nigelbeatson
asked on
wwindows 2003 server login scripts
We have been installing windows 2003 server using basic login scripts. ie net use etc for drive mappings.
However, we now need a little more in terms of what these will do.
I need to be able to query a "group" so that if, for example, a domain user was a memeber
of the "accounts" group THEN net use etc. etc.
I have loads of manuals which cover this, but dont give any information other than basic
commands. Are there any documents around which details the syntax of login script commands?
Does anyone have any login script examples using available login script commands, as I have spent
quite some time trawling the net, and cannot find much at all! Is this some kind of dark secret?
However, we now need a little more in terms of what these will do.
I need to be able to query a "group" so that if, for example, a domain user was a memeber
of the "accounts" group THEN net use etc. etc.
I have loads of manuals which cover this, but dont give any information other than basic
commands. Are there any documents around which details the syntax of login script commands?
Does anyone have any login script examples using available login script commands, as I have spent
quite some time trawling the net, and cannot find much at all! Is this some kind of dark secret?
If you simply want a condition based on the user's group membership, you can use the ifmember option, available from the Windows Resource Kits. See:
http://www.ss64.com/nt/ifmember.html
That site has lots detailed syntax for many of the script commands as well as ones you can add from the resource kits. Some of the add-on commands are only available as part of the NT resource kit, but you can download and use with newer operating systems.
http://www.ss64.com/nt
http://www.ss64.com/nt/ifmember.html
That site has lots detailed syntax for many of the script commands as well as ones you can add from the resource kits. Some of the add-on commands are only available as part of the NT resource kit, but you can download and use with newer operating systems.
http://www.ss64.com/nt
This example may help,
Example of VBScript - Mapping a network drive based on the group Example of batch file - make a network drive The logon script maps only some network drives ...
http://www.chicagotech.net/logonscript.htm
Example of VBScript - Mapping a network drive based on the group Example of batch file - make a network drive The logon script maps only some network drives ...
http://www.chicagotech.net/logonscript.htm
ASKER
I must be missing something here!
I have implemented several of the suggestions, and example of which is as follows :-
If ISMemeber("Accounts") Then
MapDrive "G:", "\\smartServ\shared"
End If
"Accounts" is a group with several memebers, defined within active directory.
"Shared" is folder which is currently available to everyone, full rights have been given.
Each time we get an error message, in the above instance "Then was unexpected at this time".
I am sure that what I am trying to do, is extremely simple, ie check that a user exisists in a group and if they do, map a drive,
if they do not, ignore and move on to next instruction.
We have an out of the box server, so what language will it understand. People keep mentioning Visual Basic, but this seems
rather complex for what we are trying to do. Does Windows Server 2003 and SBS 2003 understand VB script without any additional
software being installed.
Its driving me mad, so if anyone can help........
I have implemented several of the suggestions, and example of which is as follows :-
If ISMemeber("Accounts") Then
MapDrive "G:", "\\smartServ\shared"
End If
"Accounts" is a group with several memebers, defined within active directory.
"Shared" is folder which is currently available to everyone, full rights have been given.
Each time we get an error message, in the above instance "Then was unexpected at this time".
I am sure that what I am trying to do, is extremely simple, ie check that a user exisists in a group and if they do, map a drive,
if they do not, ignore and move on to next instruction.
We have an out of the box server, so what language will it understand. People keep mentioning Visual Basic, but this seems
rather complex for what we are trying to do. Does Windows Server 2003 and SBS 2003 understand VB script without any additional
software being installed.
Its driving me mad, so if anyone can help........
Hey,
Could you post the full code you're using?
