• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1219
  • Last Modified:

VBScript - Logon Script for home users

Scenario:
I have users working from home (25% of their time) using their personal computers to VPN into the network.  Users need access to their mapped drives when working from home.  Providing instructions to end-users on mapping drives has not been greatly UNsuccessful and has generated a number of helpdesk requests.  

Desired Outcome:
Create a custom logon script for home users to map drives.  Modify the existing logon script (vbscript) for this purpose.

Challenge(s):
Home users are logging into their home computer and not providing domain credentials.  The users home folder is mapped via AD User Profile property settings and not a logon script.  Include error handling, should the user input an invalid uname\pword they are prompted to retype these values

I hope that is enough detail to get us started.  So far I’ve been able to modify my script to  request network credentials but I am quickly outreaching my level of scripting competency.  I’ve looked at the following two scripts (below) and they appear to contain the elements that I need:

A)      Using the provided credentials, Query AD to get the list of groups to which the users belongs.
B)      Using the provided credentials,  Query AD to get the home folder path for the user.

What I need help with now, is mashing these together with a bit of error control should the user input invalid credentials.

Query AD for group membership:
http://www.rlmueller.net/ADOAltCredentials.htm

Query to obtain Home Folder path:
http://www.vistax64.com/vb-script/193883-user-home-folder-management.html

Thanks for your help!
0
lpbenergy
Asked:
lpbenergy
  • 3
  • 3
  • 2
2 Solutions
 
Steve KnightIT ConsultancyCommented:
I don't have time to write this up specifically for you at the moment but I do have a script I wrote which you may be able to pull the relevant parts out of or give some pointers.

http://scripts.dragon-it.co.uk/links/vbscript-login-script

That does drive mappings, OU and group checks etc. amongst other things along with an IE based status window.

Steve
0
 
lpbenergyAuthor Commented:
Thanks Steve, I will take a look and see if I can use it.
0
 
Steve KnightIT ConsultancyCommented:
Ok.  Real busy time at the moment before kids go back to school amongst other things...

Just post back any questions or issues and will help if I can, reading your question better it is a little different to how I imagined it anyway.

Steve
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
RobSampsonCommented:
Hi, this is a HTA, but if you put this HTA on the users desktop (as MapDrives.hta) and run it, it should be able to map the drives for the home drive, and by group membership as well.

The first thing you need to change it this:
	' Specify a server (Domain Controller).
	strServer = "YOURPDC"

Open in new window


and then you can configure "global" groups here:
	' Configure your global resources here - they will be connected for every user
	MapDrive "Z:","\\Server\User Storage\Pupils\" & lisYear.value & "\" & txtName
	MapDrive "T:","\\Server\student shared$"

Open in new window


and your group membership mappings are configured in the MapDriveByGroup sub procedure.

Hopefully it works out for you.

Regards,

Rob.

<html>
<head>
<title>Drive Mapper</title>
<HTA:APPLICATION 
     APPLICATIONNAME="Drive Mapper"
     SCROLL="no"
     SINGLEINSTANCE="yes"
     WINDOWSTATE="normal"
>
<STYLE>
body {
	padding-top:20px;
	text-align:center;
}
td,input	{
	font-family:Verdana;
	font-size:12pt;
}
a	{
	font-size:9pt;
	font-family:Verdana;
}
</STYLE>
<SCRIPT LANGUAGE=VBScript>
Set objNetwork = CreateObject("Wscript.Network")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Sub Window_OnLoad
	Dim X, Y, strComputer, objWMIService, colItems, objItem, intHorizontal, strYear
	X=500
	Y=250
	window.resizeTo X,Y
		' resize the HTA
	strComputer = "."
	Set objWMIService = GetObject("Winmgmts:\\" & strComputer & "\root\cimv2")
	Set colItems = objWMIService.ExecQuery("Select * From Win32_DesktopMonitor")
	For Each objItem in colItems
		intHorizontal = objItem.ScreenWidth
		intVertical = objItem.ScreenHeight
	Next
	window.moveTo (intHorizontal - X) / 2, (intVertical - Y) / 2
		' centre it
	txt_Username.value=objNetwork.UserName
	txt_Username.focus
End Sub

Sub btn_Configure_OnClick
	If txt_Username.value="" Then
		MsgBox "Please enter your name",16,"ERROR"
		txtName.focus
		Exit Sub
	End If
	If txt_Password.value="" Then
		MsgBox "Please enter your password",16,"ERROR"
		txtPassword.focus
		Exit Sub
	End If
	
	' This will call the GetGroupMembership sub which will in turn call the MapDriveByGroup sub
	GetGroupMembership
	' Configure your global resources here - they will be connected for every user
	MapDrive "Z:","\\Server\User Storage\Pupils\" & lisYear.value & "\" & txtName
	MapDrive "T:","\\Server\student shared$"
	'
	
	MsgBox "Network resources have been configured",64,"DONE"
End Sub

Sub MapDrive(DriveLetter,DrivePath)
	If objFSO.DriveExists(DriveLetter) Then
		objNetwork.RemoveNetworkDrive DriveLetter, True
	End If
	objNetwork.MapNetworkDrive DriveLetter, DrivePath, False, txt_Username.value, txt_Password.value
End Sub

