Solved

WINDOWS AUTOMATING MAPPING

Posted on 2004-09-06
17
271 Views
Last Modified: 2013-12-04
Dear Friends

I have windows 2000 servers with active directory,dns,etc..Also I have about 100 clients...
I create some folders to my file server..For example I create A folder and inside I have b,c,d,e folder that to each one have access only certain users..
So I want to find a way that automatically map a network drive letter to the user pc to a certain folder that I have already created to my File server..
Can anybody tell me exactly(step by step) how can I solve it?

Regards
0
Comment
Question by:antonis100
  • 7
  • 7
  • 2
  • +1
17 Comments
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,

Here goes.

First of all, make sure to create a loginscript. A very basic script can be called login.bat and here's the lines that should be in it.. Make sure that all users are able to contact the loginscript so place it on a share, something like \\servername\loginshare

net use f: delete
net use f: \\servername\sharename

This deletes and creates a mapping to the shared folder. You can use any driveletter you please, as long as the computer using the login script doesn't have an f drive..
After that, go to the specified user in AD Users & Computers, right click them and go to properties. Go to the profile tab and make sure to add the following line to the Logon Script option (make sure to use your own variables...)

\\servername\loginshare\login.bat

This should do the trick...
0
 

Author Comment

by:antonis100
Comment Utility
Dear rhandles

If i understand well first I create a batch file that inside have the following:
net use f: \\tony\tony1   where tony is my server name and tony1 is my folder that is share...(do I have to put in in the server that I need the mapping or any  server to my lan?..)
Until now am i
0
 

Author Comment

by:antonis100
Comment Utility
If i understand well first I create a batch file that inside have the following:
net use f: \\tony\tony1   where tony is my server name and tony1 is my folder that is share...(do I have to put in in the server that I need the mapping or any  server to my lan?..)
Until now am I have right?

Then I must go to the AD and do the above u said me in each user I want?Can I do thet in a whole group of user?

Into the profile tab  I must write the following?..:
\servername\loginshare\login.bat

In the place of servername which one?
also what is the loginshare and what the login.bat?

Regards
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,

This is quite hard to explain in simple words so i will try my best..

>>If i understand well first I create a batch file that inside have the following:
net use f: \\tony\tony1   where tony is my server name and tony1 is my folder that is share...(do I have to put in in the server that I need the mapping or any  server to my lan?..)
Until now am I have right?<<

Indeed you are right. You do need to put in the \\tony\tony1 in the file, that's the server you need to connect to and the share you need to connect to.

>>Then I must go to the AD and do the above u said me in each user I want?Can I do thet in a whole group of user?<<

No, you cannot do this for a group. You can do this using Group Policy Objects. To do this, go to Group Policy Management, right click default domain policy and choose Edit. Then go to User configuration, Windows Settings and Scripts(Logon/Logoff).  Double click logon and choose add, then add the login.bat file.

The Login.bat file is the script. It's the batch file you created (see first setence of your post).



>>Into the profile tab  I must write the following?..:
\servername\loginshare\login.bat

In the place of servername which one?
also what is the loginshare and what the login.bat?<<

After you created the login.bat file (it's the login script files that makes sure that the users get that mapping), you need to place it somewhere so your users can reach it. You can create a new share on your server Tony that's called loginshare. Then the batch file is placed on a share so users can access it. After that, make sure to add the location of this file into the user properties or Group Policy Object (as stated by me above). The location of the file should be something like \\Tony\loginshare\login.bat.

Hope that it's a bit more clear know...

0
 

Author Comment

by:antonis100
Comment Utility
The right place that I must put my script is in AD then Properties of the user then  Profile tab and then Logon Script(in the User Profile)...Is that right?

If I use the Group Policy I will need to do the above steps?(I suppose not..)

Thanks about ur patient.
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,

If you use the Group Policy, you don't need to put the script in the userporperties, that's done using the Group Policy...

So the answer to this question
>>If I use the Group Policy I will need to do the above steps?(I suppose not..)<<

is No...

Hope it start to be a bit clearer now... ;)
0
 

Author Comment

by:antonis100
Comment Utility
Yes...thanks..

Let me try it and let u know tomorrow the result...

Thanks once again.
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Ur welcome...
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:antonis100
Comment Utility
Dear Friend...
Something I forget to say u...

The folder that I want to be mapping I dont want to be the parent but inside of that..
For example I have Tony as the primary folder.Inside I have MARIA,PETER,LEO,ANDREW.So each user have only access to his/her name.So I want to map automatically only the folder that the user have access and not the whole parent(TONY)..
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,

If you have NTFS persmissions it won't be a problem that they can see all folders within the share you created.

If you do need to have it that way, you will need to give each user another login script (like marialogin.bat, peterlogin.bat and so on). Then, instead of \\Tony\Tony1 you add this rule

net use f: \\Tony\Tony1\maria

Then you can map to drives within a shared folder
0
 

Author Comment

by:antonis100
Comment Utility
::)):u SEE I am not so expert like u..What do u mean by that?
I will share ONLY the Primary folder and all the other inside I will put the security permission who will have access.
So I must create 100 scripts if I HAVE 100 users?

All my pc and servers are NTFS.
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi,

If you only map to the top folder, then all users will see the folders that are beneath this folder, like Maria, Peter and so on. So if you need to make sure that Maria cannot access the Peter folder, you can do this using NTFS permissions.

If you want to map to the users folder, so Maria doesn't even see Peter's folder, you will need to create login scripts for all users (so if you have 100, you indeed need 100).

So my good guess would be, go for the first option. Make sure to go tothe Group Policy Object, add the login.bat file, and make sure to set NTFS permissions on the folders so users can only access the folder they have permissions for..
0
 
LVL 2

Accepted Solution

by:
Ranidae earned 150 total points
Comment Utility
Why not use the homedirectory option of the Active Directory User Objetct.

For Each User Object go to properties, under the profile tab, Home folder

select either local path or connect,

\\servername\sharedfolder\%username%

This will map the individual homedirectories for all users.

If you need to change this setting for multiple users, this can be done with a vbscript.  I have used a script to change this path for over 600 users on one server. This same script will change the loginscript for all users.


0
 

Author Comment

by:antonis100
Comment Utility
Dear Feedback

What is the different between Home Folder on Profile Tab and Login Script ?
0
 
LVL 23

Expert Comment

by:rhandels
Comment Utility
Hi Antonis,

A Home folder is a part of your network disk that's given to each of our users. You can only set this option within the user properties (indeed, the same tab as profile) and the Group Policy Objects.

Only problem with Home folders is that the folders beneath the TONY folder (like Maria and Peter) need also be the login names of the users. If this isn't the case, home folders is going to be a bit hard to set up...
0
 
LVL 2

Expert Comment

by:Ranidae
Comment Utility
Easier to maintain in the long run though!
0
 
LVL 1

Expert Comment

by:shinds57
Comment Utility
Antonis100, If you what to create home folders for your users use the following method:

  Create a folder called HOME on your File Server. Underneath this Directory create a Home folder for each user and share those out to only the Domain Admin and the user. In the users properties within AD set the home path as H: \\server\%username%. If you have many users then an application like autoshare from script logic might help. www.scriptlogic.com.

If you want to set up a File Share for your users then again go to the file server and create a directory called...example..."Accounting" Remove the everyone share permissions, add the Accounting group and Domain Admins Group and show your users how to create directories and manipulate NTFS permissions. Of course this is just an example of permissions so you may want to leave the everyone read? or add other groups..up to youuuuu.

Good Luck
Shinds57
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now