Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 259
  • Last Modified:

Putting login scripts on a none DC in AD environment.

Good day everyone.  I have a question about implementing login scripts on 2003 server in AD environment to map shared drives when the user logs in.  The problem that I am having is, the company that I am working for has a DC at each site, but only our central office has the control of the DC's and they won't give anyone else access because we just migrated recently to AD and they want to make sure that nothing goes wrong at this point in time.  Now I am switching our Novell file server to 2003 server, and I wanted to create login scripts for the shares to be mapped automatically as the users log in, but since I don't have access to the DC I can’t do this using GPO’s or VBScripts.  So since I don't have access to the DC and to get the headquarters to do any of this for me is pretty much impossible, I was wondering if it's possible to create a basic batch file login script, create a share on this new file server that's not a DC/BDC just a basic 2003 files server, and store these scripts in the share.  Then in AD under user properties, profile tab point the profile path to the share that the login scripts are located on \\servername\share, and under the logon script tab put the login script name xxxx.bat.

I created a basic batch file and I placed it in the startup folder of my machine just to make sure that the script is ok and everything was fine, the shares were mapped with no problems, and I even put a basic net send command just to make sure that I see the .bat file execute.  When I did all this under my users properties profile tab in AD and tried to log in nothing happened, but I was getting an popup when login out about "not being able to copy roaming profile"  So is it even possible to store the login scripts on a none DC server?  And then point to them by using the Profile tab under user properties? And if not, any other options that I might have?

I know the easiest thing to do, would be store the scripts on DC and use VBScripts or GPO’s, but like I said that's not an option in this strange case of mine, take way to long to coordinate any of this with head office IT staff.  

Help would be appreciated,

Thanks
0
bbarac
Asked:
bbarac
  • 2
1 Solution
 
Carlo-GiulianiCommented:
By setting a network share path on the AD user properties, you are activating roaming profiles.  The path will be used to store all the user's profile information and should be owned and/or under full control of that users.  It must *not* be a directory shared by many users.  Also, the "Startup" folder is part of your user profile, so if you point the user profile to a new directory, it will be created from scratch as a copy of whatever is in the "Default User" profile.

Actually, there can be two Startup folders involved....on for "All Users" and one in the specific user profile.  

I think there is a simpler way to solve your problem.   Don't touch the AD user properties...leave the users on local profiles.  Use an "All Users" startup folder short cut pointing to a UNC Path (\\servername\share\whatever.bat) instead of a mapped drive letter.  That way you don't need to have a drive letter mapped to the

The main problem with what I am suggesting is that is a computer-based method instead of a user-based method.  You have to modify the "All Users" profile on every PC.  All users logging onto a physical PC will execute the same logon script (so long as they have access rights to it).  However, you can use system variable like %username% or %userprofile% to take user-specific actions....like map to a private share.

Also, you could set each user up with a network home directory (but not with a roaming profile).   In this scenario you would have to create a share for each users, but it would just be private storage for each user.   I believe this private share will be mapped without any logon script.

If you want to go the roaming profile route you have to:
- create a share for each users
- set the AD properties to use this profile
- add the appropriate batch file shortcut to each user's personal Startup folder



0
 
bbaracAuthor Commented:
You see what I was trying to also avoid is having to go to each pc and having to put the script in the startup folder.  What I will try to do is map a share on the DC to the file server which is where the login scripts are located.  Also I will create one script that will call this scrip, and this will go under users properties profile tab, logon scripts.  So I will have to get the head office to do a mapon the DC to the file server where the script is because this way I can still manage the scripts, and won't have to manually load the scripts in the machines startup folder.  Not sure if this will work but I will see.

Thanks for your help.
0
 
bbaracAuthor Commented:
Ok still doesn't work.  Can somebody tell me why this will not work, create script to map shared drives and I put this script on a local machine that is not a DC, I also created a share on that machine and that's where the .bat file is located.  I got AD users and computers, and in the users properties profile tab under Logon scripts I put \\machinename\share\file and this is the share where the script is located.  I try to log in and out and nothing happends.  Also I have complete rights to that share.  A friend of mine tries the same thing in his company and it works for him, the only difference between the two is that he is part of Domain Admins group but that should not make any difference considering that I can specify the path to the batch files under Logon Scripts section and save it no problem.

Any suggestions anyone???
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now