domain user login script questions
(1)... I would like to create a login script that installs the Symantec Endpoint Software on a computer the first time it logs in after joining the domain. Can it be used to check for install each subsequent login, terminating if already installed?
This is what I have so far...
(2)... Can I make the same batch file query which security group the user account is in to determine which network drives to map and printers to setup???
The server is Win 2k3 Standard R2. The clients are a mixture of XP Pro (SP3) and Win 7 Pro.
This is what I have so far...
@echo off
Net Use S: /Delete /y
Net Use S: \\192.168.1.252\MISC /y
copy S:\AAA_IT~1\SYMANT~1\STLF_T~1\SYMANT~1.497\setup.exe C:\
C:\setup.exe
echo.>C:/setup_complete.txt(2)... Can I make the same batch file query which security group the user account is in to determine which network drives to map and printers to setup???
The server is Win 2k3 Standard R2. The clients are a mixture of XP Pro (SP3) and Win 7 Pro.
you need the IF NOT syntax to have it do something if a file is not there.
the if exist does only execute if the file is indeed there.
The other question: to query AD you should use VBS script.
But in my opinion you're better off creating gpo for these groups.
the if exist does only execute if the file is indeed there.
The other question: to query AD you should use VBS script.
But in my opinion you're better off creating gpo for these groups.
ASKER
what about this?
@echo off
Net Use S: /Delete /y
Net Use S: \\192.168.1.252\Misc /y
IF EXIST "c:\setup_complete.txt" GOTO QUIT
:QUIT EXIT
IF NOT EXIST "c:\setup_complete.txt" GOTO INSTALL
:INSTALL copy S:\AAA_IT~1\SYMANT~1\STLF_
echo.>c:\setup_complete.tx
C:\setup.exe
If it's not there it just creates a file called setup_complete.txt then quits.
If it is there, it recreates the .txt file then quits.
What have I got wrong?
PS: the Symantec install forces a restart once complete, so this would loop again each log in...?
@echo off
Net Use S: /Delete /y
Net Use S: \\192.168.1.252\Misc /y
IF EXIST "c:\setup_complete.txt" GOTO QUIT
:QUIT EXIT
IF NOT EXIST "c:\setup_complete.txt" GOTO INSTALL
:INSTALL copy S:\AAA_IT~1\SYMANT~1\STLF_
echo.>c:\setup_complete.tx
C:\setup.exe
If it's not there it just creates a file called setup_complete.txt then quits.
If it is there, it recreates the .txt file then quits.
What have I got wrong?
PS: the Symantec install forces a restart once complete, so this would loop again each log in...?
ASKER
I want the script to delete and recreate the mapped drives each logon for stability.
A single IF statement would suffice.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
no, it doesn't.
I removed "IF NOT EXIST "c:\setup_complete.txt" GOTO INSTALL
:INSTALL" from what I wrote above and tried it again.
The .txt file WAS there yet it still copied the setup.exe across and started the install.
I removed "IF NOT EXIST "c:\setup_complete.txt" GOTO INSTALL
:INSTALL" from what I wrote above and tried it again.
The .txt file WAS there yet it still copied the setup.exe across and started the install.
ASKER
oh, ok... that worked. What did I have incorrect? Was it the tabbed lines or the ":QUIT EXIT"?
What am I not understanding about the GOTO command? I thought that it meant goto line named "whatever" and run the command next to it?
What am I not understanding about the GOTO command? I thought that it meant goto line named "whatever" and run the command next to it?
It works like the GOTO command in GWBASIC (way back in the 80s) - jump or skip to the label and continue from there. So in effect it runs all the commands from the label onwards.
What if the file is deleted by a user?
Create an MSI Package, install it through a GPO under software installation. That will install once per PC, and user can't mess with it.
ASKER
@ pritamdutt: once everyone has joined the domain and has the software installed (i'll know by SEP's client list) I will be changing the logon script.
Is there a GPO option to make it so the users don't have to press CTRL+ALT+DEL to login?
Also, can I allow the autologin feature that Windows has in a non-domain environment or would I be best creating a registry file to import that sets the AutoAdminLogon value back to 1 and creates a String value called DefaultPassword (most users will end up with the same password). DefaultUser and DefaultDomain are already set.??? If the latter, how do I do this?
Is there a GPO option to make it so the users don't have to press CTRL+ALT+DEL to login?
Also, can I allow the autologin feature that Windows has in a non-domain environment or would I be best creating a registry file to import that sets the AutoAdminLogon value back to 1 and creates a String value called DefaultPassword (most users will end up with the same password). DefaultUser and DefaultDomain are already set.??? If the latter, how do I do this?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also it is important to note that
See http://support.microsoft.com/kb/324737 for more details.
"Registry change will not work if the “Logon Banner” is defined on the server either by a Group Policy object (GPO) or by a local policy."
See http://support.microsoft.com/kb/324737 for more details.
What about using group policy to push out the client.
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/manuals/installation_guide.pdf
Page 108 is a starting point.
ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/manuals/installation_guide.pdf
Page 108 is a starting point.
ASKER
Thank you
@echo off
if exist "C:\setup_complete.txt" goto end
<code>
:end
(2) We use a similar approach for our windows clients. For your purposes, try net user and net group.
Open in new window