Sub MapDriveByGroup(sGroupName)
	Select Case LCase(sGroupName)
		Case LCase("IT")
			MapDrive "G:", "\\server\IT_Share"
		Case LCase("HR")
			MapDrive "G:", "\\server\HR_Share"
	End Select
End Sub

Sub GetGroupMembership
	Const ADS_SECURE_AUTHENTICATION = &H1
	Const ADS_SERVER_BIND = &H200
	
	' Specify a server (Domain Controller).
	strServer = "YOURPDC"
	
	' Specify or prompt for credentials.
	strUser = txt_username.value
	strPassword = txt_password.value
	
	' Determine DNS domain name. Use server binding and alternate
	' credentials. The value of strDNSDomain can also be hard coded.
	Set objNS = GetObject("LDAP:")
	On Error Resume Next
	Set objRootDSE = objNS.OpenDSObject("LDAP://" & strServer & "/RootDSE", strUser, strPassword, ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION)
	If Err.Number = 0 Then
		strDNSDomain = objRootDSE.Get("defaultNamingContext")
		
		' Use ADO to search Active Directory.
		' Use alternate credentials.
		Set adoCommand = CreateObject("ADODB.Command")
		Set adoConnection = CreateObject("ADODB.Connection")
		adoConnection.Provider = "ADsDSOObject"
		adoConnection.Properties("User ID") = strUser
		adoConnection.Properties("Password") = strPassword
		adoConnection.Properties("Encrypt Password") = True
		adoConnection.Properties("ADSI Flag") = ADS_SERVER_BIND Or ADS_SECURE_AUTHENTICATION
		adoConnection.Open "Active Directory Provider"
		Set adoCommand.ActiveConnection = adoConnection
		
		' Search entire domain. Use server binding.
		strBase = "<LDAP://" & strServer & "/" & strDNSDomain & ">"
		
		' Search for all users.
		strFilter = "(&(objectCategory=person)(objectClass=user)(samAccountName=" & strUser & "))"
		
		' Comma delimited list of attribute values to retrieve.
		strAttributes = "distinguishedName"
		
		' Construct the LDAP query.
		strQuery = strBase & ";" & strFilter & ";" _
		     & strAttributes & ";subtree"
		
		' Run the query.
		adoCommand.CommandText = strQuery
		adoCommand.Properties("Page Size") = 100
		adoCommand.Properties("Timeout") = 30
		adoCommand.Properties("Cache Results") = False
		Set adoRecordset = adoCommand.Execute
		
		' Enumerate the resulting recordset.
		strDN = ""
		Do Until adoRecordset.EOF
		     ' Retrieve values.
		     strDN = adoRecordset.Fields("distinguishedName").Value
		     adoRecordset.MoveNext
		Loop
		If strDN = "" Then
			MsgBox "User " & strUser & " was not found."
		Else
			Set objUser = GetObject("LDAP://" & strDN)
			' This line will map the home drive of the user
			MapDrive objUser.HomeDrive, objUser.HomeDirectory
			' Now we will map the other drives by group membership
			If TypeName(objUser.MemberOf) = "Empty" Then
				MsgBox "You are not a member of any groups."
			ElseIf TypeName(objUser.MemberOf) = "String" Then
				strGroupName = Mid(Split(objUser.MemberOf, ",")(0), 4)
				MapDriveByGroup strGroupName
			Else
				For Each strGroup In objUser.MemberOf       'Walk through the groups that user is a member of
					strGroupName = Mid(Split(strGroup, ",")(0), 4)              'Get the group name
				    MapDriveByGroup strGroupName
				Next
			End If

		End If
	Else
		MsgBox "Connection failure.  Wrong password?"
	End If
	Err.Clear
	On Error GoTo 0
End Sub
</SCRIPT>
</head>
<body>
<table>
<tr>
	<td>Enter your username?<br/></td>
	<td><input type="text" id="txt_Username" name="txt_Username" /></td>
</tr>
<tr>
	<td>What is your password?</td>
	<td><input type="password" id="txt_Password" name="txt_Password" /></td>
</tr>
<tr>
	<td colspan="2">&nbsp;</td>
</tr>
<tr>
	<td colspan="2" align="center"><input type="button" value="Configure Resources" id="btn_Configure" /></td>
</tr>
</table>
</body>
</html>

Open in new window

0
 
lpbenergyAuthor Commented:
Thanks Rob, it first glance it appears that your script has many of the elements I am looking for.  I'll take a look and let you know how it goes.
0
 
lpbenergyAuthor Commented:
Thanks to you both for your submissions I liked them both.  I gave Rob Sampson higher points because his solution is a closer fit to what I am requesting.  Dragon-IT, i really like what you are doing with the IE Popup.  I am going to try and utilize it in my next script.

Nice work both of you.
0
 
Steve KnightIT ConsultancyCommented:
No problem, can't remember where I saw it originally but it has been much fiddled with, and in environments with IE in known states normally.  If you get stuck with any of it post a new question and a link back here and we'll see it.

Steve
0
 
RobSampsonCommented:
Thanks for the grade.

Rob.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now