. Deployment via a Group Policy


To use Group Policy to manage the Deployment of Cloud Drive Mapper a policy and distribution method needs to be created. In the following example ‘CDM F1’ is defined as the policy and the distribution method is a security group named ‘CDM.' Users/Computers within this group will have the policy assigned to them which contains the MSI installation as shown below.




To install Cloud Drive Mapper, apply the MSI to the following policy path:

Computer Configuration > Policies > Software Settings > Software Installation

(Below Is an example policy)



Once this policy has been completed ensure that user account control has been disabled for this particular policy.


Disabling user account control for a policy


Select Your Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Local Polices > Security Option

The following policies need to be disabled to ensure there are no conflicts during the installation process:

  1. User Account Control: Detect Application Installations and prompt for elevation
  2. User Account Control: only elevate UIAccess applications that are installed in secure locations
  3. User Account Control: Run all administrators in Admin Approval Mode.




Once all the steps above have been applied your policy is ready for execution. You may want to adjust the permissions/roll out method to suit your environment. 


2. Installation Via MSIEXEC


Details on deployment via msiexec can be found here.


3. License Key Deployment

 

CDM allows for a client to have multiple different groups, eg:- IT Dept / Admin / Management / Staff. The current generation of Cloud Drive Mapper uses different license keys for each of these groups in order to pull their mappings down from the admin portal to the client-side application.


Each license key corresponds to a different configuration of drive settings that you set-up in the IAM Cloud Portal. However, it is not always necessary to split groups of users, and 1 license key may be sufficient to meet the needs of a variety of teams. Please see the following example to illustrate:
 

You have 2 teams - an HR team and a Finance team...

You want your HR team to have:
O:\ mapped to each user's OneDrive for Business storage
H:\ mapped to the HR SharePoint library, e.g. yourorg.sharepoint.com/hr

You want your Finance team to have:
O:\ mapped to each user's OneDrive for Business storage
F:\ mapped to the Finance SharePoint library, e.g. yourorg.sharepoint.com/finance

In this scenario you can actually just use a single group, with a single license key, as follows:

O:\ mapped to each user's OneDrive for Business storage
F:\ mapped to the Finance SharePoint library, e.g. yourorg.sharepoint.com/finance
H:\ mapped to the HR SharePoint library, e.g. yourorg.sharepoint.com/hr

In this scenario, provided that your SharePoint permissions are correctly set for your users - with Finance employees having access to Finance library (and not the HR library), and HR employees having access to the HR library (and not the Finance) - you will achieve your goal, and your users will only see the drives relevant to them. What's even better about this solution is that is also handles cases where a user may have been in two groups, e.g. whereby an employee in your Payroll team worked across HR and Finance and needs access to both libraries.

So this solution is easier than creating 2 separate groups and deploying 2 different license keys, and it better caters for edge-cases where users transcend groups too.

But there are also scenarios where the best solution might be to create multiple groups of drive settings. We advise trying to be a minimal as possible initially, as it reduces the overhead of managing lots of license keys and group policies, but ultimately it's down to each customer to decide which approach is right for them.


In some organisations users have roaming profiles and hot-desk to different computers daily. And for this reason we strongly recommend “pushing” out the groups licence key as a registry update against HKCU, thus when a user moves to a different computer then their mappings will always follow them. A good reason for this is that a computer may be shared by persons from different groups which may have different mappings, thus having these set against the computer makes no sense in this scenario. An exception to the above is small office type environments where all staff members are often in a single group with only a single licence and thus having the licence within HKLM is acceptable.


To deploy the license key by GPO see example below :


Action :             Update

Hive :                HKEY_CURRENT_USER

Key Path:         software\IAM Cloud\CloudDriveMapper

Valuename:      LicenceKey

Value Type :     REG_SZ

Value Data :     LIC KEY


To add manually on a machine with a CDM prompt, the below parameters can be used, these could also be added to a script if needed.


REG ADD "HKCU\SOFTWARE\IAM Cloud\CloudDriveMapper" /f /v LicenceKey /t REG_SZ /d insertyourlicensekeyfromtheportal



4. Deployment via Microsoft Endpoint Manager / Intune


Information on deploying the MSI via Microsoft Endpoint Manager / Intune  can be found at Deploying Cloud Drive Mapper via MS Endpoint Manager (formerly Intune)


Additional Registry Settings for Deployments


Please refer to the article Cloud Drive Mapper - Registry Settings


If you need any assistance please do not hesitate to contact support@iamcloud.com