Logon script - map drives based on group membership

Posted on 2004-10-27
Last Modified: 2009-02-27
I have a new Windows 2003 Server domain with NT and 2000 Clients.

I have a number of different groups set up which should each have different mapped drives to shares.

How can I create a logon script that will check the if the user is a member of certain groups and if so map relevent network drives?

An example script would be a great help, I am far from being a scripting guru....
Question by:STEVEO4
    LVL 70

    Accepted Solution


    I recommend you use Kixtart for handling this. It's pretty easy to learn, well documented and definately a lot easier to work with than VBScript and a hundred times more capable than Batch files.

    It ships as part of the Server Resource Kit, but I advise that you download the most recent release from:

    Once you have it this lot below is intended to teach you some of the basics of the language. Please let me know if you'd like more than I've written.

    From the zip file copy kix32.exe into the NetLogon Share on one of your Domain Controllers. This one is the command processor, we need that for the script to run properly.

    Next create the Logon.bat file. This is used to call the real logon script. Logon.bat should be entered as the script to run in your users profiles.

    #Contents of Logon.bat#

    kix32.exe logon.kix

    Finally, the script itself.

    #Contents of Logon.kix#

    ; Logon Script
    ; The ; is used to add comments to your code. These are just to make life easier
    ; for you and have no effect on the script.
    ; Created: 27/10/2004
    ; Modified: 27/10.2004

    ; Global Drive Mappings (the ones everyone gets)

    ; Mapping Drives is done with the Use command.
    ; Use syntax: Use "<Drive Letter>" "<Path>"

    Use "L:" "\\Server\Share"

    ; Group Based Drive Mappings.
    ; We use an If Statement and the InGroup Function to figure out if we
    ; should be mapping the drive or not.
    ; If Statement syntax:
    ; If <Condition>
    ;    ... <Statements>
    ; EndIf
    ; InGroup returns true or false, you can use this with the If Statement.
    ; InGroup syntax:
    ; InGroup("<Group Name>")

    If InGroup("Domain Admins")
        Use "K:" "\\Server\Share"

    ; There's a lot more you can do with this script, one more really common example
    ; is adding Printers.


    ; As with the Use function that can be added to an If Statement to only add the printer
    ; if the user is in the right group.
    LVL 5

    Expert Comment

    You can also use straight VB for this as well.  Here's a snipet from our scripts (OU & Domain names changed):

    Set grpSysNet = GetObject("LDAP://test.local/cn=_DEPT_SYSTEMS_NETWORK,OU=Departments,OU=_Groups,DC=test,DC=local")

    If grpSysNet.ismember(ADSPath) Then

        net.RemoveNetworkDrive "i:"
        net.MapNetworkDrive "i:", "\\test.local\dfsroot$\Systems"
    End If

    Basically it queries AD to see the membership of the Group (_DEPT_SYSTEMS_NETWORK in the example above), which is located under the _Groups\Departments OU of the domain test.local.  If the user is a member of that group then it will remove the mapped drive (in case the user already had one), and map it to the specified path (here drive I would be mapped to (\\test.local\dfsroot$\Systems).

    Hope this helps - let me know if you need further assistance!
    LVL 70

    Expert Comment

    by:Chris Dent

    I didn't include removing a drive mapping with the example above, so just to keep it in line with Talphius's example (and so you can choose whichever you prefer) it's:

    If InGroup("<Group Name>")
        Use "<Drive>" /d
        Use "<Drive>" "<Share Path>"

    One thing that I haven't had the opportunity to test is if Kix can map correctly to a DFS Share, one other expert had problems with it not performing the drive mapping in that situation.
    LVL 104

    Expert Comment

    A reskit utility called ifmember will also do this for you. This can be downloaded from Microsoft's web site.

    Sample (checking for membership of the group "Accounts")

    ifmember accounts
    if not errorlevel 1 goto next
    echo Connecting to Accounts...
    net use N: \\server1\accounts$



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone. Privacy Policy Terms of Use

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    When bringing a new server on line, you may see an error that says: The Security System detected an authenticaton error for the server ldap/xxxxxxxt. The failure code from the authentication protocal Kerberos was "There are currently no logon se…
    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
    This video discusses moving either the default database or any database to a new volume.

    875 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now