Solved

VBS LOGIN SCRIPT DOES NOT WORK

Posted on 2007-11-28
25
636 Views
Last Modified: 2013-12-23
I have developed a VBS script that works just fine if you the Enterprise Admin, but does not seem to work for anyone else. Can someone tell me what needs to be changed so this works for everyone?
Set WshNetwork = WScript.CreateObject("WScript.Network")

strUser = WshNetwork.UserName

On Error Resume Next

'************************************************

'CREATE TEMP FOLDER ON CLIENT COMPUTER

'************************************************

'Option Explicit

Dim objFSO, objFolder, strDirectory

strDirectory = "c:\TEMP" 

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFolder = objFSO.CreateFolder(strDirectory)

'WScript.Echo "Just created " & strDirectory 

'************************************************

'SET TEMP FOLDER RIGHTS CLIENT COMPUTER

'************************************************

Set objShell=CreateObject("Wscript.shell")

With objShell

  .Run "cmd /c cacls c:\temp /e /g Administrator:F", 0

  .Run "cmd /c cacls c:\temp /e /g Administrators:F", 0

  .Run "cmd /c cacls c:\temp /e /g " & chr(34) & "Authenticated Users" & chr(34) & ":C", 0

  .Run "cmd /c cacls c:\temp /e /g " & chr(34) & "Creator Owner" & chr(34) & ":F", 0

  .Run "cmd /c cacls c:\temp /e /g SYSTEM:F", 0

  .Run "cmd /c cacls c:\temp /e /g Users:C", 0

end with

'************************************************

'DELETE ALL MAPPED DRIVES

'************************************************

set Net = CreateObject("Wscript.Network")

set Drives = Net.EnumNetworkDrives

for each item in Drives

  if right(item,1) = ":" then

         Net.RemoveNetworkDrive item

end if

next

'************************************************

'DELETE ALL NETWORK PRINTERS

'************************************************

'Set clPrinters = WshNetwork.EnumPrinterConnections

'On Error Resume Next

'For i = 0 to clPrinters.Count - 1 Step 2

'wshNetwork.RemovePrinterConnection clPrinters.Item(i+1), true

'next

'************************************************

'DELETE ALL LOCAL PRINTERS EXCEPT NAMED PRINTERS

'************************************************

'strComputer = "."

'Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

'Set colInstalledPrinters =  objWMIService.ExecQuery _

'    ("Select * from Win32_Printer Where Network = FALSE")

'For Each objPrinter in colInstalledPrinters

'If objPrinter.Name = "V_CD_HP5550" or objPrinter.Name = "V_STU_HP6P" or objPrinter.Name = "V_IT_E1280" or objPrinter.Name = "LEADTOOLS ePrint IV" or objPrinter.Name = "SnagIt 8" or objPrinter.Name = "Evolis Pebble" or objPrinter.Name = "eCopy Desktop 9.0 Printer" or objPrinter.Name = "Microsoft XPS Document Writer" or objPrinter.Name = "Microsoft Office Document Image Writer" or objPrinter.Name = "Adobe PDF" then

'strdelete = false

'else

'objPrinter.Delete_

'end if 

'next

'************************************************

'MAP DRIVES & PRINTERS BASED ON GROUP MEMBERSHIP

'************************************************

On Error Resume Next
 

Dim fso

Set fso = CreateObject("Scripting.FileSystemObject")

Set objSysInfo = CreateObject("ADSystemInfo")

Set objNetwork = CreateObject("Wscript.Network")
 

strUserPath = "LDAP://" & objSysInfo.UserName

Set objUser = GetObject(strUserPath)
 

For Each strGroup in objUser.MemberOf

    strGroupPath = "LDAP://" & strGroup

    Set objGroup = GetObject(strGroupPath)

    strGroupName = objGroup.CN
 

 Select Case strGroupName
 

Case "NetOps"

'************************************************

'COPY WALLPAPER TO CLIENT COMPUTER

'************************************************

		'Change to 1 if you want it to overwrite

		fso.CopyFile "\\SVR-1\netlogon\netops.jpg", "c:\temp\netops.jpg", -0

		fso.CopyFile "\\SVR-1\netlogon\netops.bgi", "c:\temp\netops.bgi", -1

		fso.CopyFile "\\SVR-1\netlogon\bginfo.exe", "c:\temp\bginfo.exe", -0

		Set fs = Nothing

		Set WSHShell = CreateObject("Wscript.Shell")

