Logon script that can tell if users have permissions

Hi all,

I am looking for another scripting method or perhaps some already time tested scripts that will allow me to do the following:

I want to map every possible drive we use for all users however I want the script to be able to tell if they have permission or not and if they do not then i want the script not to map the drive.

Is this possible? if not is there another way to do it?

Summary:

A logon script will only map the a drive to a network share that a user has permission to access.

Thanks

CyberIDentity
LVL 1
CyberIDentityAsked:
Who is Participating?
 
mass2612Connect With a Mentor Commented:
leew is correct. This is how I used to handle this process i.e.

ifmember "group name"
if errorlevel 1 goto Group_Map
:Group_Map
net use g: \\servername\sharename

ifmember "group name 2"
if errorlevel 1 goto Group_Map2
:Group_Map2
net use g: \\servername\othersharename

elc....

0
 
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
This is easy - use IFMEMBER and check for their presence in a security group.  (You do assign permissions via groups, right)?

0
 
Steve KnightConnect With a Mentor IT ConsultancyCommented:
Or use DFS.  Create a DFS root and links to all the shares under it.  Users have one drive mapped to the DFS root with all the share underneath and will only be able to access what the permissions allow.

Other than that big long list of ifmember.exe in batch file or a VBS script etc.

I thought you might be able to do something like:

net use \\server\share
if errorlevel 1 net use x: /delete
if not exist x:\nul net use x: /delete

But of course you can still map a share and even attempt to run a dir of the drive etc. without any error. It is only when you try and write to the share or read a specific files that it fails.  As users may not have  write permissions in the root of a share you can't write a test file to check the rights.  You could make sure there is a specific file in the root of every share you could check for and if you can't find it then delete the mapping but that is messy.  Checking permissions on the fly in a login script with CACLS etc. can only be slow and open to errors.

ifmember or DFS looks like the way to go.

Steve
0
 
CyberIDentityAuthor Commented:
Hi all,

Thanks for the replies.

Yes i do use groups to determine who gets access to the shared resources.

I have accepted mass2612's answer as they provided an example, lew and dragon get an assist, I appreciate all your responses :)

Thanks all.

CyberIDentity

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.