Solved

Logon script that can tell if users have permissions

Posted on 2006-07-10
4
168 Views
Last Modified: 2012-05-05
Hi all,

I am looking for another scripting method or perhaps some already time tested scripts that will allow me to do the following:

I want to map every possible drive we use for all users however I want the script to be able to tell if they have permission or not and if they do not then i want the script not to map the drive.

Is this possible? if not is there another way to do it?

Summary:

A logon script will only map the a drive to a network share that a user has permission to access.

Thanks

CyberIDentity
0
Comment
Question by:CyberIDentity
4 Comments
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 100 total points
Comment Utility
This is easy - use IFMEMBER and check for their presence in a security group.  (You do assign permissions via groups, right)?

0
 
LVL 29

Accepted Solution

by:
mass2612 earned 300 total points
Comment Utility
leew is correct. This is how I used to handle this process i.e.

ifmember "group name"
if errorlevel 1 goto Group_Map
:Group_Map
net use g: \\servername\sharename

ifmember "group name 2"
if errorlevel 1 goto Group_Map2
:Group_Map2
net use g: \\servername\othersharename

elc....

0
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 100 total points
Comment Utility
Or use DFS.  Create a DFS root and links to all the shares under it.  Users have one drive mapped to the DFS root with all the share underneath and will only be able to access what the permissions allow.

Other than that big long list of ifmember.exe in batch file or a VBS script etc.

I thought you might be able to do something like:

net use \\server\share
if errorlevel 1 net use x: /delete
if not exist x:\nul net use x: /delete

But of course you can still map a share and even attempt to run a dir of the drive etc. without any error. It is only when you try and write to the share or read a specific files that it fails.  As users may not have  write permissions in the root of a share you can't write a test file to check the rights.  You could make sure there is a specific file in the root of every share you could check for and if you can't find it then delete the mapping but that is messy.  Checking permissions on the fly in a login script with CACLS etc. can only be slow and open to errors.

ifmember or DFS looks like the way to go.

Steve
0
 
LVL 1

Author Comment

by:CyberIDentity
Comment Utility
Hi all,

Thanks for the replies.

Yes i do use groups to determine who gets access to the shared resources.

I have accepted mass2612's answer as they provided an example, lew and dragon get an assist, I appreciate all your responses :)

Thanks all.

CyberIDentity

0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now