[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

VBScript - Logon Script for home users

Posted on 2012-08-30
8
Medium Priority
?
1,204 Views
Last Modified: 2012-09-25
Scenario:
I have users working from home (25% of their time) using their personal computers to VPN into the network.  Users need access to their mapped drives when working from home.  Providing instructions to end-users on mapping drives has not been greatly UNsuccessful and has generated a number of helpdesk requests.  

Desired Outcome:
Create a custom logon script for home users to map drives.  Modify the existing logon script (vbscript) for this purpose.

Challenge(s):
Home users are logging into their home computer and not providing domain credentials.  The users home folder is mapped via AD User Profile property settings and not a logon script.  Include error handling, should the user input an invalid uname\pword they are prompted to retype these values

I hope that is enough detail to get us started.  So far I’ve been able to modify my script to  request network credentials but I am quickly outreaching my level of scripting competency.  I’ve looked at the following two scripts (below) and they appear to contain the elements that I need:

A)      Using the provided credentials, Query AD to get the list of groups to which the users belongs.
B)      Using the provided credentials,  Query AD to get the home folder path for the user.

What I need help with now, is mashing these together with a bit of error control should the user input invalid credentials.

Query AD for group membership:
http://www.rlmueller.net/ADOAltCredentials.htm

Query to obtain Home Folder path:
http://www.vistax64.com/vb-script/193883-user-home-folder-management.html

Thanks for your help!
0
Comment
Question by:lpbenergy
  • 3
  • 3
  • 2
8 Comments
 
LVL 43

Assisted Solution

by:Steve Knight
Steve Knight earned 600 total points
ID: 38353343
I don't have time to write this up specifically for you at the moment but I do have a script I wrote which you may be able to pull the relevant parts out of or give some pointers.

http://scripts.dragon-it.co.uk/links/vbscript-login-script

That does drive mappings, OU and group checks etc. amongst other things along with an IE based status window.

Steve
0
 

Author Comment

by:lpbenergy
ID: 38354037
Thanks Steve, I will take a look and see if I can use it.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 38356011
Ok.  Real busy time at the moment before kids go back to school amongst other things...

Just post back any questions or issues and will help if I can, reading your question better it is a little different to how I imagined it anyway.

Steve
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 65

Accepted Solution

by:
RobSampson earned 1400 total points
ID: 38362175
Hi, this is a HTA, but if you put this HTA on the users desktop (as MapDrives.hta) and run it, it should be able to map the drives for the home drive, and by group membership as well.

The first thing you need to change it this:
	' Specify a server (Domain Controller).
	strServer = "YOURPDC"

Open in new window


and then you can configure "global" groups here:
	' Configure your global resources here - they will be connected for every user
	MapDrive "Z:","\\Server\User Storage\Pupils\" & lisYear.value & "\" & txtName
	MapDrive "T:","\\Server\student shared$"

Open in new window


and your group membership mappings are configured in the MapDriveByGroup sub procedure.

Hopefully it works out for you.

Regards,

Rob.

<html>
<head>
<title>Drive Mapper</title>
<HTA:APPLICATION 
     APPLICATIONNAME="Drive Mapper"
     SCROLL="no"
     SINGLEINSTANCE="yes"
     WINDOWSTATE="normal"
>
<STYLE>
body {
	padding-top:20px;
	text-align:center;
}
td,input	{
	font-family:Verdana;
	font-size:12pt;
}
a	{
	font-size:9pt;
	font-family:Verdana;
}
</STYLE>
<SCRIPT LANGUAGE=VBScript>
Set objNetwork = CreateObject("Wscript.Network")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Sub Window_OnLoad
	Dim X, Y, strComputer, objWMIService, colItems, objItem, intHorizontal, strYear
	X=500
	Y=250
	window.resizeTo X,Y
		' resize the HTA
	strComputer = "."
	Set objWMIService = GetObject("Winmgmts:\\" & strComputer & "\root\cimv2")
	Set colItems = objWMIService.ExecQuery("Select * From Win32_DesktopMonitor")
	For Each objItem in colItems
		intHorizontal = objItem.ScreenWidth
		intVertical = objItem.ScreenHeight
	Next
	window.moveTo (intHorizontal - X) / 2, (intVertical - Y) / 2
		' centre it
	txt_Username.value=objNetwork.UserName
	txt_Username.focus
End Sub

Sub btn_Configure_OnClick
	If txt_Username.value="" Then
		MsgBox "Please enter your name",16,"ERROR"
		txtName.focus
		Exit Sub
	End If
	If txt_Password.value="" Then
		MsgBox "Please enter your password",16,"ERROR"
		txtPassword.focus
		Exit Sub
	End If
	
	' This will call the GetGroupMembership sub which will in turn call the MapDriveByGroup sub
	GetGroupMembership
	' Configure your global resources here - they will be connected for every user
	MapDrive "Z:","\\Server\User Storage\Pupils\" & lisYear.value & "\" & txtName
	MapDrive "T:","\\Server\student shared$"
	'
	
	MsgBox "Network resources have been configured",64,"DONE"
End Sub

Sub MapDrive(DriveLetter,DrivePath)
	If objFSO.DriveExists(DriveLetter) Then
		objNetwork.RemoveNetworkDrive DriveLetter, True
	End If
	objNetwork.MapNetworkDrive DriveLetter, DrivePath, False, txt_Username.value, txt_Password.value
End Sub

