Solved

VB Script for active directory logon

Posted on 2012-03-15
26
552 Views
Last Modified: 2012-09-10
Hi all,

I am going to deploy a new AD under windows 2008 to run at logon.  I am seeking a sample script that allows the following functionality:

1. Check if home user directory exists, if it does not, create and set permissions to the user
2. check to see if any drive mappings exist, if they do remove all of them
3. check what groups the user is a member and map drives and printers accordingly
4. if user is a member of VDI group, redirect my documents, desktop, etc to user home directory (i.e. \\myshare\users\%username%\VDI\).
5. check to see that outlook has a default profile if it does not make one and set it (outlook 2007-2010)


I would prefer to do this in VB, I know Windows 2008 has some limited functionality to do some of this but we still have a large number of windows xp systems on the network that can not be upgraded any time soon.

If you need any other questions please ask :)

Thanks!
0
Comment
Question by:smyers051972
  • 9
  • 4
  • 3
  • +4
26 Comments
 
LVL 3

Expert Comment

by:dinsj
Comment Utility
Use powershell it will make your life easier and its backwards compatible so you will be able to use it for your xp pcs.
0
 
LVL 1

Author Comment

by:smyers051972
Comment Utility
I think I would rather do it VB because its going to be a big pain to introduce something new and have to test it and get it approved for use.
0
 
LVL 1

Author Comment

by:smyers051972
Comment Utility
?
0
 
LVL 9

Expert Comment

by:Bob Stone
Comment Utility
Dinsj hit the nail on the head. You can do all that stuff easily in Powershell, it isn't new either, it came out in NT4. With a little bit of searching you can find pretty much any plug-n-play type script for it. Ver 3 in Server 2008 is the easiest one yet.
0
 
LVL 3

Expert Comment

by:dinsj
Comment Utility
powershell is backwards compatible also, so you can save a powershell script with a vbs extension and it will run, if you worried about change control etc
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
powershell is backwards compatible also, so you can save a powershell script with a vbs extension and it will run
Sorry, dinsj, but that is nonsense. A PowerShell script is a PowerShell script, and never can run as VB Script without modification. And "backwards compatible" is not correct, as you cannot use PS2 features with PS1, of course.

Stone, I don't think you are correct with NT4, and PS being of current version 3. We are with PS2, officially, and PS3 is in the works. What we understand as PowerShell now has been introduced later with XP (as an add-on option), and included with Vista and above.

Nevertheless, the point is indeed that PS scripts run on XP, if you install PowerShell (which comes with Windows Update as an option, btw). VBS will refuse to die for the next few years, so there is no reason to not use it.
0
 
LVL 9

Expert Comment

by:Bob Stone
Comment Utility
It was called Windows Script Host back in the days of Win 95/98/NT, a precursor to Powershell.

The preview version of Powershell 3.0 was released in December.
0
 
LVL 3

Expert Comment

by:dinsj
Comment Utility
Qlemo as long as you set the execution policy this can be done
0
 
LVL 9

Expert Comment

by:Bob Stone
Comment Utility
I am not trying to be contrary or anything. It just sounds like he is trying to re-invent the wheel here is all.
0
 
LVL 1

Author Comment

by:smyers051972
Comment Utility
Again I would rather get an example or set of examples to work on in VBS :)
0
 
LVL 15

Expert Comment

by:markdmac
Comment Utility
My login script faq has much of what you are looking for.
Http://www.tek-tips.com/faqs.cfm?fid=5798

Also look at my blog for the code to set the permissions on the folders:
Http://www.thespidersparlor.com/technicalblog/?p=9

Also you are correct about PowerShell.  In order for a PowerShell script to execute locally, PowerShell must be installed on the PC.  A PowerShell script that makes remote calls to a Pc can do so using WMI which has been around forcsome time, but that will not help you in this case.

