CommCatz
asked on
VBscript Logon Error
I've been using the attached logon script to provide information in AD for each user. The script runs properly for some, but errors upon logon for others. Here's the error:
Line: 5
Char: 1
Error: 0x80005000
Code:80005000
Source:null
Is this a problem with permissions within Active Directory for the users that are having the script fail? If so, what would be the fix?
Thanks
Line: 5
Char: 1
Error: 0x80005000
Code:80005000
Source:null
Is this a problem with permissions within Active Directory for the users that are having the script fail? If so, what would be the fix?
Thanks
''POPULATES AD WITH USER LOGON INFO IN DESCRIPTION FIELD
Set objSysInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
Set objComputer = GetObject("LDAP://" & objSysInfo.ComputerName)
strMessage = objUser.CN & " authenticated on " & objComputer.CN & " " & Now & ". MAC addresses: " & MACAddresses(".")
objUser.Description = strMessage
objUser.SetInfo
objComputer.Description = strMessage
objComputer.SetInfo
function MACAddresses(strComputer)
dim objWMI, colItems, objItem
dim strMac
strMac=""
Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMI.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration where IPEnabled=TRUE",,48)
For Each objItem in colItems
if objItem.MACAddress<>"" then strMac=strMac & objItem.MACAddress & vbCrLf
Next
MACAddresses = strMac
end function
ASKER
I have already delegated write permission to both the computer and user object's description field. I must be missing another delegation permission.
Does the update fail for users who are or who have ever been members of a protected group such as Domain Admins, Account Operators, or Server Operators? If so, this behavior is by design; the following links describe the issue and some potential workarounds:
http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx
http://support.microsoft.com/kb/817433
http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/05/29/49659.aspx
http://support.microsoft.com/kb/817433
ASKER
The script fails for primarily users that are just members of the domain users group with no other elevated permission history. It seems to run fine for domain admins and users who have full control to particular OUs within AD.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You would have to delegate that permission to update those fields.
http://www.windowsecurity.com/articles/Implementing-Active-Directory-Delegation-Administration.html