wwindows 2003 server login scripts

use the ismember function to see if a person belongs to a group.

I hope this helps !

If you simply want a condition based on the user's group membership, you can use the  ifmember option, available from the Windows Resource Kits. See:
http://www.ss64.com/nt/ifmember.html

That site has lots detailed syntax for many of the script commands as well as ones you can add from the resource kits. Some of the add-on commands are only available as part of the NT resource kit, but you can download and use with newer operating systems.
http://www.ss64.com/nt

see

https://www.experts-exchange.com/questions/21079138/mapping-drives-using-vbs.html

for a sample

also

https://www.experts-exchange.com/questions/21169380/Log-on-scripts-Windows-2003-Server.html?

for VB

This example may help,

Example of VBScript - Mapping a network drive based on the group Example of batch file - make a network drive The logon script maps only some network drives ...
http://www.chicagotech.net/logonscript.htm 

I must be missing something here!

I have implemented several of the suggestions, and example of which is as follows :-

If ISMemeber("Accounts") Then
     MapDrive "G:", "\\smartServ\shared"
  End If

"Accounts" is a group with several memebers, defined within active directory.
"Shared" is folder which is currently available to everyone, full rights have been given.

Each time we get an error message, in the above instance "Then was unexpected at this time".

I am sure that what I am trying to do, is extremely simple, ie check that a user exisists in a group and if they do, map a drive,
if they do not, ignore and move on to next instruction.

We have an out of the box server, so what language will it understand. People keep mentioning Visual Basic, but this seems
rather complex for what we are trying to do. Does Windows Server 2003 and SBS 2003 understand VB script without any additional
software being installed.

Its driving me mad, so if anyone can help........

Hey,

Could you post the full code you're using?

I suspect it's because of how you're using IsMember. If it's the one I wrote then "IsMember" on it's one doesn't mean very much, you would need to do:

If IsMember("Accounts") = True Then
    MapDrive "G:", "\\smartServ\shared"
End If


To simplify matters here is some working code (I've used a bigger IsMember function as I have no idea of the size of your environment, this one works for my forest):



Option Explicit

' Functions

Function IsMember(strGroup)
      Dim strGroupDN
      Dim objADSystemInfo, objUser, objGroup
      Dim booIsMember

      On Error Resume Next
      Set objADSystemInfo = CreateObject("ADSystemInfo")
      Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)
      
      booIsMember = False
      For Each strGroupDN In objUser.GetEx("memberOf")
            Err.Clear
            Set objGroup = GetObject("LDAP://" & strGroupDN)
            If Err.Number = 0 Then
                  If LCase(objGroup.Get("name")) = LCase(strGroup) Then
                        booIsMember = True : Exit For
                  End If
            End If
            Set objGroup = Nothing
      Next
      On Error Goto 0
      Set objUser = Nothing
      Set objADSystemInfo = Nothing

      IsMember = booIsMember
End Function

Sub MapDrive(strDrive, strShare)
      Dim objFileSystem, objDrive

      Set objFileSystem = CreateObject("Scripting.FileSystemObject")
      If objFileSystem.DriveExists(strDrive) Then
            Set objDrive = objFileSystem.GetDrive(strDrive)
            If objDrive.DriveType <> 3 Then
                  Exit Sub ' Fixed Drive
            End If
      End If

      On Error Resume Next
      objNetwork.RemoveNetworkDrive strDrive, False, True
      objNetwork.MapNetworkDrive strDrive, strShare, True
      On Error Goto 0
End Sub

'
' Main Code
'

If IsMember("Accounts") Then
      MapDrive "G:", "\\smartServ\shared"
End If

lol then I go and write the same thing... sorry... the last lines should read:

If IsMember("Accounts") = True Then
     MapDrive "G:", "\\smartServ\shared"
End If


Sorry about that.

Chris

Option Explicit
'On Error Resume Next       ' In case some error occurs
' define some variables we are going to use
Dim WSHNetwork
Dim WSHShell
Dim GroupDict
Dim oShell, oNet, oWshNetwork, oGroupDict
' setup some objects that we'll be using
Set WSHNetwork = WScript.CreateObject("WScript.Network")
Set WSHShell = WScript.CreateObject("WScript.Shell")
Set oShell = CreateObject("Wscript.Shell")
Set oNet = WScript.CreateObject("Wscript.Network")