PowerShell was first introduced with Windows 7 and was back ported for XP and Vista where you can manually install it.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 29

Expert Comment

by:pwindell
Comment Utility
I don't understand why anyone wants to "reinvent the wheel" with a "script".  Everything he wants to do is already a normal part of User Account Properties,....Roaming Profiles,...Folder Redirection,...and Offline Files,...and probably a few other functions in the OS.   Just use the correct combination of those things and be done with it and forget about stupid "scripts" for everything.  I've been doing this stuff since most of todays Admins were in grade school and have done it without having to write Scripts to do things that are already built into the OS in the first place if you just use it properly.
0
 
LVL 15

Expert Comment

by:markdmac
Comment Utility
Pwindell, I have been "doing this stuff" for 17 years and find your comments to be offensive.As someone who taught VBScript as a Microsoft employee I can say there is nothing "stupid" about scripting.   There are reasons to do what the OP is requesting, so if you disagree then post viable alternatives without denegration.
0
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
Then you get offended too easy.  Scripting is not stupid "globally".  I have written a few VBScripts used in ASP Classic in a few of our Web Apps.  But needless scripting,...is exactly that,..needless.  When the OS already has functionality to do that job all scripting does is make things more complicated and cause there to have to be more documentation to cover it.  I actually think that way too many Admins do it for job security,...so they are the only ones who know how it works.  Then of course they eventually leave and go to a new job and anyone coming in after them has a mess on their hands to figure out how things were done.

so if you disagree then post viable alternatives without denegration.

I did exactly that.  It was only your personal interpretation of what I wrote that considered it degenerative.   If you've been doing this 17 years then that is enough time to learn to not be so thin skinned.
0
 
LVL 15

Expert Comment

by:markdmac
Comment Utility
I will agree to disagree.  I personally don't like folder redirection policies.  They don't work well with laptop users and create problems with registry tattooing when you later want to move to new servers.  Scripting provides a central point of administration that when documented properly is easier to maintain.

GPP is certainly a good way to go to eliminate a lot of the OPs needs, however getting CSE to install on legacy systems is often problematic.  As the request for help was for a VB solution I think it appropriate to offer the requested advice without declaring the requested solution as stupid.
0
 
LVL 1

Author Comment

by:smyers051972
Comment Utility
Just to inform you the folder redirection policy would only be for a group, not globally, this is for VDI desktops so they would not be mobile in that sense.

As for everything that is located in the users profile, its not complete as I would like it and I would rather do it the way I am used to doing it, considering that some of the VDI desktops are Windows XP, server 2008 can't fully manage those areas.  

In my opinion at least I would just rather stick to VBS, its easier for me to manage as well.
0
 
LVL 1

Author Comment

by:smyers051972
Comment Utility
@markdmac

The first link looks really good and I think I will use part of that, the second one about the permissions I am not sure will do it though, what it needs to do is:

1. at login, check to see if their home folder exists for example: \\server\users\%username%
2. if it does not, create it
3. if it was created, assign permissions to that folder giving them full rights to it

I am not sure if this piece is viable or not, it might take a script to run on a server as an admin, every hour or so to compare users in AD then check to see if the home folders exist and do the above if they do not.

I realize the second option might be taxing on a server but I have a lot of resources to work with on that particular system.
0
 
LVL 15

Expert Comment

by:markdmac
Comment Utility
Tied up at work but will reply later with sample code for you.
0
 
LVL 1

Author Comment

by:smyers051972
Comment Utility
No problem, thanks for the reply :)
0
 
LVL 1

Author Comment

by:smyers051972
Comment Utility
Any follow ups? :)
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
I am going to deploy a new AD under windows 2008 to run at logon.  I am seeking a sample script that allows the following functionality:

1. Check if home user directory exists, if it does not, create and set permissions to the user



2. check to see if any drive mappings exist, if they do remove all of them
3. check what groups the user is a member and map drives and printers accordingly


2 sources: http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_24495343.html
http://thisishelpful.com/powershell-login-script-map-network-drives-printers-applicaton-settings.html


4. if user is a member of VDI group, redirect my documents, desktop, etc to user home directory (i.e. \\myshare\users\%username%\VDI\).


group policy already has this


5. check to see that outlook has a default profile if it does not make one and set it (outlook 2007-2010)

see http://www.howto-outlook.com/howto/deployprf.htm
0
 
LVL 1

Accepted Solution

by:
smyers051972 earned 0 total points
Comment Utility
Closing this question, neglected for months.
0
 
LVL 1

Author Closing Comment

by:smyers051972
Comment Utility
Neglected
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now