I suspect it's because of how you're using IsMember. If it's the one I wrote then "IsMember" on it's one doesn't mean very much, you would need to do:
If IsMember("Accounts") = True Then
MapDrive "G:", "\\smartServ\shared"
End If
To simplify matters here is some working code (I've used a bigger IsMember function as I have no idea of the size of your environment, this one works for my forest):
Option Explicit
' Functions
Function IsMember(strGroup)
Dim strGroupDN
Dim objADSystemInfo, objUser, objGroup
Dim booIsMember
On Error Resume Next
Set objADSystemInfo = CreateObject("ADSystemInfo
Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)
booIsMember = False
For Each strGroupDN In objUser.GetEx("memberOf")
Err.Clear
Set objGroup = GetObject("LDAP://" & strGroupDN)
If Err.Number = 0 Then
If LCase(objGroup.Get("name")
booIsMember = True : Exit For
End If
End If
Set objGroup = Nothing
Next
On Error Goto 0
Set objUser = Nothing
Set objADSystemInfo = Nothing
IsMember = booIsMember
End Function
Sub MapDrive(strDrive, strShare)
Dim objFileSystem, objDrive
Set objFileSystem = CreateObject("Scripting.Fi
If objFileSystem.DriveExists(
Set objDrive = objFileSystem.GetDrive(str
If objDrive.DriveType <> 3 Then
Exit Sub ' Fixed Drive
End If
End If
On Error Resume Next
objNetwork.RemoveNetworkDr
objNetwork.MapNetworkDrive
On Error Goto 0
End Sub
'
' Main Code
'
If IsMember("Accounts") Then
MapDrive "G:", "\\smartServ\shared"
End If
lol then I go and write the same thing... sorry... the last lines should read:
If IsMember("Accounts") = True Then
MapDrive "G:", "\\smartServ\shared"
End If
Sorry about that.
Chris
Option Explicit
'On Error Resume Next ' In case some error occurs
' define some variables we are going to use
Dim WSHNetwork
Dim WSHShell
Dim GroupDict
Dim oShell, oNet, oWshNetwork, oGroupDict
' setup some objects that we'll be using
Set WSHNetwork = WScript.CreateObject("WScr ipt.Networ k")
Set WSHShell = WScript.CreateObject("WScr ipt.Shell" )
Set oShell = CreateObject("Wscript.Shel l")
Set oNet = WScript.CreateObject("Wscr ipt.Networ k")
' --- Ismember -------------------------- ---------- ---------- ----------
' This function tests to see if the user is a member of a group
' -------------------------- ---------- ---------- ---------- ---------- ------
Dim sAdsPath, oUser, oGroup
Function IsMember(sGroup)
Set oGroupDict = Nothing
Set oGroupDict = CreateObject("Scripting.Di ctionary")
oGroupDict.CompareMode = vbTextCompare
' -------------------------- ---------- ---------- ---------- ---------- ---------- ------
' If you are using AD, you could use the LDAP command here
' otherwise use the WinNT command, it works fine even with AD.
' -------------------------- ---------- ---------- ---------- ---------- ---------- ------
sAdsPath = oNet.UserDomain & "/" & oNet.UserName
Set oUser = GetObject("WinNT://" & sAdsPath & ",user")
For Each oGroup In oUser.Groups
oGroupDict.Add oGroup.Name, "-"
Next
Set oUser = Nothing
IsMember = CBool(oGroupDict.Exists(sG roup))
End Function
' --- MapDrive -------------------------- ---------- ---------- -------
' This function Maps the drive to a shared folder
' -------------------------- ---------- ---------- ---------- ---------- --
Sub MapDrive(strDrive,strShare )
'On Error Resume Next
' Attempt to map the drive
WSHNetwork.MapNetworkDrive strDrive, strShare
' This will remap the drive if the drive is already mapped
If Err.Number Then
WSHNetwork.RemoveNetworkDr ive strDrive
WSHNetwork.MapNetworkDrive strDrive, strShare
End If
End Sub
'ISMemeber probably the error !!!!!!!!!!!!!!!!!!!!!
