[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Need Suggestion : When Users Login, A Menu Displays Mapping Choises

Posted on 2009-03-30
Medium Priority
Last Modified: 2012-05-06
Where I work, I have many users that "float" between locations.  We do use logon scripts in our domain, but quite frequently one or two mappings can be wrong for whatever reason and then they pull their profile or even applications over the WAN instead of the LAN causing LOTS of delay.  Before, I've made a simple ANSI menu that asks what location they are at and maps them manually in case they have trouble.  I've found a greart program called Mobile Net Switch, but it's way too detailed and costly for what I'm looking for.  We have 6 locations with servers local at each.  

Any Suggestions?

Question by:BzowK
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2

Expert Comment

ID: 24023851
What language are you login scripts?  I've written scripts that do different things based on the IP subnet.  Downside is someone has to maintain the information.  Upside is that it can be built to be a little more infallible than a user clicking the right location.
LVL 27

Accepted Solution

bluntTony earned 2000 total points
ID: 24027965
You can can create the various login scripts, and apply them to the computers using loopback processing in the group policy. That way the login script will run for any user that log on to that machine only - nowhere else.
That way you can apply the correct mappings for all users that log in to the required machines. So, for one GPO which will apply to a number of computers (linked to the OU holding the machines in question):
1. In the user configuration section of the GPO, apply the login script mapping the drives suitable for the machines' location.
2. In the computer configuration section, enable the policy:
Computer COnfiguration | Administrative Templates | System | Group Policy | User Group Policy loopback processing mode
Set this to 'merge' mode. That means that the login script in this GPO will apply to all users who log in to it, along with any other user settings that the user receives from othe GPOS.
Loopback processing allows you configure a specific user environment for specific machines. That way you can negate having to ask the users what drives they want, as the correct drives will be mapped automaticlally.
Let me know if you need more explaination.

Expert Comment

ID: 24030726
I think bluntTony's suggestion is a good one but I believe it's applicable to an environment where the computers are in fixed locations.  If your "floaters" are mobile and take their systems with them, that is not the way you'd want to set them up.
You can, however, assign different login scripts to each AD site.  I think.  I haven't assigned GPs to sites before so have no experience to draw on there.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LVL 27

Expert Comment

ID: 24030852
Maybe BenKellerman can clarify - I understood the question to be that the users are moving from location to location, i.e. sitting at machines fixed in each location.
However I think that linking the GPO to the site should work also. If a user is moving their own laptop around, when it logs in to another physical site, then the appropriate GPO would be applied. I can't see why you couldn't employ loopback processing to a GPO linked to a site. The only thing to be aware of would be that it's at the bottom of the order of precendence, after local settings.
So in effect you would be running a script depending on the IP subnet the machine logs in to.
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24041386
I think a better option would be to setup the sites and services for both subnets, and use a WMI filter on the GPO.

Namespace: root\cimv2
Query: SELECT * FROM Win32_NTDomain WHERE ClientSiteName = 'Your-Site-Name'

The above should only apply a Group policy object if the user is logged on within the specified site subnet.

Another option would be to set a machine variable... using setx.exe.... to set the networkd ID, which can be used within the script to allow or exclude execution of specific lines in the script.
One of my previous answers...
LVL 27

Expert Comment

ID: 24041704
I don't think running a WMI query is necessary - linking a GPO to a site as mentioned earlier does exactly the same - it will apply only to machines in that site. Furthermore, if you used WMI queries, you would have to link them all to the same OUs, meaning that the machine/user would have to read all of the GPOs in order to decide which one applies to them, possibly slowing down the process.
Providing that the correct subnet objects are linked to the correct sites (which they already should be), linking the GPOs at the site level will mean the correct script applies without having to read unnecessary GPOs.
I agree that you could create one script to apply to all users, and have the script decide which site it's on and map drives accordingly, but you don't have to use WMI to retrieve the IP address etc.., just use the following VBScript (strCurrentSite will hold the name of the current site which you can then do a simple Select/Case structure)...

Set oAdInfo = CreateObject("ADSystemInfo")
strCurrentSite = oAdInfo.SiteName

Open in new window

LVL 25

Expert Comment

by:Ron Malmstead
ID: 24041737
My option is for gpo's that aren't linked to site, but rather an OU.
good point though...... if you link it to the site, then it will already filter.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question