bbogle2007
asked on
File sharing and drive mapping in with Active Directory
I am trying to figure out how to set up a file server in a Windows environment. I have only worked with Netware and ConsoleOne up until this point.
Here's what I have done so far. Can someone tell me if I have done something that is not best practice.
I created a folder on the D: drive of the server called "data". I shared this folder and gave domain users read, Read & Execute, and list folder contents. Then I created some folders in data (IT and All) for testing purposes. I assigned a few groups to these folders with full control. Then I went into a subfolder and removed inherited permissions and only allowed domain admins (this is the folder where my switch and firewall configs will be).
Finally I created the following login script. I know how to apply the login script to everyone in the domain. How do I go about only applying a login script to a group? IS there anything that I did that's not best practice?
' PCALogin.vbs
' Created by Brandon Bogle
' Version 0.1 - NOvember 9th, 2010
' --------------------------
Option Explicit
Dim objNetwork, strRemotePath1, strRemotePath2
Dim strDriveLetter1, strDriveLetter2
strDriveLetter1 = "S:"
strDriveLetter2 = "R:"
strRemotePath1 = "\\Park05\data\IT"
strRemotePath2 = "\\Park05\data\All"
Set objNetwork = CreateObject("WScript.Netw
' Section which maps two drives, S: and R:
objNetwork.MapNetworkDrive
objNetwork.MapNetworkDrive
' Extra code just to add a message box
WScript.Echo "Map drives " & strDriveLetter1 & " & " & strDriveLetter2
Wscript.Quit
' End of Windows Logon Script Example
Here's what I have done so far. Can someone tell me if I have done something that is not best practice.
I created a folder on the D: drive of the server called "data". I shared this folder and gave domain users read, Read & Execute, and list folder contents. Then I created some folders in data (IT and All) for testing purposes. I assigned a few groups to these folders with full control. Then I went into a subfolder and removed inherited permissions and only allowed domain admins (this is the folder where my switch and firewall configs will be).
Finally I created the following login script. I know how to apply the login script to everyone in the domain. How do I go about only applying a login script to a group? IS there anything that I did that's not best practice?
' PCALogin.vbs
' Created by Brandon Bogle
' Version 0.1 - NOvember 9th, 2010
' --------------------------
Option Explicit
Dim objNetwork, strRemotePath1, strRemotePath2
Dim strDriveLetter1, strDriveLetter2
strDriveLetter1 = "S:"
strDriveLetter2 = "R:"
strRemotePath1 = "\\Park05\data\IT"
strRemotePath2 = "\\Park05\data\All"
Set objNetwork = CreateObject("WScript.Netw
' Section which maps two drives, S: and R:
objNetwork.MapNetworkDrive
objNetwork.MapNetworkDrive
' Extra code just to add a message box
WScript.Echo "Map drives " & strDriveLetter1 & " & " & strDriveLetter2
Wscript.Quit
' End of Windows Logon Script Example
i am not sure about the best practice. You can put the user or groups in a an organisation unit and apply the gp to that OU
There is a utility called 'ifmember.exe' supplied by Microsoft that you can use in any standard script. It will allow you to evaluate a user based on group memberships and logically map them according to your needs.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=07c2f6d7-815e-4fa0-9043-4e4635ccd417
EG:
*** User login script ***
Net Time
ECHO MAPPING NETWORK DRIVES
:Accounting
\\DC\Netlogon\ifmember Accounting
if not errorlevel 1 goto NEXT
echo Connecting to ACCOUNTING ...
net use I: \\FSvr\ACCOUNTING /y
:NEXT
net use F: \\FSvr\COMPANY /y
net use Z: \\FSvr\SHARED /y
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=07c2f6d7-815e-4fa0-9043-4e4635ccd417
EG:
*** User login script ***
Net Time
ECHO MAPPING NETWORK DRIVES
:Accounting
\\DC\Netlogon\ifmember Accounting
if not errorlevel 1 goto NEXT
echo Connecting to ACCOUNTING ...
net use I: \\FSvr\ACCOUNTING /y
:NEXT
net use F: \\FSvr\COMPANY /y
net use Z: \\FSvr\SHARED /y
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.