If ISMember("Accounts") Then
MapDrive "G:", "\\smartServ\shared"
End If
gas
'On Error Resume Next ' In case some error occurs
' define some variables we are going to use
Dim WSHNetwork
Dim WSHShell
Dim GroupDict
Dim oShell, oNet, oWshNetwork, oGroupDict
' setup some objects that we'll be using
Set WSHNetwork = WScript.CreateObject("WScr
Set WSHShell = WScript.CreateObject("WScr
Set oShell = CreateObject("Wscript.Shel
Set oNet = WScript.CreateObject("Wscr
' --- Ismember --------------------------
' This function tests to see if the user is a member of a group
' --------------------------
Dim sAdsPath, oUser, oGroup
Function IsMember(sGroup)
Set oGroupDict = Nothing
Set oGroupDict = CreateObject("Scripting.Di
oGroupDict.CompareMode = vbTextCompare
' --------------------------
' If you are using AD, you could use the LDAP command here
' otherwise use the WinNT command, it works fine even with AD.
' --------------------------
sAdsPath = oNet.UserDomain & "/" & oNet.UserName
Set oUser = GetObject("WinNT://" & sAdsPath & ",user")
For Each oGroup In oUser.Groups
oGroupDict.Add oGroup.Name, "-"
Next
Set oUser = Nothing
IsMember = CBool(oGroupDict.Exists(sG
End Function
' --- MapDrive --------------------------
' This function Maps the drive to a shared folder
' --------------------------
Sub MapDrive(strDrive,strShare
'On Error Resume Next
' Attempt to map the drive
WSHNetwork.MapNetworkDrive
' This will remap the drive if the drive is already mapped
If Err.Number Then
WSHNetwork.RemoveNetworkDr
WSHNetwork.MapNetworkDrive
End If
End Sub
'ISMemeber probably the error !!!!!!!!!!!!!!!!!!!!!
If ISMember("Accounts") Then
MapDrive "G:", "\\smartServ\shared"
End If
gas
opps!!
Sorry I forget the refresh ...
gas
Sorry I forget the refresh ...
gas
Technically it should pass through the If Statement anyway as it always assumes a Boolean value when you use it like that. And it always assumes you mean "Not False" when written in that form.
Anyway, try it with:
If IsMember("Accounts") = True Then
...
If you still get errors the could you try the IsMember function I've posted above?
If you're only in a small domain then there are easier ways to test group membership - it's just those methods can get quite messy if you have a number of groups that share bits of each others names.
Chris
ASKER
When trying - ifmember "accounts"
We get "ifmember is not recognised as an internal or external command"
What am I doing wrong!!! Aaaaaaaaaaaaaagh!
We get "ifmember is not recognised as an internal or external command"
What am I doing wrong!!! Aaaaaaaaaaaaaagh!
ASKER
When I implement -
If IsMember("Accounts") = True Then
net use n: \\smartserv\shared /y
We get an error "= was unexpected at this time."
If IsMember("Accounts") = True Then
net use n: \\smartserv\shared /y
We get an error "= was unexpected at this time."
Hold on...
You are saving these as .vbs aren't you?
You cannot use:
If IsMember("Accounts") = True Then
net use ...
Net Use is a DOS command, it can't be used like that within a VbScript, it will cause a fatal error.
Copy this into a file saved as .vbs then run it and let me know if you still get errors:
Option Explicit
' Functions
Function IsMember(strGroup)
Dim strGroupDN
Dim objADSystemInfo, objUser, objGroup
Dim booIsMember
On Error Resume Next
Set objADSystemInfo = CreateObject("ADSystemInfo
Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)
booIsMember = False
For Each strGroupDN In objUser.GetEx("memberOf")
Err.Clear
Set objGroup = GetObject("LDAP://" & strGroupDN)
If Err.Number = 0 Then
If LCase(objGroup.Get("name")
booIsMember = True : Exit For
End If
End If
Set objGroup = Nothing
Next
On Error Goto 0
Set objUser = Nothing
Set objADSystemInfo = Nothing
IsMember = booIsMember
End Function
Sub MapDrive(strDrive, strShare)
Dim objFileSystem, objDrive
Set objFileSystem = CreateObject("Scripting.Fi
If objFileSystem.DriveExists(
Set objDrive = objFileSystem.GetDrive(str
If objDrive.DriveType <> 3 Then
Exit Sub ' Fixed Drive
End If
End If
On Error Resume Next
objNetwork.RemoveNetworkDr
objNetwork.MapNetworkDrive
On Error Goto 0
Set objFileSystem = Nothing
End Sub
'
' Main Code
'
If IsMember("Accounts") = True Then
MapDrive "G:", "\\smartServ\shared"
End If
ASKER
Hi Chris,
No I was running this as a .bat file, ie logon.bat!
