Logon script - map drives based on group membership

I have a new Windows 2003 Server domain with NT and 2000 Clients.

I have a number of different groups set up which should each have different mapped drives to shares.

How can I create a logon script that will check the if the user is a member of certain groups and if so map relevent network drives?

An example script would be a great help, I am far from being a scripting guru....
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

Chris DentConnect With a Mentor PowerShell DeveloperCommented:

I recommend you use Kixtart for handling this. It's pretty easy to learn, well documented and definately a lot easier to work with than VBScript and a hundred times more capable than Batch files.

It ships as part of the Server Resource Kit, but I advise that you download the most recent release from:


Once you have it this lot below is intended to teach you some of the basics of the language. Please let me know if you'd like more than I've written.

From the zip file copy kix32.exe into the NetLogon Share on one of your Domain Controllers. This one is the command processor, we need that for the script to run properly.

Next create the Logon.bat file. This is used to call the real logon script. Logon.bat should be entered as the script to run in your users profiles.

#Contents of Logon.bat#

kix32.exe logon.kix

Finally, the script itself.

#Contents of Logon.kix#

; Logon Script
; The ; is used to add comments to your code. These are just to make life easier
; for you and have no effect on the script.
; Created: 27/10/2004
; Modified: 27/10.2004

; Global Drive Mappings (the ones everyone gets)

; Mapping Drives is done with the Use command.
; Use syntax: Use "<Drive Letter>" "<Path>"

Use "L:" "\\Server\Share"

; Group Based Drive Mappings.
; We use an If Statement and the InGroup Function to figure out if we
; should be mapping the drive or not.
; If Statement syntax:
; If <Condition>
;    ... <Statements>
; EndIf
; InGroup returns true or false, you can use this with the If Statement.
; InGroup syntax:
; InGroup("<Group Name>")

If InGroup("Domain Admins")
    Use "K:" "\\Server\Share"

; There's a lot more you can do with this script, one more really common example
; is adding Printers.


; As with the Use function that can be added to an If Statement to only add the printer
; if the user is in the right group.
You can also use straight VB for this as well.  Here's a snipet from our scripts (OU & Domain names changed):

Set grpSysNet = GetObject("LDAP://test.local/cn=_DEPT_SYSTEMS_NETWORK,OU=Departments,OU=_Groups,DC=test,DC=local")

If grpSysNet.ismember(ADSPath) Then

    net.RemoveNetworkDrive "i:"
    net.MapNetworkDrive "i:", "\\test.local\dfsroot$\Systems"
End If

Basically it queries AD to see the membership of the Group (_DEPT_SYSTEMS_NETWORK in the example above), which is located under the _Groups\Departments OU of the domain test.local.  If the user is a member of that group then it will remove the mapped drive (in case the user already had one), and map it to the specified path (here drive I would be mapped to (\\test.local\dfsroot$\Systems).

Hope this helps - let me know if you need further assistance!
Chris DentPowerShell DeveloperCommented:

I didn't include removing a drive mapping with the example above, so just to keep it in line with Talphius's example (and so you can choose whichever you prefer) it's:

If InGroup("<Group Name>")
    Use "<Drive>" /d
    Use "<Drive>" "<Share Path>"

One thing that I haven't had the opportunity to test is if Kix can map correctly to a DFS Share, one other expert had problems with it not performing the drive mapping in that situation.
A reskit utility called ifmember will also do this for you. This can be downloaded from Microsoft's web site.


Sample (checking for membership of the group "Accounts")

ifmember accounts
if not errorlevel 1 goto next
echo Connecting to Accounts...
net use N: \\server1\accounts$


All Courses

From novice to tech pro — start learning today.