salaspa
asked on
login script to reset user's home directory in Windows 7 Professional
Hello, I am using a login script to map drives. One of the lines in the script is "net use p: /home". The user profiles in active directory indicate the name of the login script and the home folder is set to the remote location or "p: /home".
Here's the guts of the script:
NET USE * /DELETE /Y
net time \\server /set /yes
net use h: \\server\shares\contracts
net use i: \\server\shares\proposals
net use j: \\server\shares\advertisin g
net use k: \\server\accounting
net use l: \\server\shares\databases
net use m: \\server\shares\engineerin g
net use p: /home
:END
This script has worked well for all my Windows XP computers. We are now incorporating Windows 7 computers into our network and for some reason, this portion of the script does not complete.
Any help will be appreciated. Thanks so much.
PS: I used to use "net send" frequently from my local XP computer to communicate information to all the computers on the network - directly to the computer regardless of the user logged in at the time; i.e. net send /DOMAIN:DOMAIN type my message here... I have found that I cannot do so in my new Windows 7 environment. If anyone knows a new and exciting way to accomplish the same task as simply, I'd be happy to hear it.
Thanks to all.
Here's the guts of the script:
NET USE * /DELETE /Y
net time \\server /set /yes
net use h: \\server\shares\contracts
net use i: \\server\shares\proposals
net use j: \\server\shares\advertisin
net use k: \\server\accounting
net use l: \\server\shares\databases
net use m: \\server\shares\engineerin
net use p: /home
:END
This script has worked well for all my Windows XP computers. We are now incorporating Windows 7 computers into our network and for some reason, this portion of the script does not complete.
Any help will be appreciated. Thanks so much.
PS: I used to use "net send" frequently from my local XP computer to communicate information to all the computers on the network - directly to the computer regardless of the user logged in at the time; i.e. net send /DOMAIN:DOMAIN type my message here... I have found that I cannot do so in my new Windows 7 environment. If anyone knows a new and exciting way to accomplish the same task as simply, I'd be happy to hear it.
Thanks to all.
What is /home? Is that an evironment variable you set? Thats the first thing that sticks out to me as being strange is your not mapping a unc path since you are using the forward slash. Can you elaborate a little bit more?
I've seen instances in Win7 where scripts always run as admin or system, instead of the currently logged in user. Try using this to replace the current line; replace '<domain>' with your domain name:
net use P: /USER:<domain>\%USERNAME% /HOME
/HOME is a known switch with the net use command, it maps the drive to the user's home directory as specified in Active Directory.
ASKER
p: /home represents "\\server\shares\Users..." wherein are folders named after each user's login name.
Then, active directory is supposed to resolve the path specified in the profiles tab of the user's properties where the Home Folder portion indicates: Connect P: To \\server\shares\Users\user name.
I attached a capture of the AD profile tab.
Project1.jpg
Then, active directory is supposed to resolve the path specified in the profiles tab of the user's properties where the Home Folder portion indicates: Connect P: To \\server\shares\Users\user
I attached a capture of the AD profile tab.
Project1.jpg
Just in case I may have that backwards, if it doesn't work try this
net use P: /HOME /USER:<domain>\%USERNAME%
ASKER
Thanks, Gorby; I've gone ahead and tried it both ways...
When the script is run, I have connection to all the mapped drives; however, the home directory links me to the main share: i.e. "Drive p: is now connected to \\server\shares. Your home directory is p:\users\ps.
This is the same outcome I received from the way I had written the line - the problem is that it links me to the upper level of the directory and not directly to \\server\shares\users\ps.
When I click on the mapped drive I see everything - not only my specific home folder.
What am I doing wrong?
Thanks so much.
When the script is run, I have connection to all the mapped drives; however, the home directory links me to the main share: i.e. "Drive p: is now connected to \\server\shares. Your home directory is p:\users\ps.
This is the same outcome I received from the way I had written the line - the problem is that it links me to the upper level of the directory and not directly to \\server\shares\users\ps.
When I click on the mapped drive I see everything - not only my specific home folder.
What am I doing wrong?
Thanks so much.
Wait a minute - from the looks of that screen shot the drive should already be mapping itself during login, you shouldn't need to respecify it in the script. Have you tried not including the P: drive in your script at all?
I've tested that this does work on my AD domain (Server 2003 & XP Pro), but I have no Win7 computers to test on.
I've tested that this does work on my AD domain (Server 2003 & XP Pro), but I have no Win7 computers to test on.
ASKER
Thanks Gorby;
I took the line out and then I don't get the mapped drive at all - regardless of whether it is a Windows 7 or XP machine.
Sooo... if it's working on yours, but not on mine - my guess would be permissions, but they do not appear to be an issue in this case.
Nothing has changed in our environment, except the addition of the Windows 7 OS on the network.
