bwinchell
asked on
VBS script to map network drives via security groups
I have a vbs script that is suppossed to look into AD and find any security group that follows the the format [map {drive letter} to {share name} on {server name}] and map a network drive for users that are a member. This is running in a Windows 2003 AD mixed-mode. It is not doing anything. The AD structure is:
Domain > Site > Policy Groups > Map E to share1 on server1. The SHARE permissions are set to EVERYONE-full and the NTFS is set to %SecurityGroup%-full. The vbs is located in the NETLOGON share and has the permission for EVERYONE to read/execute.
Here is the script:
'========================= ========== ========== ========== ========== ========= ====
'
'Drive mapping instructions:
'
' 1. The four default drives that need to be mapped for each user are:
'
' G: - Group public shares
' H: - User's home directory
' I: - User's Group's directory
' X: - Application directory
'
' 2. These four drives are mapped by a logon script - mapshare.vbs
'
' 3. The mapshare.vbs script reads the group membership of the
' logged on user. For each group:
'
' a) If a group is a Windows 2000 built-in group (Domain Admins,
' for example), the script does nothing.
'
' b) If a group is a GPO group (GPO groups begin with one of the
' following prefixes: cs-, cw-, ca-, us-, uw-, ua-), the
' script does nothing.
'
' c) If the group name takes the following form:
'
' map {drive letter} to {share name} on {server name}
'
' then the script attempts to map the appropriate resource.
' Note that the program recognizes only four variables for share
' names: %USERNAME%, %username%, %USERNAME%$, and %username%$
' and that combinations of upper and lower case do not work.
'
' d) If the group does not fall into one of the above categories,
' the script assumes that the group name is the name of a share
' on the user's home server and attempts to map the H: drive to
' this share. IF THE USER BELONGS TO MORE THAN ONE SUCH GROUP,
' THE SCRIPT HAS NO WAY OF DETERMINING WHICH GROUP IS CORRECT.
'
' 4. The mapshare.vbs script is itself run by a GPO:
'
' UC-WS-SC-Logon Script (mapshare.vbs)
'
' would be a GPO with the property:
'
' User Configuration | Windows Settings | Scripts (Logon/Logoff) | Logon
'
' set to:
'
' mapshare.vbs
'
'========================= ========== ========== ========== ========== ========= ====
Option Explicit
Dim g_oGroupDict
Dim g_oNet
Dim sAdsPath
Dim oUser
Dim oGroup
Dim sGroupName
Dim sOurDrive(23)
Dim iPosition
Dim sOurShare(23)
Dim sOurServer(23)
Dim iIndex
Dim iCount
iIndex = 0
iCount = 0
sGroupName = ""
On Error Resume Next
Set g_oNet = CreateObject("Wscript.Netw ork")
If IsEmpty(g_oGroupDict) Then
Set g_oGroupDict = CreateObject("Scripting.Di ctionary")
g_oGroupDict.CompareMode = vbTextCompare
sAdsPath = g_oNet.UserDomain & "/" & g_oNet.UserName
Set oUser = GetObject("WinNT://" & sAdsPath & ",user")
For Each oGroup In oUser.Groups
If (Left(oGroup.Name, 3) = "map") Then
sOurDrive(iIndex) = Mid(oGroup.Name, 5, 1) + ":"
iPosition = InStr(1, oGroup.Name, " on ", vbTextCompare)
sOurShare(iIndex) = Mid(oGroup.Name, 10, iPosition - 10)
sOurServer(iIndex) = Right(oGroup.Name, Len(oGroup.Name) - (iPosition + 3))
g_oNet.RemoveNetworkDrive sOurDrive, True, True
iIndex = iIndex + 1
ElseIf ((oGroup.Name <> "Administrators") And (oGroup.Name <> "Domain Users") And (Left(oGroup.Name, 2) <> "cs") And (Left(oGroup.Name, 2) <> "cw") And (Left(oGroup.Name, 2) <> "ca") And (Left(oGroup.Name, 2) <> "us") And (Left(oGroup.Name, 2) <> "uw") And (Left(oGroup.Name, 2) <> "ua")) Then
sGroupName = oGroup.Name
End If
Next
For iCount = 0 To (iIndex - 1)
If sOurShare(iCount) = "%USERNAME%$" Or sOurShare(iCount) = "%username%$" Then sOurShare(iCount) = oUser.Name & "$"
If sOurShare(iCount) = "%USERNAME%" Or sOurShare(iCount) = "%username%" Then sOurShare(iCount) = oUser.Name
If sOurShare(iCount) = "Group Share" Or sOurShare(iCount) = "group share" Then sOurShare(iCount) = sGroupName
g_oNet.RemoveNetworkDrive sOurDrive(iCount), True, True
g_oNet.MapNetworkDrive sOurDrive(iCount), "\\" & sOurServer(iCount) & "\" & sOurShare(iCount)
Next
End If
Domain > Site > Policy Groups > Map E to share1 on server1. The SHARE permissions are set to EVERYONE-full and the NTFS is set to %SecurityGroup%-full. The vbs is located in the NETLOGON share and has the permission for EVERYONE to read/execute.
