Lazarus
asked on
VBS LOGIN SCRIPT DOES NOT WORK
I have developed a VBS script that works just fine if you the Enterprise Admin, but does not seem to work for anyone else. Can someone tell me what needs to be changed so this works for everyone?
Set WshNetwork = WScript.CreateObject("WScript.Network")
strUser = WshNetwork.UserName
On Error Resume Next
'************************************************
'CREATE TEMP FOLDER ON CLIENT COMPUTER
'************************************************
'Option Explicit
Dim objFSO, objFolder, strDirectory
strDirectory = "c:\TEMP"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFolder = objFSO.CreateFolder(strDirectory)
'WScript.Echo "Just created " & strDirectory
'************************************************
'SET TEMP FOLDER RIGHTS CLIENT COMPUTER
'************************************************
Set objShell=CreateObject("Wscript.shell")
With objShell
.Run "cmd /c cacls c:\temp /e /g Administrator:F", 0
.Run "cmd /c cacls c:\temp /e /g Administrators:F", 0
.Run "cmd /c cacls c:\temp /e /g " & chr(34) & "Authenticated Users" & chr(34) & ":C", 0
.Run "cmd /c cacls c:\temp /e /g " & chr(34) & "Creator Owner" & chr(34) & ":F", 0
.Run "cmd /c cacls c:\temp /e /g SYSTEM:F", 0
.Run "cmd /c cacls c:\temp /e /g Users:C", 0
end with
'************************************************
'DELETE ALL MAPPED DRIVES
'************************************************
set Net = CreateObject("Wscript.Network")
set Drives = Net.EnumNetworkDrives
for each item in Drives
if right(item,1) = ":" then
Net.RemoveNetworkDrive item
end if
next
'************************************************
'DELETE ALL NETWORK PRINTERS
'************************************************
'Set clPrinters = WshNetwork.EnumPrinterConnections
'On Error Resume Next
'For i = 0 to clPrinters.Count - 1 Step 2
'wshNetwork.RemovePrinterConnection clPrinters.Item(i+1), true
'next
'************************************************
'DELETE ALL LOCAL PRINTERS EXCEPT NAMED PRINTERS
'************************************************
'strComputer = "."
'Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
'Set colInstalledPrinters = objWMIService.ExecQuery _
' ("Select * from Win32_Printer Where Network = FALSE")
'For Each objPrinter in colInstalledPrinters
'If objPrinter.Name = "V_CD_HP5550" or objPrinter.Name = "V_STU_HP6P" or objPrinter.Name = "V_IT_E1280" or objPrinter.Name = "LEADTOOLS ePrint IV" or objPrinter.Name = "SnagIt 8" or objPrinter.Name = "Evolis Pebble" or objPrinter.Name = "eCopy Desktop 9.0 Printer" or objPrinter.Name = "Microsoft XPS Document Writer" or objPrinter.Name = "Microsoft Office Document Image Writer" or objPrinter.Name = "Adobe PDF" then
'strdelete = false
'else
'objPrinter.Delete_
'end if
'next
'************************************************
'MAP DRIVES & PRINTERS BASED ON GROUP MEMBERSHIP
'************************************************
On Error Resume Next
Dim fso
Set fso = CreateObject("Scripting.FileSystemObject")
Set objSysInfo = CreateObject("ADSystemInfo")
Set objNetwork = CreateObject("Wscript.Network")
strUserPath = "LDAP://" & objSysInfo.UserName
Set objUser = GetObject(strUserPath)
For Each strGroup in objUser.MemberOf
strGroupPath = "LDAP://" & strGroup
Set objGroup = GetObject(strGroupPath)
strGroupName = objGroup.CN
Select Case strGroupName
Case "NetOps"
'************************************************
'COPY WALLPAPER TO CLIENT COMPUTER
'************************************************
'Change to 1 if you want it to overwrite
fso.CopyFile "\\SVR-1\netlogon\netops.jpg", "c:\temp\netops.jpg", -0
fso.CopyFile "\\SVR-1\netlogon\netops.bgi", "c:\temp\netops.bgi", -1
fso.CopyFile "\\SVR-1\netlogon\bginfo.exe", "c:\temp\bginfo.exe", -0
Set fs = Nothing
Set WSHShell = CreateObject("Wscript.Shell")
WSHShell.Run ("\\SVR-1\netlogon\netopsbgi.bat"), 0
'************************************************
'MAP NETWORK SHARES
'************************************************
objNetwork.MapNetworkDrive "I:", "\\SVR-1\RGM32"
objNetwork.MapNetworkDrive "O:", "\\SVR-3\D$"
objNetwork.MapNetworkDrive "P:", "\\SVR-3\E$"
objNetwork.MapNetworkDrive "S:", "\\SVR-2\public\Shares"
objNetwork.MapNetworkDrive "V:", "\\SVR-2\public\ID Badges"
objNetwork.MapNetworkDrive "W:", "\\SVR-3\Work Files"
objNetwork.MapNetworkDrive "X:", "\\SVR-2\public\TSQL"
objNetwork.MapNetworkDrive "Y:", "\\SVR-1\prof-staff$"