I will try what you have suggested, but is there no simple command which I can use
in a normal startup batch file just to check membership of a group, and then map a drive?
It all seems rather complex for such a simple task. Having used Novell previously, that seemed
rather simple.
No I was running this as a .bat file, ie logon.bat!
I will try what you have suggested, but is there no simple command which I can use
in a normal startup batch file just to check membership of a group, and then map a drive?
It all seems rather complex for such a simple task. Having used Novell previously, that seemed
rather simple.
ASKER
I have copied and pasted the exact code from your posting above, and saved it as logon.vbs.
I have run this on both the server and workstation, and whilst it does not generate any errors, it does not seem to do anything either.
ie no mapped drive appears.
Can we implement this vbs file directly from the users profile, as we do with startup.bat, for example, or does it need to be called from the startup.bat file?
I have run this on both the server and workstation, and whilst it does not generate any errors, it does not seem to do anything either.
ie no mapped drive appears.
Can we implement this vbs file directly from the users profile, as we do with startup.bat, for example, or does it need to be called from the startup.bat file?
There isn't a native way to find that information. Robwill posted earlier the only command you can use in a bat file to do it (remember that you still need to download the executable). I've never used that one, but you should be able to do:
IFMEMBER /v /l "MyDomain\Accounts"
IF ERRORLEVEL 1 net use n: \\smartserv\shared /y
That would be the closest to a built in command, and for batch files the simplest.
In VbScript you have to write (or borrow) functions to deal with anything like that. It does have some little bits and pieces for grabbing it to make life simple.
All that said, if VbScript is too annoying for you, and Batch files aren't quite powerful enough then you might consider learning a little Kix scripting, that has, in my opinion, the simplest method for checking this kind of thing:
www.kixtart.org
Chris
You can call the VbScript directly from within the user profile in the Logon Script option (you don't need a seperate batch file).
If the script doesn't map the drive then the user either isn't a member of the group or the share path is invalid - it suppresses errors since I didn't give you all the logging functions for it.
Chris
ASKER
Thank chris,
I think we are gettng somewhere here
I can confirm that the group "accounts", does exist, as I am a member of it, and I can confirm that the share path does exist, as when I enter \\smartserv\shared into a browser, it take me straight to the shared folder. I am also currently using net use n: \\smartserv\shared /y in our current login batch file, and this works OK.
I can only presume therefore that it must be something to do with the group "accounts". Am I correct in thinking that this is just a normal security group defined in AD, with users added?
I think we are gettng somewhere here
I can confirm that the group "accounts", does exist, as I am a member of it, and I can confirm that the share path does exist, as when I enter \\smartserv\shared into a browser, it take me straight to the shared folder. I am also currently using net use n: \\smartserv\shared /y in our current login batch file, and this works OK.
I can only presume therefore that it must be something to do with the group "accounts". Am I correct in thinking that this is just a normal security group defined in AD, with users added?
In that case we should have a bit of logging in so we can figure out why it's not working. It's probably something pretty trivial, and entirely possible I've missed something out of the script.
Anyway, this version of the script creates a Log File in the Temp directory on the PC (defined by the %Temp% environmental variable).
It will log every group that it checks against the group you're looking for and any errors that occur during the drive mapping.