' --- Ismember --------------------------------------------------------
' This function tests to see if the user is a member of a group
' ------------------------------------------------------------------------
   Dim sAdsPath, oUser, oGroup
Function IsMember(sGroup)
      Set oGroupDict = Nothing
      Set oGroupDict = CreateObject("Scripting.Dictionary")
      oGroupDict.CompareMode = vbTextCompare
' ----------------------------------------------------------------------------------
' If you are using AD, you could use the LDAP command here
' otherwise use the WinNT command, it works fine even with AD.
' ----------------------------------------------------------------------------------
      sAdsPath = oNet.UserDomain & "/" & oNet.UserName
      Set oUser = GetObject("WinNT://" & sAdsPath & ",user")
      For Each oGroup In oUser.Groups
            oGroupDict.Add oGroup.Name, "-"
      Next
      Set oUser = Nothing
      IsMember = CBool(oGroupDict.Exists(sGroup))
  End Function
' --- MapDrive -----------------------------------------------------
' This function Maps the drive to a shared folder
' --------------------------------------------------------------------
Sub MapDrive(strDrive,strShare)
   'On Error Resume Next
   ' Attempt to map the drive
   WSHNetwork.MapNetworkDrive strDrive, strShare
   ' This will remap the drive if the drive is already mapped
   If Err.Number Then
      WSHNetwork.RemoveNetworkDrive strDrive
      WSHNetwork.MapNetworkDrive strDrive, strShare
   End If
End Sub

'ISMemeber probably the error !!!!!!!!!!!!!!!!!!!!!
If ISMember("Accounts") Then
     MapDrive "G:", "\\smartServ\shared"
End If

gas

opps!!

Sorry I forget the refresh ...
gas

Technically it should pass through the If Statement anyway as it always assumes a Boolean value when you use it like that. And it always assumes you mean "Not False" when written in that form.

Anyway, try it with:

If IsMember("Accounts") = True Then
...

If you still get errors the could you try the IsMember function I've posted above?

If you're only in a small domain then there are easier ways to test group membership - it's just those methods can get quite messy if you have a number of groups that share bits of each others names.

Chris

When trying - ifmember "accounts"

We get "ifmember is not recognised as an internal or external command"

What am I doing wrong!!! Aaaaaaaaaaaaaagh!

When I implement -

If IsMember("Accounts") = True Then
        net use n: \\smartserv\shared /y

We get an error "= was unexpected at this time."

Hold on...

You are saving these as .vbs aren't you?

You cannot use:

If IsMember("Accounts") = True Then
      net use ...

Net Use is a DOS command, it can't be used like that within a VbScript, it will cause a fatal error.

Copy this into a file saved as .vbs then run it and let me know if you still get errors:


Option Explicit

' Functions

Function IsMember(strGroup)
     Dim strGroupDN
     Dim objADSystemInfo, objUser, objGroup
     Dim booIsMember

     On Error Resume Next
     Set objADSystemInfo = CreateObject("ADSystemInfo")
     Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)
     
     booIsMember = False
     For Each strGroupDN In objUser.GetEx("memberOf")
          Err.Clear
          Set objGroup = GetObject("LDAP://" & strGroupDN)
          If Err.Number = 0 Then
               If LCase(objGroup.Get("name")) = LCase(strGroup) Then
                    booIsMember = True : Exit For
               End If
          End If
          Set objGroup = Nothing
     Next
     On Error Goto 0
     Set objUser = Nothing
     Set objADSystemInfo = Nothing

     IsMember = booIsMember
End Function

Sub MapDrive(strDrive, strShare)
     Dim objFileSystem, objDrive

     Set objFileSystem = CreateObject("Scripting.FileSystemObject")
     If objFileSystem.DriveExists(strDrive) Then
          Set objDrive = objFileSystem.GetDrive(strDrive)
          If objDrive.DriveType <> 3 Then
               Exit Sub ' Fixed Drive
          End If
     End If

     On Error Resume Next
     objNetwork.RemoveNetworkDrive strDrive, False, True
     objNetwork.MapNetworkDrive strDrive, strShare, True
     On Error Goto 0
     Set objFileSystem = Nothing
End Sub

'
' Main Code
'

If IsMember("Accounts") = True Then
     MapDrive "G:", "\\smartServ\shared"
End If

Hi Chris,

No I was running this as a .bat file, ie logon.bat!

I will try what you have suggested, but is there no simple command which I can use
in a normal startup batch file just to check membership of a group, and then map a drive?

It all seems rather complex for such a simple task. Having used Novell previously, that seemed
rather simple.

I have copied and pasted the exact code from your posting above, and saved it as logon.vbs.

I have run this on both the server and workstation, and whilst it does not generate any errors, it does not seem to do anything either.
ie no mapped drive appears.

Can we implement this vbs file directly from the users profile, as we do with startup.bat, for example, or does it need to be called from the startup.bat file?

There isn't a native way to find that information. Robwill posted earlier the only command you can use in a bat file to do it (remember that you still need to download the executable). I've never used that one, but you should be able to do:

IFMEMBER /v /l "MyDomain\Accounts"
IF ERRORLEVEL 1 net use n: \\smartserv\shared /y

That would be the closest to a built in command, and for batch files the simplest.

In VbScript you have to write (or borrow) functions to deal with anything like that. It does have some little bits and pieces for grabbing it to make life simple.

