Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 536
  • Last Modified:

File sharing and drive mapping in with Active Directory

I am trying to figure out how to set up a file server in a Windows environment. I have only worked with Netware and ConsoleOne up until this point.

Here's what I have done so far. Can someone tell me if I have done something that is not best practice.

I created a folder on the D: drive of the server called "data". I shared this folder and gave domain users read, Read & Execute, and list folder contents. Then I created some folders in data (IT and All) for testing purposes. I assigned a few groups to these folders with full control. Then I went into a subfolder and removed inherited permissions and only allowed domain admins (this is the folder where my switch and firewall configs will be).

Finally I created the following login script. I know how to apply the login script to everyone in the domain. How do I go about only applying a login script to a group? IS there anything that I did that's not best practice?

' PCALogin.vbs
' Created by Brandon Bogle
' Version 0.1 - NOvember 9th, 2010
' -----------------------------------------------------------------'
Option Explicit
Dim objNetwork, strRemotePath1, strRemotePath2
Dim strDriveLetter1, strDriveLetter2

strDriveLetter1 = "S:"
strDriveLetter2 = "R:"
strRemotePath1 = "\\Park05\data\IT"
strRemotePath2 = "\\Park05\data\All"

Set objNetwork = CreateObject("WScript.Network")

' Section which maps two drives, S: and R:
objNetwork.MapNetworkDrive strDriveLetter1, strRemotePath1
objNetwork.MapNetworkDrive strDriveLetter2, strRemotePath2

' Extra code just to add a message box
WScript.Echo "Map drives " & strDriveLetter1 & " & " & strDriveLetter2

Wscript.Quit

' End of Windows Logon Script Example
0
bbogle2007
Asked:
bbogle2007
1 Solution
 
moon_blue69Commented:
i am not sure about the best practice. You can put the user or groups in a an organisation unit and apply the gp to that OU
0
 
OrcaKnightCommented:
There is a utility called 'ifmember.exe' supplied by Microsoft that you can use in any standard script. It will allow you to evaluate a user based on group memberships and logically map them according to your needs.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=07c2f6d7-815e-4fa0-9043-4e4635ccd417

EG:
*** User login script ***
Net Time
ECHO MAPPING NETWORK DRIVES
:Accounting
\\DC\Netlogon\ifmember Accounting
if not errorlevel 1 goto NEXT
echo Connecting to ACCOUNTING ...
net use I: \\FSvr\ACCOUNTING /y
:NEXT


net use F: \\FSvr\COMPANY /y
net use Z: \\FSvr\SHARED /y
0
 
abt-itCommented:
If you have a 2008 Server as domain controller you can use the group policies to map network drives. See http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_25340274.html for a how to.

This is a bit smarter than using ifmember to map shares to different usergroups.

If it's a 2003 DC, you must save your login Script (and ifmember.exe) inside the sysvol\netlogon of the server and add the script as logon Script for each user with the mmc active directore users and computers.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now