Solved

Logon scripts for Windows 2003

Posted on 2004-09-17
7
138 Views
Last Modified: 2010-08-05
Hello.. I am using logon scripts for the first time.

My AD has some Global Groups under USERS which include the groups "Technical", and "Staff". These groups have access to different folders which I want mapping automatically on login. I have created and shared the fodlers with appropriate permissions / security and tested them.. all ok.

I now want a script that looks at the person logging on, maps them a home drive (this bit works), and then finds out if they are a member of a certain group (you CAN belong to more than one) and give them the appropriate mapping..

I can successfully map a drive WITHOUT a check, thats easy enough..

Here is the script thus far

Const STAFF                    = "CN=Staff"
Const TECHNICAL             = "CN=Technical"

Set wshNetwork = CreateObject("WScript.Network")
wshNetwork.MapNetworkDrive "H:", "\\server001\Profiles\" & wshNetwork.UserName & "\Documents"

Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)
strGroups = LCase(Join(CurrentUser.MemberOf))

If InStr(strGroups, TECHNICAL) Then

wshNetwork.MapNetworkDrive "S:", "\\server001\Software\"

ElseIf InStr(strGroups, STAFF) Then

wshNetwork.MapNetworkDrive "I:", "\\Server\Business\"

End If

It does not error at all, maps the H drive OK, just does not map the other drive(s).. I have logged on as a usre in the TECHNICAL group for this..

any help appreciated
0
Comment
Question by:mvwmail
7 Comments
 
LVL 10

Expert Comment

by:jhautani
ID: 12083302
Almost similar problem was here:
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21130336.html
See if it provides you a solution.
0
 
LVL 6

Expert Comment

by:tanelorn
ID: 12083319
hi,

try this,  but change the servers and drive letters and the server names to suit
its fairly easy to follow
  this is the logon script that I use.  I like it because I can add subroutines into it, and call them from the top by adding a call to the function

Hope this helps.
T

'==========================================================================
'
' NAME: adc_logon.vbs
'
' AUTHOR: xxxxxxxxxxxxxxxxxxxx
' DATE  : 6/05/2003
'
' COMMENT: This file must be copied to all domain controlers
'
'==========================================================================
On Error Resume Next
Dim WshNetwork, strUser, Domain, WshShell, Group

' Get the User ID
Set WSHNetwork = WScript.CreateObject("WScript.Network")
Domain = WSHNetwork.UserDomain   'nUser means data from Network Object
strUser = ""
While strUser = ""
      strUser = WSHNetwork.UserName
Wend

'Call Main procedure to process the user groups information
call main()

' End of logon script
'****************************************************************************
'****************************************************************************


'*************** sub procedures and Functions *******************************

Public Sub Main()

  'Main loop to detect group that user belongs to
 
  Set objUser = GetObject("WinNT://" & Domain & "/" & strUser & ",user")
  For Each Group In objUser.groups
    Select Case Group.Name
            

      Case "Staff"
              Call staff()
            Case "technical"
              Call technical()
       
    End Select
  Next 'Group

  Set objUser = Nothing
                  
End Sub
'****************************************************************************
Sub staff()

 
Set fso = CreateObject("Scripting.FileSystemObject")

if fso.FolderExists("C:\Documents and Settings") Then

 
      MapDrive "h:", "\\eadc-fs001\home1\" & strUser

else
      MapDrive "h:", "\\eadc-fs001\home1"

End If
Set fso = Nothing


  MapDrive "P:", "\\eadc-fs001\projects1"
  MapDrive "S:", "\\eadc-fs001\shared1"
 

End Sub
'****************************************************************************

Sub technical()

 

  MapDrive "K:", "\\eadc-fs001\acct"

 

End Sub
'****************************************************************************

'****************************************************************************
Sub MapDrive(strDrive,strShare)

      On Error Resume Next
      WSHNetwork.MapNetworkDrive strDrive, strShare

      If Err.Number Then

            WSHNetwork.RemoveNetworkDrive strDrive
            WSHNetwork.MapNetworkDrive strDrive, strShare

      End If
            
End Sub
'****************************************************************************
'****************************************************************************

'End of SubProcedures and Functions
0
 
LVL 3

Author Comment

by:mvwmail
ID: 12083336
Looks good... I will look at both later as I am not with the server right now... many thanks
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 6

Expert Comment

by:tanelorn
ID: 12083344
you can also add more groups if you want by adding a case statement, and a call to a new function for the new group..
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 12083386
Two additional options:

1.  If you create an OU for each group and place the users there, you can use Active Directory login scripts and anyone in that OU will get access to that drive (through the AD login script).  This COULD be done for users in more than one group, but that can get messy as you'd need to create sub OUs within each OU.

2.  Use IFMEMBER - available from Microsoft here: http://www.microsoft.com/windows2000/techinfo/reskit/tools/new/ifmember-o.asp - this will do what you want - I used it before myself, only not recently enough to give you exact syntax here.
0
 
LVL 3

Author Comment

by:mvwmail
ID: 12088515
Tanilorn

Tried your script.. no erros, but still no mapped drives..

I have confirmed all spelling, capilised where necessary.. even rtied moving the Group around to various places in AD, not that this makes a difference as the group can be anywhere really so long as it is under the domain..

Not a sausage.. not even an error..

Argh!
0
 
LVL 6

Accepted Solution

by:
tanelorn earned 300 total points
ID: 12101304
Hi,


please  put a  single quote in front of the "On Error Resume Next"
where ever you see them.  what this tells the script to do is to ignore errors and keep going. (without erroring out...) the single quote is a comment marker.   make the edit and run it again from your desktop.

please post your script, and I'll see If I can find anything.  if you only have 2 groups, it shouldn't be that complicated.

Tanelorn
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now