		WSHShell.Run ("\\SVR-1\netlogon\netopsbgi.bat"), 0

'************************************************

'MAP NETWORK SHARES

'************************************************

		objNetwork.MapNetworkDrive "I:", "\\SVR-1\RGM32"

		objNetwork.MapNetworkDrive "O:", "\\SVR-3\D$"

		objNetwork.MapNetworkDrive "P:", "\\SVR-3\E$"

		objNetwork.MapNetworkDrive "S:", "\\SVR-2\public\Shares"

		objNetwork.MapNetworkDrive "V:", "\\SVR-2\public\ID Badges"

		objNetwork.MapNetworkDrive "W:", "\\SVR-3\Work Files"

		objNetwork.MapNetworkDrive "X:", "\\SVR-2\public\TSQL"

		objNetwork.MapNetworkDrive "Y:", "\\SVR-1\prof-staff$"

		objNetwork.MapNetworkDrive "Z:", "\\SVR-2\it\Installs"

'************************************************

'MAP NETWORK PRINTERS

'************************************************

		Set WshNetwork = CreateObject("WScript.Network")

		PrinterPath = "\\SVR-1\V-iRC6800"

		PrinterDriver = "Canon iR C6800 PCL5c"

		WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver

		'WshNetwork.SetDefaultPrinter "\\SVR-1\V-iRC6800"
 

		Set WshNetwork = CreateObject("WScript.Network")

		PrinterPath = "\\SVR-1\V-FD-1320"

		PrinterDriver = "hp LaserJet 1320 PCL 6"

		WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
 

		Set WshNetwork = CreateObject("WScript.Network")

		PrinterPath = "\\SVR-1\V-FA-1300"

		PrinterDriver = "hp LaserJet 1300 PCL 6"

		WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver

        

Case "Management"

'************************************************

'COPY WALLPAPER TO CLIENT COMPUTER

'************************************************

		'Change to 1 if you want it to overwrite

		fso.CopyFile "\\SVR-1\netlogon\management.jpg", "c:\temp\management.jpg", -0

		fso.CopyFile "\\SVR-1\netlogon\management.bgi", "c:\temp\management.bgi", -1

		fso.CopyFile "\\SVR-1\netlogon\bginfo.exe", "c:\temp\bginfo.exe", -0

		Set fs = Nothing

		Set WSHShell = CreateObject("Wscript.Shell")

		WSHShell.Run ("\\SVR-1\netlogon\managementbgi.bat"), 0

'************************************************

'MAP NETWORK SHARES

'************************************************

		objNetwork.MapNetworkDrive "I:", "\\SVR-1\Rgm32"

		objNetwork.MapNetworkDrive "S:", "\\SVR-2\public\SHARES"

		objNetwork.MapNetworkDrive "X:", "\\SVR-2\public\TSQL"

'************************************************

'MAP NETWORK PRINTERS

'************************************************

		Set WshNetwork = CreateObject("WScript.Network")

		PrinterPath = "\\SVR-1\V-iRC6800"

		PrinterDriver = "Canon iR C6800 PCL5c"

		WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver

		' WshNetwork.SetDefaultPrinter "\\SVR-1\V-iRC6800"
 

		Set WshNetwork = CreateObject("WScript.Network")

		PrinterPath = "\\SVR-1\V_FD_1320"

		PrinterDriver = "hp LaserJet 1320 PCL 6"

		WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
 

		Set WshNetwork = CreateObject("WScript.Network")

		PrinterPath = "\\SVR-1\V_FA_1300"

		PrinterDriver = "hp LaserJet 1300 PCL 6"

		WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
 

Case "Staff"

'************************************************

'COPY WALLPAPER TO CLIENT COMPUTER

'************************************************

		'Change to 1 if you want it to overwrite

		fso.CopyFile "\\SVR-1\netlogon\staff.jpg", "c:\temp\staff.jpg", -0

		fso.CopyFile "\\SVR-1\netlogon\staff.bgi", "c:\temp\staff.bgi", -1

		fso.CopyFile "\\SVR-1\netlogon\bginfo.exe", "c:\temp\bginfo.exe", -0

		Set fs = Nothing

		Set WSHShell = CreateObject("Wscript.Shell")

