asked on

LogOn script to enable Network services

I'm working on a script, which may be used at logon, or as system process to enable the Network services (i.e. "Client for Microsoft Network" and "File and Print Sharing") if users notebooks are in office/home network. If users are in different network with static or dhcp-enabled IP (unknown IP addreses, but not from our networks) so these services must be in down-state (disabled). How to implement this?

ASKER CERTIFIED SOLUTION

Arty K

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

mackenga

Just in case this response still gets to the person who originally asked the question, I'll just add that you can avoid having the services run until login on foreign networks by having them down by default (manual startup would be a start). Then they'd only be enabled on login.

The problem of NET START not working unless the users were local admin still stands, though, and it's very rarely a good idea to give users that much power over their machines. I do have another suggestion.

If you start with your potentially insecure services / shares / etc disabled security is taken care of. Then you can have the login script attempt to contact a service running on a server, like the DC, on your own network. If this succeeds, that service, which could run with domain administrative priveleges, could start the relevant services on the user machine remotely. I think if you're thinking of looking into this more deeply, WMI might be useful to you - use:

Set objWMI = GetObject("winmgmts://<machine>/root/CIMV2")

to connect (I think that's right; I could be wrong. The thing I'm not sure of is whether that should be "CreateObject" rather than "GetObject" but like I say I think the above is correct). The various methods of the WMI object will be useful for controlling administrative things. I won't bother going into more detail if this question seems to be abandoned anyway.