[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1157
  • Last Modified:

LogOn script to enable Network services

I'm working on a script, which may be used at logon, or as system process to enable the Network services (i.e. "Client for Microsoft Network" and "File and Print Sharing") if users notebooks are in office/home network. If users are in different network with static or dhcp-enabled IP (unknown IP addreses, but not from our networks) so these services must be in down-state (disabled). How to implement this?
1 Solution
Interesting question.
I see two problems:
1) Services are started _before_ user logs in.
2) Logon scripts are run with user priveleges, so user must be local administrator

So until user login every share will be open. Not very good.

If you insist on your question. There is onw easy way:
1) You will write 'check' program (VBS or whatsever language) that will return 1 if user is in LAN and 0 otherwise
2) In logon script you will run your 'check' program and analyse return code (IF .. THEN) on 1 you will run 'net start ...' on 0 you will run 'net stop ...' with appropriate service names. See 'net start' for list of services.

Just in case this response still gets to the person who originally asked the question, I'll just add that you can avoid having the services run until login on foreign networks by having them down by default (manual startup would be a start).  Then they'd only be enabled on login.

The problem of NET START not working unless the users were local admin still stands, though, and it's very rarely a good idea to give users that much power over their machines.  I do have another suggestion.

If you start with your potentially insecure services / shares / etc disabled security is taken care of.  Then you can have the login script attempt to contact a service running on a server, like the DC, on your own network.  If this succeeds, that service, which could run with domain administrative priveleges, could start the relevant services on the user  machine remotely.  I think if you're thinking of looking into this more deeply, WMI might be useful to you - use:

Set objWMI = GetObject("winmgmts://<machine>/root/CIMV2")

to connect (I think that's right; I could be wrong.  The thing I'm not sure of is whether that should be "CreateObject" rather than "GetObject" but like I say I think the above is correct).  The various methods of the WMI object will be useful for controlling administrative things.  I won't bother going into more detail if this question seems to be abandoned anyway.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now