All that said, if VbScript is too annoying for you, and Batch files aren't quite powerful enough then you might consider learning a little Kix scripting, that has, in my opinion, the simplest method for checking this kind of thing:

www.kixtart.org

Chris

You can call the VbScript directly from within the user profile in the Logon Script option (you don't need a seperate batch file).

If the script doesn't map the drive then the user either isn't a member of the group or the share path is invalid - it suppresses errors since I didn't give you all the logging functions for it.

Chris

Thank chris,

I think we are gettng somewhere here

I can confirm that the group "accounts", does exist, as I am a member of it, and I can confirm that the share path does exist, as when I enter \\smartserv\shared into a browser, it take me straight to the shared folder. I am also currently using net use n: \\smartserv\shared /y in our current login batch file, and this works OK.

I can only presume therefore that it must be something to do with the group "accounts". Am I correct in thinking that this is just a normal security group defined in AD, with users added?

In that case we should have a bit of logging in so we can figure out why it's not working. It's probably something pretty trivial, and entirely possible I've missed something out of the script.

Anyway, this version of the script creates a Log File in the Temp directory on the PC (defined by the %Temp% environmental variable).

It will log every group that it checks against the group you're looking for and any errors that occur during the drive mapping.


Option Explicit

' Functions
      
Function IsMember(strGroup)
      Dim strGroupDN
      Dim objADSystemInfo, objUser, objGroup
      Dim booIsMember

      On Error Resume Next
      Set objADSystemInfo = CreateObject("ADSystemInfo")
      Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)
      
      booIsMember = False
      For Each strGroupDN In objUser.GetEx("memberOf")
            Err.Clear
            Set objGroup = GetObject("LDAP://" & strGroupDN)
            objLogFile.WriteLine "Checking " & strGroup & " against " & objGroup.Get("name")
            If Err.Number = 0 Then
                  If LCase(objGroup.Get("name")) = LCase(strGroup) Then
                        booIsMember = True : Exit For
                  End If
            End If
            Set objGroup = Nothing
      Next
      On Error Goto 0
      Set objUser = Nothing
      Set objADSystemInfo = Nothing

      IsMember = booIsMember
End Function

Sub MapDrive(strDrive, strShare)
      Dim objDrive

      If objFileSystem.DriveExists(strDrive) Then
            Set objDrive = objFileSystem.GetDrive(strDrive)
            If objDrive.DriveType <> 3 Then
                  objLogFile.WriteLine "Cannot Reassign Drive: Fixed Drive"
                  Exit Sub ' Fixed Drive
            End If
      End If

      On Error Resume Next
      objNetwork.RemoveNetworkDrive strDrive, False, True
      Err.Clear
      objNetwork.MapNetworkDrive strDrive, strShare, True
      If Err.Number <> 0 Then
            objLogFile.WriteLine "Error Mapping Drive " & strDrive & " to " & strShare
            objLogFile.WriteLine Err.Description
      End If
      On Error Goto 0
End Sub

'
' Main Code
'

Dim objFileSystem, objShell, objLogFile
Dim strTemp

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("WScript.Shell")

strTemp = objShell.ExpandEnvironmentStrings("%TEMP%")
Set objLogFile = objFileSystem.OpenTextFile(strTemp & "\Logon.log", 2, True, 0)

If IsMember("Accounts") = True Then
      MapDrive "G:", "\\smartServ\shared"
End If

Thanks Chris,

What is the log file called, as I currently have thousands of files in the temp directory.

Regards, Nigel.

Oops sorry, it's just called logon.log.

Chris

I found the logon.log file towards the bottom of your script!

The contents generated, as as follows :-

Checking Accounts against Group Policy Creator Owners
Checking Accounts against Domain Admins
Checking Accounts against Enterprise Admins
Checking Accounts against Schema Admins
Checking Accounts against Administrators

Any suggestions?

Accounts isn't the Primary group is it? That's the only one that won't be displayed there due to an oddity of AD. That defaults to Domain Users and is rarely changed from that (as it's completely unnecessary to change it).

Otherwise, you're not running it as the Administrator account or anything are you?

The function above basically goes through every group the account running the script is a member of and will only return true if it finds it (which it isn't doing above).

I guess it's important to note that it doesn't count unless you are directly a member of that group; nested membership will not work with what's above. If you need to deal with nested group membership then it all becomes more complex and it really isn't something I'd recommend for logon scripts.

Chris

I have run the script from both the server, logged in as administrator, which produces the logon.log file, and also from the client workstation, logged in as the user which is included in the "accounts" group.

The client workstation produced :-

Checking Accounts against accounts
Error Mapping Drive G: to \\smartServ\shared
Variable is undefined

Any ideas?

Thats b****y great!!

Works a treat.

Many thanks Chris, the points are yours!!

Glad I could help out :)

Chris