		WSHShell.Run ("\\SVR-1\netlogon\staffbgi.bat"), 0

'************************************************

'MAP NETWORK SHARES

'************************************************

		objNetwork.MapNetworkDrive "I:", "\\SVR-1\Rgm32"

		objNetwork.MapNetworkDrive "S:", "\\SVR-2\public\SHARES"

		objNetwork.MapNetworkDrive "X:", "\\SVR-2\public\TSQL"

'************************************************

'MAP VAN NETWORK PRINTERS

'************************************************

		Set WshNetwork = CreateObject("WScript.Network")

		PrinterPath = "\\SVR-1\V-iRC6800"

		PrinterDriver = "Canon iR C6800 PCL5c"

		WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver

		' WshNetwork.SetDefaultPrinter "\\SVR-1\V-iRC6800"
 

		Set WshNetwork = CreateObject("WScript.Network")

		PrinterPath = "\\SVR-1\V_FD_1320"

		PrinterDriver = "hp LaserJet 1320 PCL 6"

		WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
 

	End Select
 

Next

'************************************************

'Map Special Drives By User ID 

'************************************************

'MsgBox(struser)

If InStr(strUser, "sharon.dugan") Then

WshNetwork.MapNetworkDrive "W:", "\\SVR-3\Work Files"
 

End If
 

'MsgBox(struser)

If InStr(strUser, "zed.meyers") Then

WshNetwork.MapNetworkDrive "Q:", "\\haw-0001\quickbooks$"
 

End If
 

'MsgBox(struser)

'If InStr(strUser, "rosleen.aurora") Then

'WshNetwork.MapNetworkDrive "T:", "\\H-fadir\EDConn"

'WshNetwork.MapNetworkDrive "U:", "\\H-fadir\ED"
 

'End If
 

'************************************************

'Numlock On 

'************************************************

set WshShell = CreateObject("WScript.Shell")

WshShell.SendKeys "{NUMLOCK}" 
 

WScript.Quit

Open in new window

0
Comment
Question by:Lazarus
  • 14
  • 10
25 Comments
 
LVL 21

Expert Comment

by:from_exp
Comment Utility
do users have permissions to access this file?
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Can I recommend that you put some debugging info into the script, also break it down into sections to test.  If you save this reduced script in the NETLOGON folder, you will be able to access it from any client.

Then, as a low-privilege user, start Command Prompt and use CSCRIPT to run the script.  Remove the "On Error Resume Next" so that you get error messages, but wrap sections that might legitimately cause errors in "On Error Resume Next"/"On Error Goto 0" pairs so that those continue successfully.

It may be your Active Directory query that is the problem, but let's focus the issue rather than trying to answer hypothetical possibilities.
0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
The users are able to run the script from the NETLOGON folder yes, and the script runs thru, but does not run the 'MAP DRIVES & PRINTERS BASED ON GROUP MEMBERSHIP section. Everything else works for non Enterprise Admins
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Try augmenting the script with some debug info, such as:
  WScript.Echo "Group: "  & strGroupName & vbCrLf

Find out exactly what isn't working, and using this method you'll find out why.
0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
With "On Error Resume Next" removed I get an error at line 70 character 1, object not a collection.

Will try the "WScript.Echo "Group: "  & strGroupName & vbCrLf" next
0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
Where should I place that snippet of code?
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Sounds like the group membership of the requested user is not accessible.

You may also want to check the permissions in Active Directory.  Do your users have access to enumerate group memberships?
0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
I placed your code in there and it comes up with Group: "BLANK"
How do I check to figure out the membership enumeration?
Thats something I've never had to deal with, but I learn...
0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
Or better yet, how do I grant it for the script only?
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
The code can go on any line.  Most things can be written as strings, so just change strGroupName and the prefix to whatever is useful.

I recommend that you put a whole bunch of these, with different number prefixes, so you can see exactly where your code goes for the user.

If you put them before the line causing the error, you can see what the script can see, by showing the user's details or anything else.

Perhaps also check that the GetObject line has returned an object.
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
I'm assuming you don't have a group called BLANK?!  Actually, I know some reasons why such groups DO exist!  Let me know.

Next question is whether the user is a member of any groups.  If the MemberOf property is not a legitimate collection, then the For Each will fail.  Since this is an exceptional case, it may make sense to wrap an On Error pairing around the for each, that way the script will continue after the For Each block in the error case.
0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
I'm a bit weak in VBS scripting.