objNetwork.MapNetworkDrive "Z:", "\\SVR-2\it\Installs"
'************************************************
'MAP NETWORK PRINTERS
'************************************************
Set WshNetwork = CreateObject("WScript.Network")
PrinterPath = "\\SVR-1\V-iRC6800"
PrinterDriver = "Canon iR C6800 PCL5c"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
'WshNetwork.SetDefaultPrinter "\\SVR-1\V-iRC6800"
Set WshNetwork = CreateObject("WScript.Network")
PrinterPath = "\\SVR-1\V-FD-1320"
PrinterDriver = "hp LaserJet 1320 PCL 6"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
Set WshNetwork = CreateObject("WScript.Network")
PrinterPath = "\\SVR-1\V-FA-1300"
PrinterDriver = "hp LaserJet 1300 PCL 6"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
Case "Management"
'************************************************
'COPY WALLPAPER TO CLIENT COMPUTER
'************************************************
'Change to 1 if you want it to overwrite
fso.CopyFile "\\SVR-1\netlogon\management.jpg", "c:\temp\management.jpg", -0
fso.CopyFile "\\SVR-1\netlogon\management.bgi", "c:\temp\management.bgi", -1
fso.CopyFile "\\SVR-1\netlogon\bginfo.exe", "c:\temp\bginfo.exe", -0
Set fs = Nothing
Set WSHShell = CreateObject("Wscript.Shell")
WSHShell.Run ("\\SVR-1\netlogon\managementbgi.bat"), 0
'************************************************
'MAP NETWORK SHARES
'************************************************
objNetwork.MapNetworkDrive "I:", "\\SVR-1\Rgm32"
objNetwork.MapNetworkDrive "S:", "\\SVR-2\public\SHARES"
objNetwork.MapNetworkDrive "X:", "\\SVR-2\public\TSQL"
'************************************************
'MAP NETWORK PRINTERS
'************************************************
Set WshNetwork = CreateObject("WScript.Network")
PrinterPath = "\\SVR-1\V-iRC6800"
PrinterDriver = "Canon iR C6800 PCL5c"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
' WshNetwork.SetDefaultPrinter "\\SVR-1\V-iRC6800"
Set WshNetwork = CreateObject("WScript.Network")
PrinterPath = "\\SVR-1\V_FD_1320"
PrinterDriver = "hp LaserJet 1320 PCL 6"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
Set WshNetwork = CreateObject("WScript.Network")
PrinterPath = "\\SVR-1\V_FA_1300"
PrinterDriver = "hp LaserJet 1300 PCL 6"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
Case "Staff"
'************************************************
'COPY WALLPAPER TO CLIENT COMPUTER
'************************************************
'Change to 1 if you want it to overwrite
fso.CopyFile "\\SVR-1\netlogon\staff.jpg", "c:\temp\staff.jpg", -0
fso.CopyFile "\\SVR-1\netlogon\staff.bgi", "c:\temp\staff.bgi", -1
fso.CopyFile "\\SVR-1\netlogon\bginfo.exe", "c:\temp\bginfo.exe", -0
Set fs = Nothing
Set WSHShell = CreateObject("Wscript.Shell")
WSHShell.Run ("\\SVR-1\netlogon\staffbgi.bat"), 0
'************************************************
'MAP NETWORK SHARES
'************************************************
objNetwork.MapNetworkDrive "I:", "\\SVR-1\Rgm32"
objNetwork.MapNetworkDrive "S:", "\\SVR-2\public\SHARES"
objNetwork.MapNetworkDrive "X:", "\\SVR-2\public\TSQL"
'************************************************
'MAP VAN NETWORK PRINTERS
'************************************************
Set WshNetwork = CreateObject("WScript.Network")
PrinterPath = "\\SVR-1\V-iRC6800"
PrinterDriver = "Canon iR C6800 PCL5c"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
' WshNetwork.SetDefaultPrinter "\\SVR-1\V-iRC6800"
Set WshNetwork = CreateObject("WScript.Network")
PrinterPath = "\\SVR-1\V_FD_1320"
PrinterDriver = "hp LaserJet 1320 PCL 6"
WshNetwork.AddWindowsPrinterConnection PrinterPath, PrinterDriver
End Select
Next
'************************************************
'Map Special Drives By User ID
'************************************************
'MsgBox(struser)
If InStr(strUser, "sharon.dugan") Then
WshNetwork.MapNetworkDrive "W:", "\\SVR-3\Work Files"
End If
'MsgBox(struser)
If InStr(strUser, "zed.meyers") Then
WshNetwork.MapNetworkDrive "Q:", "\\haw-0001\quickbooks$"
End If
'MsgBox(struser)
'If InStr(strUser, "rosleen.aurora") Then
'WshNetwork.MapNetworkDrive "T:", "\\H-fadir\EDConn"
'WshNetwork.MapNetworkDrive "U:", "\\H-fadir\ED"
'End If
'************************************************
'Numlock On
'************************************************
set WshShell = CreateObject("WScript.Shell")
WshShell.SendKeys "{NUMLOCK}"
WScript.Quit
do users have permissions to access this file?