Thanks again for your continued help.
I took the line out and then I don't get the mapped drive at all - regardless of whether it is a Windows 7 or XP machine.
Sooo... if it's working on yours, but not on mine - my guess would be permissions, but they do not appear to be an issue in this case.
Nothing has changed in our environment, except the addition of the Windows 7 OS on the network.
Thanks again for your continued help.
Looks like NTFS permissions problem on home drive(s). If user has no access to the appropriate folder, then script maps one folder up where user has proper rights (in this case main folder is used, where probably users have at least "lists folder" or "read" access).
Regards,
Krzysztof
Regards,
Krzysztof
Open up a Command Prompt, and run the SET command. On the list of variables, there should be one named HOMEPATH and another named HOMESHARE. If the homeshare is being applied correctly to the user you should have this:
HOMEPATH=\
HOMESHARE=\\server\shares\ users\ps
If HOMESHARE is missing entirely, then the homeshare isn't being applied correctly, and most likely the local profile path is listed for HOMEPATH. I'm guessing yours will show up that way. The things I would check are
1. That you not only have Full Control permissions for the 'ps' folder, but are the owner as well.
2. If you have more than one domain controller, ensure that AD replication between them is functioning correctly.
3. At a Command Prompt, if you type 'net set P: \\server\shares\users\ps', does that work? And if it does map the drive, can you actually access it?
P.S. - it doesn't look that way, but are the home folder names the same as the usernames? Because, then you could simply add to the script: net use P: \\server\shares\users\%USE RNAME%, and ignore the home folder setting in active directory altogether.
HOMEPATH=\
HOMESHARE=\\server\shares\
If HOMESHARE is missing entirely, then the homeshare isn't being applied correctly, and most likely the local profile path is listed for HOMEPATH. I'm guessing yours will show up that way. The things I would check are
1. That you not only have Full Control permissions for the 'ps' folder, but are the owner as well.
2. If you have more than one domain controller, ensure that AD replication between them is functioning correctly.
3. At a Command Prompt, if you type 'net set P: \\server\shares\users\ps',
P.S. - it doesn't look that way, but are the home folder names the same as the usernames? Because, then you could simply add to the script: net use P: \\server\shares\users\%USE
iSiek raises an interesting point; going back and looking at your 2nd comment, I'm starting to think that the user doesn't have enough permissions to the 'users' folder...
P.S. - in Windows 7 the NET SEND command is replaced with the MSG command, which is nice because you don't need the Messenger service running to use it.
This article is for Vista but should apply to Win7 as well; http://www.petri.co.il/msg-exe-net-send-vista.htm
This article is for Vista but should apply to Win7 as well; http://www.petri.co.il/msg-exe-net-send-vista.htm
ASKER
Hey, Krzysztof, thanks for your input. All users have read and excute persmissions on the Users folder.
Are you saving that is insufficient?
Let me know.
Thanks.
-PS
Are you saving that is insufficient?
Let me know.
Thanks.
-PS
They would also need the List Folder Contents permission on the Users folder.
If they do, or adding that doesn't fix it, did you check the 3 things I posted earlier? Particularly #1 and #3.
If they do, or adding that doesn't fix it, did you check the 3 things I posted earlier? Particularly #1 and #3.
ASKER
Gorby, thanks for your suggestions... I double checked per your suggestion - all my paths are set correctly.
I also went and looked at the permissions for the Users folder - all users have read & execute to that particular folder and full access to their specific folders. Furthermore, as I am an administrator on the network, I have full access to the Users folder itself.
In regard to your #3, above, when I type that at the cmd prompt, it fails with the typical 'The syntax of this command is..."
I have read that MSG replaced Net Send, but I cannot get it to work - for example, if I wanted to send a note to all the computers on the network, I'd just use /DOMAIN:DOMAIN or for one specific computer /DOMAIN:sys142 under the NET SEND cmd. With MSG I can't seem to get any syntax to work.
I also went and looked at the permissions for the Users folder - all users have read & execute to that particular folder and full access to their specific folders. Furthermore, as I am an administrator on the network, I have full access to the Users folder itself.
In regard to your #3, above, when I type that at the cmd prompt, it fails with the typical 'The syntax of this command is..."
I have read that MSG replaced Net Send, but I cannot get it to work - for example, if I wanted to send a note to all the computers on the network, I'd just use /DOMAIN:DOMAIN or for one specific computer /DOMAIN:sys142 under the NET SEND cmd. With MSG I can't seem to get any syntax to work.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Absolutely not a problem - this worked: net use P: \\server\shares\users\ps ! However, once my login script runs again, won't is be wiped out? I cannot write netlogon script to reflect this. I am truly glad it worked though!
