• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 896
  • Last Modified:

Net Use script

I'm on a NT4 domain with PDC and BDC.  I have several global groups that people are a part of.  Is there a way to map lets say 10 people to have the same access to the share thats within the global group.
0
jkaminsky
Asked:
jkaminsky
1 Solution
 
masterbakerCommented:
The proper way to assign permissions (the Microsoft way) is to create a local group on the server, add the global group to the local group, and assign the permissions to the local group.  I can't tell you how many times I had to set this up at my last job.  It works like a charm!

If the shares are on a PDC or BDC, these groups aren't necessarily "local" as the other servers see them (since they are local domain groups instead of just local groups on a server).  You might want to consider using special names for them so you don't confuse them with global groups.  Like add a character in front of the group name or something.

Jeff
0
 
BrianClark72403Commented:
If I understand correctly you are wanting only those 10 people to map to that share and not people that are not members of the group.  In that case you may want to use a scripting solution like kixtart.   http://www.kixtart.org/

I use a 'logon.bat' file that calls a kixtart script.  That script that look at the user properties and if it is in a certain group, can map the drive as needed, but if the user isn't it won't map.  If that is what your question is I can find examples for you
0
 
SteveSloanCommented:
Here is an example from my kix32 logon script.  It does the job nicely:

$group = "Windows Group 1"
$drive = "F:"
$path = "\\server\share"
GOSUB "MAPDRIVE"

$group = "Windows Group 2"
$drive = "G"
$path = "\\server\share"
GOSUB "MAPDRIVE"

$group = "Windows Group 3"
$drive = "H:"
$path = "\\server\share"
GOSUB "MAPDRIVE"

:MAPDRIVE
IF LEN("$group") = 0 OR INGROUP("$group") = 1
   IF EXIST("$drive\") = 1
      USE $drive /DELETE
      IF @ERROR > 0
         ? "   Recieved Error(@error) when disconnecting $drive."
      ENDIF
   ENDIF
   USE $drive "$path"
   IF @ERROR = 0
      ? "   Successfully connected $drive to $path for group $group."
     ELSE
      ? "   Error(@ERROR) trying to map $drive to $path for group $group."
   ENDIF
ENDIF
RETURN
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
SteveSloanCommented:
Oops... the drive letter "G" should be "G:" in my example.
0
 
jkaminskyAuthor Commented:
SteveSloan

I tried to load Kix32 on my machine I'm working on this. I can load this script in a .bat file and run with it correct
0
 
SteveSloanCommented:
This is what I have inr my "logon.bat" file.  I think I got it straight from the Kix documentation. ;-)

@ECHO OFF
%0\..\kix32\Kix32.exe %0\..\logon.kix

So in my Netlogon share there is...
1) That "logon.bat" file
2) The kix script called "logon.kix".
3) These files in a folder called "Kix32": "KIX32.EXE", "KX32.dll", and "kx16.dll"
0
 
jkaminskyAuthor Commented:
Is this package that you load I'm having a difficult time loading it
0
 
SteveSloanCommented:
Just unzip the files to a folder such as C:\Kix32.  You can test scripts from the command line.  

Try this:
1) Unzip the files to C:\Kix32
2) Create a text file called "HelloUser.kix",  using notepad.  Save it in C:\Kix32 and put this line in it:
     ? "Hello @USERID, the time is @TIME!"
3) Open a Command Prompt
4) Change to the folder you created:
     C:
     cd \kix32
5) Execute the script with this command:
     kix32.exe HelloUser.kix

The output when I run the script looks like this:
     Hello steve_s, the time is 10:09:46!

Because scripts are simple text files, I like to associate the "*.kix" extension with Notepad.  When you try to open a file through the GUI it sould ask which program to use.  You can check "Always use this program" or some such thing.  You will need to spend some time reading the "Kix2001.doc" file (or the online documentation) that comes with the program.  It really isn't hard once you've played with it and it is a lot of fun.

When you understand how it works and are comfortable with getting it running, you'll need to copy some files to the Netlogon share on your domain controller.  If you have multiple DC's you can use replication services to copy changes you make to the script to all of your Netlogon shares (but that's a different question ;-).   See my previous post about which files to copy to the server.

