Windows VB Login Script - Mappings based on location

OK Gurus, consider the following scenario:

Active Directory Network (Windows 2003, SP1)
Multiple offices, connected via VPN.  (Broadband, various speeds)
Corporate Users / Remote office users are set up in individual OUs. Each OU has its own Login Script(s).  
Servers are stored in a single Hardware OU.
Hub and Spoke network organization.
Central Office has Multiple Servers.  Each remote office has a single server.
85% of work is done on Servers located in Central Office.
15% of work is done on Servers located in Field Offices.
Home Folders and TSProfiles for all users (with the exception of user-ids that are remote only) are set up and stored on shared folders w/in the corporate office (central network)
Users access Central applications from local logins within the corporate office, and via Remote Desktop externally.
User's have single logins IDs and passwords.
Login scripts are VBScript
IP Addressing scheme:  Corporate office 10.0.10.x,  remote offices 192.168.x.x

We have login scripts that work, but would like to refine them.   Here's the challenge - Dont want to map network drives / printers of remote devices.  In other words, when logging into the corporate office server, either locally or RDP, I only want to map central resources.  When logging into a field server (either locally or RDP) I only want to map the drives specific to that environment.  The VPN performance is too irregular to allow users to pull files from remote drives over the VPN.

For Corporate office "Corporate OU"
    Internally (PC/Laptop on Local Network) - Regular Corporate Drive Mappings, Map home folder

    RDP or Terminal Server into Corp Office from Home PC - Regular Corporate Drive Mappings, Use   TSProfile Settings

    RDP or Citrix into Remote Server - Remote Server Drive Mappings, No Home Folder, Dont Use Central TSProfile

    When on Travel to Remote Location (not RDP into Corp Office) - Remote Server Drive Mappings, No Home Folder or TSProfile

Remote Office Users ... in separate "XXX Office OUs"
     Local PC Login to Local Server - Local Drive Mappings, no home folder

     Local PC Login to Corporate office via Citrix / RDP (Corporate Drive Mappings, Home Folder

     Home PC Login to Local Server via RDP - Local Drive Mappings, no home folder

Thanks for the suggestions in advance.
Who is Participating?
Ron MalmsteadConnect With a Mentor Information Services ManagerCommented:
I ran into this issue myself, and nobody seemed to have a reasonable fix for this other than creating seperat OU's for all the subnets and keeping track of the machines myself.....this wasn't an option because we move machines too often between subnets...too much of a hassle.

I needed something more I developed my own fix.

Here is a link to microsoft which my vbscript code was posted.  It allows you to set the network ID portion of your IP address as a machine variable using "setx.exe".... for use in logon scripts.

Example batch script...the first three lines to eliminate two subnets from running a particular script..or any machine that has not yet set the netid variable.
IF %NETID% == 192.168.20  EXIT
IF %NETID% == 192.168.30  EXIT

Once the variable assignment is set there are any number of ways you can handle the scripting off of it.
In your case I would use a single batch script to launch the proper vb scripts.

cscript netid.vbs
IF %NETID% == 192.168.20 GOTO 30
IF %NETID% == 192.168.30 GOTO 40
cscript {path}\corporate.drivemapping.vbs
cscript {path}\corporate.printermapping.vbs
cscript {path}\remote.drivemapping.vbs
cscript {path}\remote.printermapping.vbs

You should create an OU for testing and move one or two machines into it before applying any modified or new GPO's.

For this code to work as intended, you should have the NETID script run before your other scripts run.  Also the user's who are logging in should have at a minimum, power user level permissions LOCALLY on their machines.  Otherwise you might need to logon as a domain admin the first time a machine is moved to reset the netid variable, then logout and let them log back in.  IF you user's do not have permissions to write files to the root of the C drive, you should copy the setx.exe program to the c drive for them before they logon.  All of my users are admins on locally on their workstations....because the risk is minimal with regard to workstations (installing printers etc.)

Here's another version of this code. (%IPNETID% instead of %NETID%)
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery( _
    "SELECT * FROM Win32_NetworkAdapterConfiguration", , 48)
For Each objItem In colItems

    If IsNull(objItem.IPAddress) Then


        Ipaddr = Left(Join(objItem.IPAddress, ","), 9)

    Exit For
    End If
 set WshShell = WScript.CreateObject("WScript.Shell") "cmd /c xcopy \\SERVERNAME\programs\setx.exe c:\ /y",0,false "cmd /c c:\setx.exe IPNETID " & Ipaddr & " -m" & " /y" & " | " & "exit",0,false

If you have your Sites defined in AD Sites And Services with the correct subnets, the clients will already know in which site they are. You can retrieve this information like so:

Set objADSysInfo = CreateObject("ADSystemInfo")
ADSite =  objADSysInfo.SiteName

Then, you can let the script decide what to do, for instance:
if ADsite="chicago" then mapprinter("\\chicago1\printer3")

Ron MalmsteadInformation Services ManagerCommented:
Redwulf - Most people use batch scripts for logon scripts....  mostly because it's easier to understand, and vbscripts only run asynchronously....(they don't wait for one command to finish before running the rest of the code.)

My solution allows you to easily use the network id as a variable in MS-DOS logon scripts....but thanks for your input.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.