In regard to your further commentary, I went back and verified; this is copied direct:
HOMEDRIVE=P:
HOMEPATH=\
HOMESHARE=\\server\shares\ Users\ps
Here's another thing... if I type cmd from the Start|Run box I open a cmd window with the prompt
C:\Users\ps.DOMAIN>
However, if I use the commant prompt shortcut in the Start menu (default Windows 7) my window opens with the prompt P:\. It is notewworthy to mention that this is how my cmd window always opened prior to Windows 7.
Thanks, Gorby, you're the VERY best!
-PS
In regard to your further commentary, I went back and verified; this is copied direct:
HOMEDRIVE=P:
HOMEPATH=\
HOMESHARE=\\server\shares\
Here's another thing... if I type cmd from the Start|Run box I open a cmd window with the prompt
C:\Users\ps.DOMAIN>
However, if I use the commant prompt shortcut in the Start menu (default Windows 7) my window opens with the prompt P:\. It is notewworthy to mention that this is how my cmd window always opened prior to Windows 7.
Thanks, Gorby, you're the VERY best!
-PS
Yes, it is correct. Read&execute rights are correct on main Users folder. But you have to be sure that all child objects have set inheritance (looks like the haven't got). If not, that could be problem. To be able mapping folder as hare, user requires at least read permission. So, edit one user's profile security tab and check if that user is added there. If not, add him/her to the folder, re-log on and check if it helped.
Regards,
Krzysztof
Regards,
Krzysztof
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
It looks like MSG is just for sending to a single computer at once:
http://www.neowin.net/forum/topic/725588-how-do-i-use-msgexe-to-send-messages-to-a-xp-pc/
Aside from using 3rd party software, I'm all tapped out on that subject.
http://www.neowin.net/forum/topic/725588-how-do-i-use-msgexe-to-send-messages-to-a-xp-pc/
Aside from using 3rd party software, I'm all tapped out on that subject.
ASKER
Funny thing is I am always able to open files in my p:\ drive - even if I have to get there the long way, by typing the path in the run box.
We have one other Windows 7 computer, but I have not checked his enviroment for the same issue.
I thought the same thing myself - I'll just use "net use P: \\server\shares\users\%USE RNAME%" in the script - but it does not work on the XP machines! Grrrrrrr!
Bummer about the MSG command too. I was hoping I was just missing something, but I guess not. Thanks again for all your help today. You've been really great.
We have one other Windows 7 computer, but I have not checked his enviroment for the same issue.
I thought the same thing myself - I'll just use "net use P: \\server\shares\users\%USE
Bummer about the MSG command too. I was hoping I was just missing something, but I guess not. Thanks again for all your help today. You've been really great.
the command net use P: \\server\shares\users\%use rname% should work just fine for XP and windows 7. I use it in all my customer sites.
The net use P: /home command works for windows XP machines, ( it maps P to the username, if it's setup in the users account) however, In windows 7 net use P: /home will only map to the Folder Users(in your case)
As far as permissions, they should be:
users folder should only have sharing permissions setting of change and read.
users folder should have security settings of atleast domain\users Read&Execute
all folders underneath users, i.e. ps should have sharing permissions of not shared.
all folders underneath users i.e. ps should have atleast ps with modify. To get this setting you must turn off inheritance( I usually add administrator Full Control also)
Then you mapping would be net use P: \\server\users\%username%
The net use P: /home command works for windows XP machines, ( it maps P to the username, if it's setup in the users account) however, In windows 7 net use P: /home will only map to the Folder Users(in your case)
As far as permissions, they should be:
users folder should only have sharing permissions setting of change and read.
users folder should have security settings of atleast domain\users Read&Execute
all folders underneath users, i.e. ps should have sharing permissions of not shared.
all folders underneath users i.e. ps should have atleast ps with modify. To get this setting you must turn off inheritance( I usually add administrator Full Control also)
Then you mapping would be net use P: \\server\users\%username%
Do you have the 'shares' folder shared, or the the 'users' folder shared? If the 'shares' folder isn't shared, then we've been using the wrong path all along (d'oh!), and assuming the 'users' folder is shared the path that ktaczala posted is right:
\\server\users\%username%
\\server\users\%username%
ASKER
Thank you, ktaczala & Gorby.
It is noteworthy to mention the "users" folder is shared within the shared "shares". Everyone has access to shares; CompanyUsers have read and execute access to Users (no inheritance); then the specific user has non-inherited full access to his/her folder - when effective permissions are verified at this level, the user has full access. All these files are on a storevault net appliance.
It is noteworthy to mention the "users" folder is shared within the shared "shares". Everyone has access to shares; CompanyUsers have read and execute access to Users (no inheritance); then the specific user has non-inherited full access to his/her folder - when effective permissions are verified at this level, the user has full access. All these files are on a storevault net appliance.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.