0
 
SteveSloanCommented:
There is one other thing you need to do.  You need to make sure that your user accounts are set to use "logon.bat" as their logon script in the user account properties.  (If you have a lot of users you can write a Kix script to automatically make the change for each user).  When a user logs on, the workstation checks to see if there is a logon script set for the user account and then looks in the Netlogon share for the file mentioned.  Like BrianClark72403 pointed out, the logon.bat file executes the Kix script.
0
 
jkaminskyAuthor Commented:
ok let me do some more reading here I will keep you guys posted
0
 
jkaminskyAuthor Commented:
Steve and Brian

You guys are really helping out thank you for everything so far. Here is my issues that I'm having.

1. I've placed Kix32.exe in C:\WINNT\system32\Kix32 in my PDC
2. I then placed login.bat and my login.kix into c\WINNT\system32\Repl\Import\Scripts and P:\WINNT\system32\Repl\export\Scripts which them show up in my Netlogon
3. In my Login.bat file I have

@ECHO OFF
\winnt\system32\KIX32\KIX32.EXE \winnt\system32\repl\import\scripts\LOGIN.KIX

4. in my login.kix file I have

$group = "global group name"
$drive = "G:"
$path = "\\server\folder"
GOSUB "MAPDRIVE"

$group = "global group name"
$drive = "I"
$path = "\server\folder"
GOSUB "MAPDRIVE"

$group = "global group name"
$drive = "m:"
$path = "\server\folder"
GOSUB "MAPDRIVE"

:MAPDRIVE
IF LEN("$group") = 0 OR INGROUP("$group") = 1
   IF EXIST("$drive\") = 1
      USE $drive /DELETE
      IF @ERROR > 0
         ? "   Recieved Error(@error) when disconnecting $drive."
      ENDIF
   ENDIF
   USE $drive "$path"
   IF @ERROR = 0
      ? "   Successfully connected $drive to $path for group $group."
     ELSE
      ? "   Error(@ERROR) trying to map $drive to $path for group $group."
   ENDIF
ENDIF
RETURN
 
5. I then put the login.bat file in my PDC under my login ok
re boot then nothing happens

Let me ask you this does every user in my company get a login.bat file and then they are mapped to login.kix.  Does each group get there own login.kix file for each global group.  Am I saying this correctly I'm going to continue reading
0
 
jkaminskyAuthor Commented:
Do I need to start a service on the PDC I'm looking into this right now
0
 
SteveSloanCommented:
There is a typo (that was my typo first) for your "I:" drive mapping.  Your script is missing the colon (":").

Q: does every user in my company get a login.bat file
A: There is only one .bat file per Domain Controller.  It goes into the Netlogon folder.  Every user account must have "logon.bat" it their logon script user properties (User Manager).

Q: Does each group get there own login.kix file for each global group
A: No there should be only one .kix file per Domain Controler.  It also goes into the Netlogon folder and is called by logon.bat.  Each group can have a drive mapped for it.  That requires an entry in logon.kix for each group.  In my example it requires setting the three variables and calling the subroutine.

Q: Do I need to start a service on the PDC
A: There is no service beyond what already should be started.  You may want to use replication services to synch your Netlogon folder, but it is optional.

Here are two sample versions of the script that I use.  I got most of my ideas/methods by looking at other people's scripts.  The rest came from trail-and-error.
http://www.stevesloan.org/techdocs/002/logon-sample1.kix.txt
http://www.stevesloan.org/techdocs/002/logon-sample2.kix.txt
0
 
jkaminskyAuthor Commented:
Steve

Let me ask this what your saying is that with an individual user that I assign a group to in the pdc will automatically map to that share with out ever touching the login.kix file because each user login will just go through this script.

if you say yes then I need to go and buy a six pack  
0
 
jkaminskyAuthor Commented:
Steve, Brian and Masterbaker you guys have been fantastic thank you it is now working and I'm moving forward thank you and have a great Christmas to you and all your families

Joel
0
 
jkaminskyAuthor Commented:
Steve

There is one more problem that I'm experincing with this.  In user manager under profile I have login.bat already set under my name. When I login nothing happens.  If I go into My Network Places I drill down to NETLOGON on my PDC and I can see the login.bat file and the login.kix file.  When I try to execute the Login.bat in the NETLOGON it doesn't work.  When I execute the login.bat in the \winnt\system32\repl\imports\scripts\login.bat it works fine.  

I went to check the permisions in the \winnt\system32\repl\imports\scripts and the permisions appear to be fine Everyone is set yo Full Control for the NETLOGON

Ok Guys what am I missing
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Tackle projects and never again get stuck behind a technical roadblock.
Join Now