Windows VB Login Script - Mappings based on location

Posted on 2007-08-07
Medium Priority
Last Modified: 2013-11-05
OK Gurus, consider the following scenario:

Active Directory Network (Windows 2003, SP1)
Multiple offices, connected via VPN.  (Broadband, various speeds)
Corporate Users / Remote office users are set up in individual OUs. Each OU has its own Login Script(s).  
Servers are stored in a single Hardware OU.
Hub and Spoke network organization.
Central Office has Multiple Servers.  Each remote office has a single server.
85% of work is done on Servers located in Central Office.
15% of work is done on Servers located in Field Offices.
Home Folders and TSProfiles for all users (with the exception of user-ids that are remote only) are set up and stored on shared folders w/in the corporate office (central network)
Users access Central applications from local logins within the corporate office, and via Remote Desktop externally.
User's have single logins IDs and passwords.
Login scripts are VBScript
IP Addressing scheme:  Corporate office 10.0.10.x,  remote offices 192.168.x.x

We have login scripts that work, but would like to refine them.   Here's the challenge - Dont want to map network drives / printers of remote devices.  In other words, when logging into the corporate office server, either locally or RDP, I only want to map central resources.  When logging into a field server (either locally or RDP) I only want to map the drives specific to that environment.  The VPN performance is too irregular to allow users to pull files from remote drives over the VPN.

For Corporate office users...in "Corporate OU"
    Internally (PC/Laptop on Local Network) - Regular Corporate Drive Mappings, Map home folder

    RDP or Terminal Server into Corp Office from Home PC - Regular Corporate Drive Mappings, Use   TSProfile Settings

    RDP or Citrix into Remote Server - Remote Server Drive Mappings, No Home Folder, Dont Use Central TSProfile

    When on Travel to Remote Location (not RDP into Corp Office) - Remote Server Drive Mappings, No Home Folder or TSProfile

Remote Office Users ... in separate "XXX Office OUs"
     Local PC Login to Local Server - Local Drive Mappings, no home folder

     Local PC Login to Corporate office via Citrix / RDP (Corporate Drive Mappings, Home Folder

     Home PC Login to Local Server via RDP - Local Drive Mappings, no home folder

Thanks for the suggestions in advance.
Question by:mggi
  • 2
LVL 25

Accepted Solution

Ron Malmstead earned 1500 total points
ID: 19646989
I ran into this issue myself, and nobody seemed to have a reasonable fix for this other than creating seperat OU's for all the subnets and keeping track of the machines myself.....this wasn't an option because we move machines too often between subnets...too much of a hassle.

I needed something more automatic....so I developed my own fix.

Here is a link to microsoft which my vbscript code was posted.  It allows you to set the network ID portion of your IP address as a machine variable using "setx.exe".... for use in logon scripts.

Example batch script...the first three lines to eliminate two subnets from running a particular script..or any machine that has not yet set the netid variable.
IF %NETID% == 192.168.20  EXIT
IF %NETID% == 192.168.30  EXIT

Once the variable assignment is set there are any number of ways you can handle the scripting off of it.
In your case I would use a single batch script to launch the proper vb scripts.

cscript netid.vbs
IF %NETID% == 192.168.20 GOTO 30
IF %NETID% == 192.168.30 GOTO 40
cscript {path}\corporate.drivemapping.vbs
cscript {path}\corporate.printermapping.vbs
cscript {path}\remote.drivemapping.vbs
cscript {path}\remote.printermapping.vbs

You should create an OU for testing and move one or two machines into it before applying any modified or new GPO's.

For this code to work as intended, you should have the NETID script run before your other scripts run.  Also the user's who are logging in should have at a minimum, power user level permissions LOCALLY on their machines.  Otherwise you might need to logon as a domain admin the first time a machine is moved to reset the netid variable, then logout and let them log back in.  IF you user's do not have permissions to write files to the root of the C drive, you should copy the setx.exe program to the c drive for them before they logon.  All of my users are admins on locally on their workstations....because the risk is minimal with regard to workstations (installing printers etc.)

Here's another version of this code. (%IPNETID% instead of %NETID%)
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_NetworkAdapterConfiguration", , 48)
For Each objItem In colItems

    If IsNull(objItem.IPAddress) Then


        Ipaddr = Left(Join(objItem.IPAddress, ","), 9)

    Exit For
    End If
 set WshShell = WScript.CreateObject("WScript.Shell")
 wshShell.run "cmd /c xcopy \\SERVERNAME\programs\setx.exe c:\ /y",0,false
 WshShell.run "cmd /c c:\setx.exe IPNETID " & Ipaddr & " -m" & " /y" & " | " & "exit",0,false

LVL 16

Expert Comment

ID: 20402990
If you have your Sites defined in AD Sites And Services with the correct subnets, the clients will already know in which site they are. You can retrieve this information like so:

Set objADSysInfo = CreateObject("ADSystemInfo")
ADSite =  objADSysInfo.SiteName

Then, you can let the script decide what to do, for instance:
if ADsite="chicago" then mapprinter("\\chicago1\printer3")

LVL 25

Expert Comment

by:Ron Malmstead
ID: 23014447
Redwulf - Most people use batch scripts for logon scripts....  mostly because it's easier to understand, and vbscripts only run asynchronously....(they don't wait for one command to finish before running the rest of the code.)

My solution allows you to easily use the network id as a variable in MS-DOS logon scripts....but thanks for your input.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip is around source server preparation. No migration is an easy migration, there is a…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question