Putting the code "WScript.Echo "Object: "  & strGroupPath & vbCrLf" gives me back LDAP://

Another other help? I seem a bit lost (A LOT LOST)
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 20

Author Comment

by:Lazarus
Comment Utility
Yes, the user is a member of "Faculty" and a Domain User. The BLANK was just that nothing, like you thought.
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Try adjusting it with an If Then block as follows.  Remember to terminate the block.
For Each strGroup in objUser.MemberOf

    strGroupPath = "" & strGroup ' this forces strGroup to a string

    If strGroupPath <> "" Then

       strGroupPath = "LDAP://" & strGroup

       Set objGroup = GetObject(strGroupPath)

       strGroupName = objGroup.CN
 

    ...
 

    End If

Open in new window

0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
OK, after doing that I still get the same thing, so perhaps it's an enumeration problem?
0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
So how do I allow the script to enumerate the Users Group properly?
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
You can use the following code to see an error, after any statement:

If Err.Number <> 0 Then
      WScript.Echo Err.Description
end if

I don't think "memberOf" is being retrieved correctly.  Am not currently sure why.  Will investigate when I have time.
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
Try the following:
http://msdn2.microsoft.com/en-us/library/aa746340.aspx

Use the objUser.Groups item

I can't test this as I'm not a member of any groups.  Note that it does not appear to return membership of the primary group, but I've seen this behaviour documented elsewhere and I don't think it'll affect your needs.
For Each objGroup in objUser.Groups

   WScript.Echo objGroup.Name

Next

Open in new window

0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
I'll look into this over the weekend and get back to you.
0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
Nope that didn't do anything either. It's simply coming down to a security issue with polices that will not let non admins enumerate a group. So I'll either have to fix that or try another way of scripting this. Thanks for trying though.
0
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 500 total points
Comment Utility
Try running the command:

net user /domain

at a command prompt.  If you can see the information about the users groups, you may have more success using the WinNT provider rather than using LDAP with ADSI.  See:

http://msdn2.microsoft.com/en-us/library/aa772316.aspx

I'm surprised that you are not actually receiving a "you do not have permissions" type of error.
0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
I was able to figure out a way around everything by using a different method to pull the groups. I'll attach the code snippet
Option Explicit ' Force explicit declarations

Dim WSHNetwork

Dim FSO

Dim strUserName ' Current user

Dim strUserDomain ' Current User's domain name

Dim ObjGroupDict ' Dictionary of groups to which the user belongs

Dim WshShell
 

Set WSHNetwork = WScript.CreateObject("WScript.Network")

Set FSO = CreateObject("Scripting.FileSystemObject")

set wshShell = CreateObject("Wscript.Shell")
 

strUserName = ""

While strUserName = ""

strUserName = WSHNetwork.UserName

Wend

strUserDomain = WSHNetwork.UserDomain
 

Set ObjGroupDict = CreateMemberOfObject(strUserDomain, strUserName)

If MemberOf(ObjGroupDict, "ITTECH") Then

WshNetwork.MapNetworkDrive "N:", "\\SVR1\INSTALLS"
 

ElseIf MemberOf(ObjGroupDict, "STAFF") Then

WshNetwork.MapNetworkDrive "N:", "\\SVR1\SHARES"
 

Else 

'Nothing

End If
 

Function MemberOf(ObjDict, strKey)

MemberOf = CBool(ObjGroupDict.Exists(strKey))
 

End Function
 

Function CreateMemberOfObject(strDomain, strUserName)
 

Dim objUser, objGroup
 

Set CreateMemberOfObject = CreateObject("Scripting.Dictionary")

CreateMemberOfObject.CompareMode = vbTextCompare

Set objUser = GetObject("WinNT://" _

& strDomain & "/" _

& strUserName & ",user")

For Each objGroup In objUser.Groups

CreateMemberOfObject.Add objGroup.Name, "-"

Next

Set objUser = Nothing
 

End Function

Open in new window

0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
Wish I could have made the code simpler, But I'm not all that with coding VB Scripts.
Perhaps someone has an idea on how to tighten that code?

But at least I have it working now.
0
 
LVL 19

Expert Comment

by:SteveH_UK
Comment Utility
So looks like you used the WinNT provider as I suggested, then.
0
 
LVL 20

Author Comment

by:Lazarus
Comment Utility
Well, yeah it sort looks that way. But I had to dig pretty hard to get this code to work for sure...
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now