Solved

Logon script that can tell if users have permissions

Posted on 2006-07-10
4
169 Views
Last Modified: 2012-05-05
Hi all,

I am looking for another scripting method or perhaps some already time tested scripts that will allow me to do the following:

I want to map every possible drive we use for all users however I want the script to be able to tell if they have permission or not and if they do not then i want the script not to map the drive.

Is this possible? if not is there another way to do it?

Summary:

A logon script will only map the a drive to a network share that a user has permission to access.

Thanks

CyberIDentity
0
Comment
Question by:CyberIDentity
4 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 100 total points
ID: 17079093
This is easy - use IFMEMBER and check for their presence in a security group.  (You do assign permissions via groups, right)?

0
 
LVL 29

Accepted Solution

by:
mass2612 earned 300 total points
ID: 17079104
leew is correct. This is how I used to handle this process i.e.

ifmember "group name"
if errorlevel 1 goto Group_Map
:Group_Map
net use g: \\servername\sharename

ifmember "group name 2"
if errorlevel 1 goto Group_Map2
:Group_Map2
net use g: \\servername\othersharename

elc....

0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 100 total points
ID: 17079420
Or use DFS.  Create a DFS root and links to all the shares under it.  Users have one drive mapped to the DFS root with all the share underneath and will only be able to access what the permissions allow.

Other than that big long list of ifmember.exe in batch file or a VBS script etc.

I thought you might be able to do something like:

net use \\server\share
if errorlevel 1 net use x: /delete
if not exist x:\nul net use x: /delete

But of course you can still map a share and even attempt to run a dir of the drive etc. without any error. It is only when you try and write to the share or read a specific files that it fails.  As users may not have  write permissions in the root of a share you can't write a test file to check the rights.  You could make sure there is a specific file in the root of every share you could check for and if you can't find it then delete the mapping but that is messy.  Checking permissions on the fly in a login script with CACLS etc. can only be slow and open to errors.

ifmember or DFS looks like the way to go.

Steve
0
 
LVL 1

Author Comment

by:CyberIDentity
ID: 17086869
Hi all,

Thanks for the replies.

Yes i do use groups to determine who gets access to the shared resources.

I have accepted mass2612's answer as they provided an example, lew and dragon get an assist, I appreciate all your responses :)

Thanks all.

CyberIDentity

0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Note: This is the second blog post in a series on email clearinghouses (https://www.xmatters.com/alert-management/blog-email-has-failed-us?utm_campaign=70138000000ydLoAAI&utm_source=exex&utm_medium=article&utm_content=blog-post).   Every month t…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now