Can I recommend that you put some debugging info into the script, also break it down into sections to test. If you save this reduced script in the NETLOGON folder, you will be able to access it from any client.
Then, as a low-privilege user, start Command Prompt and use CSCRIPT to run the script. Remove the "On Error Resume Next" so that you get error messages, but wrap sections that might legitimately cause errors in "On Error Resume Next"/"On Error Goto 0" pairs so that those continue successfully.
It may be your Active Directory query that is the problem, but let's focus the issue rather than trying to answer hypothetical possibilities.
Then, as a low-privilege user, start Command Prompt and use CSCRIPT to run the script. Remove the "On Error Resume Next" so that you get error messages, but wrap sections that might legitimately cause errors in "On Error Resume Next"/"On Error Goto 0" pairs so that those continue successfully.
It may be your Active Directory query that is the problem, but let's focus the issue rather than trying to answer hypothetical possibilities.
ASKER
The users are able to run the script from the NETLOGON folder yes, and the script runs thru, but does not run the 'MAP DRIVES & PRINTERS BASED ON GROUP MEMBERSHIP section. Everything else works for non Enterprise Admins
Try augmenting the script with some debug info, such as:
WScript.Echo "Group: " & strGroupName & vbCrLf
Find out exactly what isn't working, and using this method you'll find out why.
WScript.Echo "Group: " & strGroupName & vbCrLf
Find out exactly what isn't working, and using this method you'll find out why.
ASKER
With "On Error Resume Next" removed I get an error at line 70 character 1, object not a collection.
Will try the "WScript.Echo "Group: " & strGroupName & vbCrLf" next
Will try the "WScript.Echo "Group: " & strGroupName & vbCrLf" next
ASKER
Where should I place that snippet of code?
Sounds like the group membership of the requested user is not accessible.
You may also want to check the permissions in Active Directory. Do your users have access to enumerate group memberships?
You may also want to check the permissions in Active Directory. Do your users have access to enumerate group memberships?
ASKER
I placed your code in there and it comes up with Group: "BLANK"
How do I check to figure out the membership enumeration?
Thats something I've never had to deal with, but I learn...
How do I check to figure out the membership enumeration?
Thats something I've never had to deal with, but I learn...
ASKER
Or better yet, how do I grant it for the script only?
The code can go on any line. Most things can be written as strings, so just change strGroupName and the prefix to whatever is useful.
I recommend that you put a whole bunch of these, with different number prefixes, so you can see exactly where your code goes for the user.
If you put them before the line causing the error, you can see what the script can see, by showing the user's details or anything else.
Perhaps also check that the GetObject line has returned an object.
I recommend that you put a whole bunch of these, with different number prefixes, so you can see exactly where your code goes for the user.
If you put them before the line causing the error, you can see what the script can see, by showing the user's details or anything else.
Perhaps also check that the GetObject line has returned an object.
I'm assuming you don't have a group called BLANK?! Actually, I know some reasons why such groups DO exist! Let me know.
Next question is whether the user is a member of any groups. If the MemberOf property is not a legitimate collection, then the For Each will fail. Since this is an exceptional case, it may make sense to wrap an On Error pairing around the for each, that way the script will continue after the For Each block in the error case.
Next question is whether the user is a member of any groups. If the MemberOf property is not a legitimate collection, then the For Each will fail. Since this is an exceptional case, it may make sense to wrap an On Error pairing around the for each, that way the script will continue after the For Each block in the error case.