Here is the script:
'=========================
'
'Drive mapping instructions:
'
' 1. The four default drives that need to be mapped for each user are:
'
' G: - Group public shares
' H: - User's home directory
' I: - User's Group's directory
' X: - Application directory
'
' 2. These four drives are mapped by a logon script - mapshare.vbs
'
' 3. The mapshare.vbs script reads the group membership of the
' logged on user. For each group:
'
' a) If a group is a Windows 2000 built-in group (Domain Admins,
' for example), the script does nothing.
'
' b) If a group is a GPO group (GPO groups begin with one of the
' following prefixes: cs-, cw-, ca-, us-, uw-, ua-), the
' script does nothing.
'
' c) If the group name takes the following form:
'
' map {drive letter} to {share name} on {server name}
'
' then the script attempts to map the appropriate resource.
' Note that the program recognizes only four variables for share
' names: %USERNAME%, %username%, %USERNAME%$, and %username%$
' and that combinations of upper and lower case do not work.
'
' d) If the group does not fall into one of the above categories,
' the script assumes that the group name is the name of a share
' on the user's home server and attempts to map the H: drive to
' this share. IF THE USER BELONGS TO MORE THAN ONE SUCH GROUP,
' THE SCRIPT HAS NO WAY OF DETERMINING WHICH GROUP IS CORRECT.
'
' 4. The mapshare.vbs script is itself run by a GPO:
'
' UC-WS-SC-Logon Script (mapshare.vbs)
'
' would be a GPO with the property:
'
' User Configuration | Windows Settings | Scripts (Logon/Logoff) | Logon
'
' set to:
'
' mapshare.vbs
'
'=========================
Option Explicit
Dim g_oGroupDict
Dim g_oNet
Dim sAdsPath
Dim oUser
Dim oGroup
Dim sGroupName
Dim sOurDrive(23)
Dim iPosition
Dim sOurShare(23)
Dim sOurServer(23)
Dim iIndex
Dim iCount
iIndex = 0
iCount = 0
sGroupName = ""
On Error Resume Next
Set g_oNet = CreateObject("Wscript.Netw
If IsEmpty(g_oGroupDict) Then
Set g_oGroupDict = CreateObject("Scripting.Di
g_oGroupDict.CompareMode = vbTextCompare
sAdsPath = g_oNet.UserDomain & "/" & g_oNet.UserName
Set oUser = GetObject("WinNT://" & sAdsPath & ",user")
For Each oGroup In oUser.Groups
If (Left(oGroup.Name, 3) = "map") Then
sOurDrive(iIndex) = Mid(oGroup.Name, 5, 1) + ":"
iPosition = InStr(1, oGroup.Name, " on ", vbTextCompare)
sOurShare(iIndex) = Mid(oGroup.Name, 10, iPosition - 10)
sOurServer(iIndex) = Right(oGroup.Name, Len(oGroup.Name) - (iPosition + 3))
g_oNet.RemoveNetworkDrive sOurDrive, True, True
iIndex = iIndex + 1
ElseIf ((oGroup.Name <> "Administrators") And (oGroup.Name <> "Domain Users") And (Left(oGroup.Name, 2) <> "cs") And (Left(oGroup.Name, 2) <> "cw") And (Left(oGroup.Name, 2) <> "ca") And (Left(oGroup.Name, 2) <> "us") And (Left(oGroup.Name, 2) <> "uw") And (Left(oGroup.Name, 2) <> "ua")) Then
sGroupName = oGroup.Name
End If
Next
For iCount = 0 To (iIndex - 1)
If sOurShare(iCount) = "%USERNAME%$" Or sOurShare(iCount) = "%username%$" Then sOurShare(iCount) = oUser.Name & "$"
