Windows VB Login Script - Mappings based on location

Posted on 2007-08-07
Last Modified: 2013-11-05
OK Gurus, consider the following scenario:

Active Directory Network (Windows 2003, SP1)
Multiple offices, connected via VPN.  (Broadband, various speeds)
Corporate Users / Remote office users are set up in individual OUs. Each OU has its own Login Script(s).  
Servers are stored in a single Hardware OU.
Hub and Spoke network organization.
Central Office has Multiple Servers.  Each remote office has a single server.
85% of work is done on Servers located in Central Office.
15% of work is done on Servers located in Field Offices.
Home Folders and TSProfiles for all users (with the exception of user-ids that are remote only) are set up and stored on shared folders w/in the corporate office (central network)
Users access Central applications from local logins within the corporate office, and via Remote Desktop externally.
User's have single logins IDs and passwords.
Login scripts are VBScript
IP Addressing scheme:  Corporate office 10.0.10.x,  remote offices 192.168.x.x

We have login scripts that work, but would like to refine them.   Here's the challenge - Dont want to map network drives / printers of remote devices.  In other words, when logging into the corporate office server, either locally or RDP, I only want to map central resources.  When logging into a field server (either locally or RDP) I only want to map the drives specific to that environment.  The VPN performance is too irregular to allow users to pull files from remote drives over the VPN.

For Corporate office "Corporate OU"
    Internally (PC/Laptop on Local Network) - Regular Corporate Drive Mappings, Map home folder

    RDP or Terminal Server into Corp Office from Home PC - Regular Corporate Drive Mappings, Use   TSProfile Settings

    RDP or Citrix into Remote Server - Remote Server Drive Mappings, No Home Folder, Dont Use Central TSProfile

    When on Travel to Remote Location (not RDP into Corp Office) - Remote Server Drive Mappings, No Home Folder or TSProfile

Remote Office Users ... in separate "XXX Office OUs"
     Local PC Login to Local Server - Local Drive Mappings, no home folder

     Local PC Login to Corporate office via Citrix / RDP (Corporate Drive Mappings, Home Folder

     Home PC Login to Local Server via RDP - Local Drive Mappings, no home folder

Thanks for the suggestions in advance.
Question by:mggi
    LVL 25

    Accepted Solution

    I ran into this issue myself, and nobody seemed to have a reasonable fix for this other than creating seperat OU's for all the subnets and keeping track of the machines myself.....this wasn't an option because we move machines too often between subnets...too much of a hassle.

    I needed something more I developed my own fix.

    Here is a link to microsoft which my vbscript code was posted.  It allows you to set the network ID portion of your IP address as a machine variable using "setx.exe".... for use in logon scripts.

    Example batch script...the first three lines to eliminate two subnets from running a particular script..or any machine that has not yet set the netid variable.
    IF %NETID% == 192.168.20  EXIT
    IF %NETID% == 192.168.30  EXIT

    Once the variable assignment is set there are any number of ways you can handle the scripting off of it.
    In your case I would use a single batch script to launch the proper vb scripts.

    IF %NETID% LEQ 0 GOTO 10
    IF %NETID% GEQ 0 GOTO 20
    cscript netid.vbs
    IF %NETID% == 192.168.20 GOTO 30
    IF %NETID% == 192.168.30 GOTO 40
    cscript {path}\corporate.drivemapping.vbs
    cscript {path}\corporate.printermapping.vbs
    cscript {path}\remote.drivemapping.vbs
    cscript {path}\remote.printermapping.vbs

    You should create an OU for testing and move one or two machines into it before applying any modified or new GPO's.

    For this code to work as intended, you should have the NETID script run before your other scripts run.  Also the user's who are logging in should have at a minimum, power user level permissions LOCALLY on their machines.  Otherwise you might need to logon as a domain admin the first time a machine is moved to reset the netid variable, then logout and let them log back in.  IF you user's do not have permissions to write files to the root of the C drive, you should copy the setx.exe program to the c drive for them before they logon.  All of my users are admins on locally on their workstations....because the risk is minimal with regard to workstations (installing printers etc.)

    Here's another version of this code. (%IPNETID% instead of %NETID%)
    strComputer = "."
    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
    Set colItems = objWMIService.ExecQuery( _
        "SELECT * FROM Win32_NetworkAdapterConfiguration", , 48)
    For Each objItem In colItems

        If IsNull(objItem.IPAddress) Then


            Ipaddr = Left(Join(objItem.IPAddress, ","), 9)

        Exit For
        End If
     set WshShell = WScript.CreateObject("WScript.Shell") "cmd /c xcopy \\SERVERNAME\programs\setx.exe c:\ /y",0,false "cmd /c c:\setx.exe IPNETID " & Ipaddr & " -m" & " /y" & " | " & "exit",0,false

    LVL 16

    Expert Comment

    If you have your Sites defined in AD Sites And Services with the correct subnets, the clients will already know in which site they are. You can retrieve this information like so:

    Set objADSysInfo = CreateObject("ADSystemInfo")
    ADSite =  objADSysInfo.SiteName

    Then, you can let the script decide what to do, for instance:
    if ADsite="chicago" then mapprinter("\\chicago1\printer3")

    LVL 25

    Expert Comment

    by:Ron M
    Redwulf - Most people use batch scripts for logon scripts....  mostly because it's easier to understand, and vbscripts only run asynchronously....(they don't wait for one command to finish before running the rest of the code.)

    My solution allows you to easily use the network id as a variable in MS-DOS logon scripts....but thanks for your input.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
    Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now