ASKER
I'm a bit weak in VBS scripting.
Putting the code "WScript.Echo "Object: " & strGroupPath & vbCrLf" gives me back LDAP://
Another other help? I seem a bit lost (A LOT LOST)
Putting the code "WScript.Echo "Object: " & strGroupPath & vbCrLf" gives me back LDAP://
Another other help? I seem a bit lost (A LOT LOST)
ASKER
Yes, the user is a member of "Faculty" and a Domain User. The BLANK was just that nothing, like you thought.
Try adjusting it with an If Then block as follows. Remember to terminate the block.
For Each strGroup in objUser.MemberOf
strGroupPath = "" & strGroup ' this forces strGroup to a string
If strGroupPath <> "" Then
strGroupPath = "LDAP://" & strGroup
Set objGroup = GetObject(strGroupPath)
strGroupName = objGroup.CN
...
End If
ASKER
OK, after doing that I still get the same thing, so perhaps it's an enumeration problem?
ASKER
So how do I allow the script to enumerate the Users Group properly?
You can use the following code to see an error, after any statement:
If Err.Number <> 0 Then
WScript.Echo Err.Description
end if
I don't think "memberOf" is being retrieved correctly. Am not currently sure why. Will investigate when I have time.
If Err.Number <> 0 Then
WScript.Echo Err.Description
end if
I don't think "memberOf" is being retrieved correctly. Am not currently sure why. Will investigate when I have time.
Try the following:
http://msdn2.microsoft.com/en-us/library/aa746340.aspx
Use the objUser.Groups item
I can't test this as I'm not a member of any groups. Note that it does not appear to return membership of the primary group, but I've seen this behaviour documented elsewhere and I don't think it'll affect your needs.
http://msdn2.microsoft.com/en-us/library/aa746340.aspx
Use the objUser.Groups item
I can't test this as I'm not a member of any groups. Note that it does not appear to return membership of the primary group, but I've seen this behaviour documented elsewhere and I don't think it'll affect your needs.
For Each objGroup in objUser.Groups
WScript.Echo objGroup.Name
Next
ASKER
I'll look into this over the weekend and get back to you.
ASKER
Nope that didn't do anything either. It's simply coming down to a security issue with polices that will not let non admins enumerate a group. So I'll either have to fix that or try another way of scripting this. Thanks for trying though.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I was able to figure out a way around everything by using a different method to pull the groups. I'll attach the code snippet
Option Explicit ' Force explicit declarations
Dim WSHNetwork
Dim FSO
Dim strUserName ' Current user
Dim strUserDomain ' Current User's domain name
Dim ObjGroupDict ' Dictionary of groups to which the user belongs
Dim WshShell
Set WSHNetwork = WScript.CreateObject("WScript.Network")
Set FSO = CreateObject("Scripting.FileSystemObject")
set wshShell = CreateObject("Wscript.Shell")
strUserName = ""
While strUserName = ""
strUserName = WSHNetwork.UserName
Wend
strUserDomain = WSHNetwork.UserDomain
Set ObjGroupDict = CreateMemberOfObject(strUserDomain, strUserName)
If MemberOf(ObjGroupDict, "ITTECH") Then
WshNetwork.MapNetworkDrive "N:", "\\SVR1\INSTALLS"
ElseIf MemberOf(ObjGroupDict, "STAFF") Then
WshNetwork.MapNetworkDrive "N:", "\\SVR1\SHARES"
Else
'Nothing
End If
Function MemberOf(ObjDict, strKey)
MemberOf = CBool(ObjGroupDict.Exists(strKey))
End Function
Function CreateMemberOfObject(strDomain, strUserName)
Dim objUser, objGroup
Set CreateMemberOfObject = CreateObject("Scripting.Dictionary")
CreateMemberOfObject.CompareMode = vbTextCompare
Set objUser = GetObject("WinNT://" _
& strDomain & "/" _
& strUserName & ",user")
For Each objGroup In objUser.Groups
CreateMemberOfObject.Add objGroup.Name, "-"
Next
Set objUser = Nothing
End Function
ASKER
Wish I could have made the code simpler, But I'm not all that with coding VB Scripts.
Perhaps someone has an idea on how to tighten that code?
But at least I have it working now.
Perhaps someone has an idea on how to tighten that code?
But at least I have it working now.
So looks like you used the WinNT provider as I suggested, then.
ASKER
Well, yeah it sort looks that way. But I had to dig pretty hard to get this code to work for sure...