?
Solved

domain user login script questions

Posted on 2011-10-10
16
Medium Priority
?
459 Views
Last Modified: 2012-05-12
(1)... I would like to create a login script that installs the Symantec Endpoint Software on a computer the first time it logs in after joining the domain.  Can it be used to check for install each subsequent login, terminating if already installed?
This is what I have so far...
 
@echo off

Net Use S: /Delete /y
Net Use S: \\192.168.1.252\MISC /y

copy S:\AAA_IT~1\SYMANT~1\STLF_T~1\SYMANT~1.497\setup.exe C:\

C:\setup.exe

echo.>C:/setup_complete.txt

Open in new window

Can a statement such as "IF C:\setup_complete.txt EXISTS then terminate batch file, else (run the rest of the script)"  ???

(2)...  Can I make the same batch file query which security group the user account is in to determine which network drives to map and printers to setup???

The server is Win 2k3 Standard R2.  The clients are a mixture of XP Pro (SP3) and Win 7 Pro.
0
Comment
Question by:Reece Dodds
  • 6
  • 4
  • 3
  • +3
16 Comments
 
LVL 4

Expert Comment

by:Christopher Raymond Mendoza
ID: 36946845
(1) I understand you are looking for this:
    @echo off
    if exist "C:\setup_complete.txt" goto end
      <code>
    :end

(2) We use a similar approach for our windows clients. For your purposes, try net user and net group.
if exist "C:\setup_complete.txt" goto end
  <code>
:end

Open in new window

0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 36946846
you need the IF NOT syntax to have it do something if a file is not there.
the if exist does only execute if the file is indeed there.

The other question: to query AD you should use VBS script.
But in my opinion you're better off creating gpo for these groups.

0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 36946911
what about this?  


@echo off

Net Use S: /Delete /y
Net Use S: \\192.168.1.252\Misc /y

IF EXIST "c:\setup_complete.txt" GOTO QUIT
:QUIT EXIT
IF NOT EXIST "c:\setup_complete.txt" GOTO INSTALL
:INSTALL copy S:\AAA_IT~1\SYMANT~1\STLF_T~1\SYMANT~1.497\setup.exe C:\
echo.>c:\setup_complete.txt
C:\setup.exe


If it's not there it just creates a file called setup_complete.txt then quits.
If it is  there, it recreates the .txt file then quits.

What have I got wrong?

PS: the Symantec install forces a restart once complete, so this would loop again each log in...?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 7

Author Comment

by:Reece Dodds
ID: 36946913
I want the script to delete and recreate the mapped drives each logon for stability.
0
 
LVL 4

Expert Comment

by:Christopher Raymond Mendoza
ID: 36946917
A single IF statement would suffice.
0
 
LVL 4

Accepted Solution

by:
Christopher Raymond Mendoza earned 1600 total points
ID: 36946923

@echo off
Net Use S: /Delete /y
Net Use S: \\192.168.1.252\Misc /y
IF EXIST "c:\setup_complete.txt" GOTO QUIT
  copy S:\AAA_IT~1\SYMANT~1\STLF_T~1\SYMANT~1.497\setup.exe C:\
  echo.>c:\setup_complete.txt
  C:\setup.exe
:QUIT

Open in new window

0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 36946924
no, it doesn't.

I removed "IF NOT EXIST "c:\setup_complete.txt" GOTO INSTALL
:INSTALL" from what I wrote above and tried it again.
The .txt file WAS there yet it still copied the setup.exe across and started the install.
0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 36946936
oh, ok... that worked.   What did I have incorrect?   Was it the tabbed lines or the ":QUIT EXIT"?
What am I not understanding about the GOTO command?  I thought that it meant goto line named "whatever" and run the command next to it?
0
 
LVL 4

Expert Comment

by:Christopher Raymond Mendoza
ID: 36946949
It works like the GOTO command in GWBASIC (way back in the 80s) - jump or skip to the label and continue from there. So in effect it runs all the commands from the label onwards.
0
 
LVL 9

Expert Comment

by:pritamdutt
ID: 36948016
What if the file is deleted by a user?
0
 
LVL 13

Expert Comment

by:ktaczala
ID: 36948551
Create an MSI Package, install it through a GPO under software installation.  That will install once per PC,  and user can't mess with it.
0
 
LVL 7

Author Comment

by:Reece Dodds
ID: 36953267
@ pritamdutt:  once everyone has joined the domain and has the software installed (i'll know by SEP's client list) I will be changing the logon script.

Is there a GPO option to make it so the users don't have to press CTRL+ALT+DEL to login?

Also, can I allow the autologin feature that Windows has in a non-domain environment or would I be best creating a registry file to import that sets the AutoAdminLogon value back to 1 and creates a String value called DefaultPassword (most users will end up with the same password).  DefaultUser and DefaultDomain are already set.???  If the latter, how do I do this?
0
 
LVL 9

Assisted Solution

by:pritamdutt
pritamdutt earned 400 total points
ID: 36953311
You could follow the standard registry settings however in case of a domain user, the DefaultUsername needs to be in DOMAIN\USERNAME format.


See http://support.microsoft.com/kb/315231 for more details.
0
 
LVL 9

Expert Comment

by:pritamdutt
ID: 36953318
Also it is important to note that
"Registry change will not work if the “Logon Banner” is defined on the server either by a Group Policy object (GPO) or by a local policy."
 

See http://support.microsoft.com/kb/324737 for more details.
0
 
LVL 24

Expert Comment

by:yo_bee
ID: 36953349
What about using group policy to push out the client.

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/manuals/installation_guide.pdf

Page 108 is a starting point.
0
 
LVL 7

Author Closing Comment

by:Reece Dodds
ID: 36959594
Thank you
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question