Sub MapDriveByGroup(sGroupName)
	Select Case LCase(sGroupName)
		Case LCase("IT")
			MapDrive "G:", "\\server\IT_Share"
		Case LCase("HR")
			MapDrive "G:", "\\server\HR_Share"
	End Select
End Sub

Sub GetGroupMembership
	Const ADS_SECURE_AUTHENTICATION = &H1
	Const ADS_SERVER_BIND = &H200
	
	' Specify a server (Domain Controller).
	strServer = "YOURPDC"
	
	' Specify or prompt for credentials.
	strUser = txt_username.value
	strPassword = txt_password.value
	
	' Determine DNS domain name. Use server binding and alternate
	' credentials. The value of strDNSDomain can also be hard coded.
	Set objNS = GetObject("LDAP:")
	On Error Resume Next
	Set objRootDSE = objNS.OpenDSObject("LDAP://" & strServer & "/RootDSE", strUser, strPassword, ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION)
	If Err.Number = 0 Then
		strDNSDomain = objRootDSE.Get("defaultNamingContext")
		
		' Use ADO to search Active Directory.
		' Use alternate credentials.
		Set adoCommand = CreateObject("ADODB.Command")
		Set adoConnection = CreateObject("ADODB.Connection")
		adoConnection.Provider = "ADsDSOObject"
		adoConnection.Properties("User ID") = strUser
		adoConnection.Properties("Password") = strPassword
		adoConnection.Properties("Encrypt Password") = True
		adoConnection.Properties("ADSI Flag") = ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION
		adoConnection.Open "Active Directory Provider"
		Set adoCommand.ActiveConnection = adoConnection
		
		' Search entire domain. Use server binding.
		strBase = "<LDAP://" & strServer & "/" & strDNSDomain & ">"
		
		' Search for all users.
		strFilter = "(&(objectCategory=person)(objectClass=user)(samAccountName=" & strUser & "))"
		
		' Comma delimited list of attribute values to retrieve.
		strAttributes = "distinguishedName"
		
		' Construct the LDAP query.
		strQuery = strBase & ";" & strFilter & ";" _
		     & strAttributes & ";subtree"
		
		' Run the query.
		adoCommand.CommandText = strQuery
		adoCommand.Properties("Page Size") = 100
		adoCommand.Properties("Timeout") = 30
		adoCommand.Properties("Cache Results") = False
		Set adoRecordset = adoCommand.Execute
		
		' Enumerate the resulting recordset.
		strDN = ""
		Do Until adoRecordset.EOF
		     ' Retrieve values.
		     strDN = adoRecordset.Fields("distinguishedName").Value
		     adoRecordset.MoveNext
		Loop
		If strDN = "" Then
			MsgBox "User " & strUser & " was not found."
		Else
			Set objUser = GetObject("LDAP://" & strDN)
			' This line will map the home drive of the user
			MapDrive objUser.HomeDrive, objUser.HomeDirectory
			' Now we will map the other drives by group membership
			If TypeName(objUser.MemberOf) = "Empty" Then
				MsgBox "You are not a member of any groups."
			ElseIf TypeName(objUser.MemberOf) = "String" Then
				strGroupName = Mid(Split(objUser.MemberOf, ",")(0), 4)
				MapDriveByGroup strGroupName
			Else
				For Each strGroup In objUser.MemberOf       'Walk through the groups that user is a member of
					strGroupName = Mid(Split(strGroup, ",")(0), 4)              'Get the group name
				    MapDriveByGroup strGroupName
				Next
			End If

		End If
	Else
		MsgBox "Connection failure.  Wrong password?"
	End If
	Err.Clear
	On Error GoTo 0
End Sub
</SCRIPT>
</head>
<body>
<table>
<tr>
	<td>Enter your username?<br/></td>
	<td><input type="text" id="txt_Username" name="txt_Username" /></td>
</tr>
<tr>
	<td>What is your password?</td>
	<td><input type="password" id="txt_Password" name="txt_Password" /></td>
</tr>
<tr>
	<td colspan="2">&nbsp;</td>
</tr>
<tr>
	<td colspan="2" align="center"><input type="button" value="Configure Resources" id="btn_Configure" /></td>
</tr>
</table>
</body>
</html>

Open in new window

0
 

Author Comment

by:lpbenergy
ID: 38365478
Thanks Rob, it first glance it appears that your script has many of the elements I am looking for.  I'll take a look and let you know how it goes.
0
 

Author Closing Comment

by:lpbenergy
ID: 38433554
Thanks to you both for your submissions I liked them both.  I gave Rob Sampson higher points because his solution is a closer fit to what I am requesting.  Dragon-IT, i really like what you are doing with the IE Popup.  I am going to try and utilize it in my next script.

Nice work both of you.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 38433597
No problem, can't remember where I saw it originally but it has been much fiddled with, and in environments with IE in known states normally.  If you get stuck with any of it post a new question and a link back here and we'll see it.

Steve
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 38434857
Thanks for the grade.

Rob.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Suggested Courses
Course of the Month18 days, 18 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question