If sOurShare(iCount) = "%USERNAME%" Or sOurShare(iCount) = "%username%" Then sOurShare(iCount) = oUser.Name
If sOurShare(iCount) = "Group Share" Or sOurShare(iCount) = "group share" Then sOurShare(iCount) = sGroupName
g_oNet.RemoveNetworkDrive sOurDrive(iCount), True, True
g_oNet.MapNetworkDrive sOurDrive(iCount), "\\" & sOurServer(iCount) & "\" & sOurShare(iCount)
Next
End If
Hi,
In my scripts I use an IsMember function to tell me if a user is a member of a specified security group.
I place in a vbs file, then as each user runs it in a logon script, the script uses
If IsMember(strSpecifiedGroup ) Then 'eg "Finance"
wshNetwork.MapWindowsPrint erConnecti on "\\server\printer"
End If
Private Function IsMember(strSpecifiedGroup Name)
Dim wshNetObj, StrDomain, StrUser, boolIsMember, objUserObj, strUserGroup
On Error Resume Next
Err.Clear
Set wshNetObj = CreateObject("WScript.Netw ork")
StrDomain = wshNetObj.UserDomain
StrUser = wshNetObj.UserName
boolIsMember = false
Set objUserObj = GetObject("WinNT://" & StrDomain & "/" & StrUser & ",user")
If Err.Number Then
WScript.Quit
End If
For Each strUserGroup In objUserObj.Groups
If Err.Number Then
WScript.Quit
End If
On Error GoTo 0
If strUserGroup.Name = strSpecifiedGroupName Then
boolIsMember = true
Exit For
End If
Next
IsMember = boolIsMember
Set objUserObj = nothing
Set wshNetObj = nothing
End Function
Hope that helps.
Rob.
In my scripts I use an IsMember function to tell me if a user is a member of a specified security group.
I place in a vbs file, then as each user runs it in a logon script, the script uses
If IsMember(strSpecifiedGroup
wshNetwork.MapWindowsPrint
End If
Private Function IsMember(strSpecifiedGroup
Dim wshNetObj, StrDomain, StrUser, boolIsMember, objUserObj, strUserGroup
On Error Resume Next
Err.Clear
Set wshNetObj = CreateObject("WScript.Netw
StrDomain = wshNetObj.UserDomain
StrUser = wshNetObj.UserName
boolIsMember = false
Set objUserObj = GetObject("WinNT://" & StrDomain & "/" & StrUser & ",user")
If Err.Number Then
WScript.Quit
End If
For Each strUserGroup In objUserObj.Groups
If Err.Number Then
WScript.Quit
End If
On Error GoTo 0
If strUserGroup.Name = strSpecifiedGroupName Then
boolIsMember = true
Exit For
End If
Next
IsMember = boolIsMember
Set objUserObj = nothing
Set wshNetObj = nothing
End Function
Hope that helps.
Rob.
ASKER
I have this working in other environments without any special programs. Put it in and away it goes. I cannot figure out why it will not enforce this script.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will give that a try to see if it is looping or getting stuck.
bwinchell, have you tested the script any further?
Rob.
Rob.
I know that this does not answer your VB script problem, but it is a different solution to consider. It is working flawlessly for me and I support mapping share based off of security group membership for atleast 15 shares per server and about 25 servers. Kixtart also does many other things - mapping shares based off of group membership is just the tip of the iceberg.