Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6971
  • Last Modified:

If member of "group"in Microsoft Logon Script

I came from a Novell environment using NDS and now have a need to check if a user is a member of a group in the logon script:

Set.......what ever
next statement....whatever
IF MEMBER OF "DIRECTORS: THEN
  RUN THIS
ENDIF

That's all I wan to do, but can't find out how to do an if statement in the logon script
0
hospicecc
Asked:
hospicecc
  • 3
1 Solution
 
Hypercat (Deb)Commented:
First, you need to download the Windows Resource Kit tools.  There is a specific tool in there named "ifmember.exe."  You need to put this executable in your NETLOGON share, and then used the statement in the login script as described:

ifmember [/v|/verbose [/l|/list]|[GroupName1 [GroupName2] ...]

/v|/verbose GroupName1 [GroupName2] ...]
Prints all group matches.

Note
If you are using IfMember interactively, you must use the /v parameter to determine whether or not the current user is a member of the specified group.

/l|/list
Lists all groups of which the user is a member.

GroupName
Specifies one or more group names (separated by a spaces).

The above help information and additional more detailed information on the tool is in the help file that comes along with the resource kit.
0
 
Hypercat (Deb)Commented:
PS Here's a more specific sample:

set GROUP1=YourGroup
<<Insert additional "set" commands for additonal groups>>

if "%GROUP1%"=="" goto NOGROUP1
      ifmember %GROUP1%
      if not errorlevel 1 goto NOGROUP1
                    <<Insert here the drives you want to map or other commands to run for group members>>
NOGROUP1
<<Insert here other commands not dependent on group membership.>>

You repeat the if statement section as often as necessary to cover all groups defined in the set commands.

0
 
hospiceccAuthor Commented:
This is really great information and I'll get ifmember in just a minute..Thanks.

The group I'm trying to query is a group(s) already defined in AD however not established  through a set command.  

I won't have the opportunity to execute a specific set command to set up a variable, so I'll have to go against group membership already established in AD.
0
 
Hypercat (Deb)Commented:
The "set" command is part of the script - shown at the top of my example - that is referring to the groups defined in Active Directory.  It just declares the value for the variable named "GROUP1" in the script. For example, if your AD group is called, as in my sample, "YourGroup," then in your login script, your "set" command to define the variable "GROUP1" is:

set GROUP1 = YourGroup

Then, in the if statement referring to %GROUP1%, the script will substitute the value "YourGroup" when it runs.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now