ida_exch
asked on
Logon Script and Home Directory
We have a small windows network with 2 windows 2003 domain controllers, 40 XP clients. We also have EMC, NAS server for File storage. I need a login script that will:
1. Assign a home folder to all users with "the user" having full control of its folder.
2. Set the home drive letter to H
3. Set the initial home folder \\nasserver\home$\home\%us ername%$
I also plan on adding this script to the group policy.
1. Assign a home folder to all users with "the user" having full control of its folder.
2. Set the home drive letter to H
3. Set the initial home folder \\nasserver\home$\home\%us
I also plan on adding this script to the group policy.
ASKER
I was not clear. we have 40 XP client but 394 USER ACCOUNTS. These clients are shared in the organization. so AD Users and Computers, will not work for us. Also are going to link this script in GP
Hmm. The thing with a logon script is that it's going to be run with the users permissions unless you set the credentials within the script, the users most likely won't (and certainly shouldn't) have the permissions necessary to create a share. Once the share is created, you can insert the following into a login script: "net use h: \\nasserver\home$\home\%us ername% /home" and that will set home to the drive.
Alternatively, assuming that you can find some significant attribute to query on, you could use dsget and dsmod to get and modify user accounts and set their profile path and home drive.
You could use a script to modify existing users using dsget and dsmod (http://technet.microsoft.com/en-us/library/cc732954.aspx), and then another script to create the users (using dsadd), create the shares, and set the permissions.
The scripting guys have a script in their archive for creating a share, but you'll need something like SUBINACL to create the permissions, I believe.
http://www.microsoft.com/technet/scriptcenter/resources/qanda/hsgarch.mspx (the link to download the archive is near the bottom).
Alternatively, assuming that you can find some significant attribute to query on, you could use dsget and dsmod to get and modify user accounts and set their profile path and home drive.
You could use a script to modify existing users using dsget and dsmod (http://technet.microsoft.com/en-us/library/cc732954.aspx), and then another script to create the users (using dsadd), create the shares, and set the permissions.
The scripting guys have a script in their archive for creating a share, but you'll need something like SUBINACL to create the permissions, I believe.
http://www.microsoft.com/technet/scriptcenter/resources/qanda/hsgarch.mspx (the link to download the archive is near the bottom).
As said, use dsquery/dsget/dsmod commands to bulk modify the users.
Copy the snippet below into *.cmd or *.bat file and modify the OU-path and DC-path to match your environment should do what you want.
Copy the snippet below into *.cmd or *.bat file and modify the OU-path and DC-path to match your environment should do what you want.
@echo off
set HOMEPATH=\\nasserver\home$\home
for /F %%a in ('dsquery user "OU=OU-path,DC=domain,DC=com"^|dsget user -samid') do (
if not exist %HOMEPATH%\%%a md %HOMEPATH%\%%a
cacls %HOMEPATH%\%%a /E /T /C /G %USERDOMAIN%\%%a:F
dsquery user -samid %%a | dsmod user -hmdir %HOMEPATH%\%%a -hmdrv H:
)
ASKER
I have question:
- I have 12 different OUs: Sales, Admin, IT, IS, Payroll, SED, etc& . How to I modify the
OU-path for all my OUs in the script you provided?
- I have 12 different OUs: Sales, Admin, IT, IS, Payroll, SED, etc& . How to I modify the
OU-path for all my OUs in the script you provided?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your best bet (for only 40 users) is to use AD Users and Computers, highlight all of the users you want to change, right click and get properties.
On the profile tab, click Connect, set the letter you want (H:), and then put the path in for the share followed by the %username% variable, i.e. \\nasserver\home$\home\%us
That should create the folder with appropriate rights (as long as the share was set to full control) and map the drive to the folder.