Option Explicit
' Functions
Function IsMember(strGroup)
Dim strGroupDN
Dim objADSystemInfo, objUser, objGroup
Dim booIsMember
On Error Resume Next
Set objADSystemInfo = CreateObject("ADSystemInfo
Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)
booIsMember = False
For Each strGroupDN In objUser.GetEx("memberOf")
Err.Clear
Set objGroup = GetObject("LDAP://" & strGroupDN)
objLogFile.WriteLine "Checking " & strGroup & " against " & objGroup.Get("name")
If Err.Number = 0 Then
If LCase(objGroup.Get("name")
booIsMember = True : Exit For
End If
End If
Set objGroup = Nothing
Next
On Error Goto 0
Set objUser = Nothing
Set objADSystemInfo = Nothing
IsMember = booIsMember
End Function
Sub MapDrive(strDrive, strShare)
Dim objDrive
If objFileSystem.DriveExists(
Set objDrive = objFileSystem.GetDrive(str
If objDrive.DriveType <> 3 Then
objLogFile.WriteLine "Cannot Reassign Drive: Fixed Drive"
Exit Sub ' Fixed Drive
End If
End If
On Error Resume Next
objNetwork.RemoveNetworkDr
Err.Clear
objNetwork.MapNetworkDrive
If Err.Number <> 0 Then
objLogFile.WriteLine "Error Mapping Drive " & strDrive & " to " & strShare
objLogFile.WriteLine Err.Description
End If
On Error Goto 0
End Sub
'
' Main Code
'
Dim objFileSystem, objShell, objLogFile
Dim strTemp
Set objFileSystem = CreateObject("Scripting.Fi
Set objShell = CreateObject("WScript.Shel
strTemp = objShell.ExpandEnvironment
Set objLogFile = objFileSystem.OpenTextFile
If IsMember("Accounts") = True Then
MapDrive "G:", "\\smartServ\shared"
End If
ASKER
Thanks Chris,
What is the log file called, as I currently have thousands of files in the temp directory.
Regards, Nigel.
What is the log file called, as I currently have thousands of files in the temp directory.
Regards, Nigel.
Oops sorry, it's just called logon.log.
Chris
ASKER
I found the logon.log file towards the bottom of your script!
The contents generated, as as follows :-
Checking Accounts against Group Policy Creator Owners
Checking Accounts against Domain Admins
Checking Accounts against Enterprise Admins
Checking Accounts against Schema Admins
Checking Accounts against Administrators
Any suggestions?
The contents generated, as as follows :-
Checking Accounts against Group Policy Creator Owners
Checking Accounts against Domain Admins
Checking Accounts against Enterprise Admins
Checking Accounts against Schema Admins
Checking Accounts against Administrators
Any suggestions?
Accounts isn't the Primary group is it? That's the only one that won't be displayed there due to an oddity of AD. That defaults to Domain Users and is rarely changed from that (as it's completely unnecessary to change it).
Otherwise, you're not running it as the Administrator account or anything are you?
The function above basically goes through every group the account running the script is a member of and will only return true if it finds it (which it isn't doing above).
I guess it's important to note that it doesn't count unless you are directly a member of that group; nested membership will not work with what's above. If you need to deal with nested group membership then it all becomes more complex and it really isn't something I'd recommend for logon scripts.
Chris
ASKER
I have run the script from both the server, logged in as administrator, which produces the logon.log file, and also from the client workstation, logged in as the user which is included in the "accounts" group.
The client workstation produced :-
Checking Accounts against accounts
Error Mapping Drive G: to \\smartServ\shared
Variable is undefined
Any ideas?
The client workstation produced :-
Checking Accounts against accounts
Error Mapping Drive G: to \\smartServ\shared
Variable is undefined
Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thats b****y great!!
Works a treat.
Many thanks Chris, the points are yours!!
Works a treat.
Many thanks Chris, the points are yours!!
Glad I could help out :)
Chris
I hope this helps !