Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Logon script that can tell if users have permissions

Posted on 2006-07-10
4
Medium Priority
?
177 Views
Last Modified: 2012-05-05
Hi all,

I am looking for another scripting method or perhaps some already time tested scripts that will allow me to do the following:

I want to map every possible drive we use for all users however I want the script to be able to tell if they have permission or not and if they do not then i want the script not to map the drive.

Is this possible? if not is there another way to do it?

Summary:

A logon script will only map the a drive to a network share that a user has permission to access.

Thanks

CyberIDentity
0
Comment
Question by:CyberIDentity
4 Comments
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 300 total points
ID: 17079093
This is easy - use IFMEMBER and check for their presence in a security group.  (You do assign permissions via groups, right)?

0
 
LVL 29

Accepted Solution

by:
mass2612 earned 900 total points
ID: 17079104
leew is correct. This is how I used to handle this process i.e.

ifmember "group name"
if errorlevel 1 goto Group_Map
:Group_Map
net use g: \\servername\sharename

ifmember "group name 2"
if errorlevel 1 goto Group_Map2
:Group_Map2
net use g: \\servername\othersharename

elc....

0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 300 total points
ID: 17079420
Or use DFS.  Create a DFS root and links to all the shares under it.  Users have one drive mapped to the DFS root with all the share underneath and will only be able to access what the permissions allow.

Other than that big long list of ifmember.exe in batch file or a VBS script etc.

I thought you might be able to do something like:

net use \\server\share
if errorlevel 1 net use x: /delete
if not exist x:\nul net use x: /delete

But of course you can still map a share and even attempt to run a dir of the drive etc. without any error. It is only when you try and write to the share or read a specific files that it fails.  As users may not have  write permissions in the root of a share you can't write a test file to check the rights.  You could make sure there is a specific file in the root of every share you could check for and if you can't find it then delete the mapping but that is messy.  Checking permissions on the fly in a login script with CACLS etc. can only be slow and open to errors.

ifmember or DFS looks like the way to go.

Steve
0
 
LVL 1

Author Comment

by:CyberIDentity
ID: 17086869
Hi all,

Thanks for the replies.

Yes i do use groups to determine who gets access to the shared resources.

I have accepted mass2612's answer as they provided an example, lew and dragon get an assist, I appreciate all your responses :)

Thanks all.

CyberIDentity

0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The first step to building an amazing About page is to figure out what you want the page to say about your company. You then must grab the attention of the reader, boast a bit, tell a story and let others brag about you. With a little bit of thought…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question