Overview

Google Drive File Stream (Drive FS) is a utility that allows users to access their Google Workspace Drive data like a local drive on their Windows desktop. The default behavior provided by Drive FS is to map the user's Google Drive data to a system-wide network drive on their Windows Desktop. In a multi-session environment such as Remote Desktop Services, this creates an issue where multiple users can see each others' drive folders, although the contents of the drives are inaccessible.

To resolve this, the Drive FS data must be mapped to a unique directory for each user and, optionally a user-level drive mapping must be configured to present the mapped H: drive (or any other drive letter) only to a specific user. This article will describe using a custom group policy object to achieve this configuration.

NOTE: This article is provided for informational purposes only. Although every effort has been made to ensure accurate data, itopia does not provide any support for the configuration described below.

Configuration

To use this functionality, the following configuration will be used:

  • Drive File Stream must be installed on each Session Host in the Collection (or Collections) that users will access. This can be achieved by creating a custom image with Drive File Stream installed, or by using a third-party package management solution to install Drive Stream after Session Hosts are created.

  • A group policy object to set several registry keys to enforce Drive FS behavior, create a target folder in each user's profile for Drive FS, and running a logon script to create a user-level drive mapping

Installing Drive File Stream

Follow the instructions provided by Google for deploying Drive File Stream on your Session Hosts. You may pre-install the application on a custom OS image that you then deploy to your Collection Pools, or you may use a third-party management application to install the application on each Session Host after they are created.

Configuring the Group Policy Object

With Drive FS installed on each Session Host in a Collection Pool, you can then create a custom group policy object (GPO) and link it to the specific organizational unit (OU) for the Collection Pool.

The OU for a Collection will be located in a path that is similar to the following:

OU=[Collection Pool Name],OU=USS Servers,OU=[CAS Deployment ID and Name],DC=contoso,DC=com

The settings defined by the GPO will be the following:

Computer Configuration > Preferences > Windows Settings > Registry

Action

Path

Value Type

Value

Update

HKLM\Software\Policies\Google\DriveFS\DefaultMountPoint

REG_SZ (String)

%<USERPROFILE>%\DriveFS

Update

HKLM\Software\Policies\Google\DriveFS\AutoStartOnLogin

DWORD

1

NOTE: When configuring registry keys using Group Policy Preferences, it is important to "escape" system variables such as %USERPROFILE% using angle brackets (<>). Without the brackets, the variable will be expanded in the context of the SYSTEM account before it is written to the registry, and this will result in an incorrect value. If you were entering these registry values directly on a Session Host (using Registry Editor, for example), you would not include the angle brackets; in that case, the value for the DefaultMountPoint entry would be %USERPROFILE%\DriveFS rather than %<USERPROFILE>%\DriveFS.

NOTE: If you don't wish to use a network drive letter, you can set the DefaultMountPoint value to any folder in the user's profile, such as %<USERPROFILE>%\Desktop or %<USERPROFILE>%\Documents. In that scenario, the remaining steps for creating the mapped drive are not required.

For a full list of available registry settings for Drive FS, please refer to https://support.google.com/a/answer/7644837.

User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff)

New PowerShell Logon Script (see script contents in the Configuration Process section of this article).

Configuration Process

1. On a domain controller or bastion server (i.e. a server that has the Active Directory Remote Server Administration Tools (RSAT) installed), launch the Group Policy Management console.

2. In the console, expand the path to your domain's GPOs: Forest > Domains > [your domain] > Group Policy Objects. Right-click the Group Policy Objects object and select New.

3. Give the new GPO a descriptive name such as Google Drive FS Settings. Right-click the newly-created GPO and select Edit.

4. In the editor window, navigate to Computer Configuration > Preferences > Windows Settings > Registry. Right-click the blank area and select New > Registry Item.

5. Configure the new item with the settings below and click Save:
* Action: Update
* Hive: HKEY_LOCAL_MACHINE
* Key Path: Software\Policies\Google\DriveFS
* Value Name: DefaultMountPoint
* Value Type: REG_SZ
* Value Data: %<USERPROFILE>%\DriveFS

6. Repeat steps 4 and 5 to create a new Registry item with the following settings:
* Action: Update
* Hive: HKEY_LOCAL_MACHINE
* Key Path: Software\Policies\Google\DriveFS
* Value Name: AutoStartOnLogin
* Value Type: DWORD
* Value Data: 1

7. In the editor window, navigate to User Configuration > Policies > Windows Settings > Scripts (Logon / Logoff). Double-click on the Logon item to open it for editing.

8. In the Logon Properties window, click on the PowerShell Scripts tab. Click Show Files... to open a new Explorer window in the GPO's scripts folder. Leave the Explorer window open and proceed to the next step; you will need to copy the folder address for a later step.

9. Launch an instance of Notepad with elevated privileges. Click the Start button and type notepad; right-click on the Notepad shortcut that appears and select Run as administrator.

10. In Notepad, paste the following code snippet:

$TargetDrive = "H"

Try {
If ( -not (Test-Path "$env:UserProfile\DriveFS") ) {
New-Item -Type Directory -Path "$env:UserProfile\DriveFS"
}
subst.exe "$TargetDrive`:" "$env:UserProfile\DriveFS"
} Catch {
"Failed to configure DriveFS virtual folder mapping. The specific error is: $_"
}

NOTE: In the snippet above, you may change the $TargetDrive variable on line 1 to a different drive letter. Also note that the script does not output any status or logs by default.

11. Click File > Save

12. Return to the Explorer window that opened in step 8. Right-click the address bar and select Copy address as text

13. Return to the Save As window for Notepad. In the address bar, paste the address you copied in step 12 and type Enter. The window should navigate to an empty folder.

14. Change the Save as type setting to All files (*.*) and specify the File name as "Set-DriveFSMapping.ps1" (including the quotation marks)

15. Return to the Logon Properties window of the GPO and click Add...

16. In the Add a Script window, click Browse and select the new file Set-DriveFSMapping.ps1

17. In the Add a Script window, click OK to save the changes. In the Logon Properties window, click OK to save the changes.

18. Close the editor window for the GPO. The GPO is now configured and can be linked to one or more OUs for your Collection Pools.

19. To link the GPO to an OU, return to the Group Policy Management console. Navigate to the OU for the Collection Pool (under Forest > Domains > [your domain]), right-click on the OU, and select Link an Existing GPO...

20. Select the GPO name you specified in step 3.

21. Allow 15-30 minutes for the GPO to be applied to your Session Hosts; this process may take longer if your CAS deployment has multiple regions.

Considerations

The process listed above is provided as a courtesy and may be subject to change; refer to official documentation for Google Drive File Stream for the latest information on configuring Drive FS for different use-cases.

Did this answer your question?