Logon script mapping drives to different groups
I am trying to create a logon script that will map drives to users depending on group. I am just starting to look at Windows scripting so for now I am using a batch file. The old Windows 2003 server had KiXtart install on it and ran the batch files. I have the newest version of Kixtart but am unable to get the script to run past line 3.
When I try to run the script I get:
ERROR: error in USE statement!
Script: \\servername\netlogon\sps-
Line:3
here is a sample of the script:
USE * /d /y
IF INGROUP('IT-Admins')
USE h: \\sps-staff\home\it-admin\
ENDIF
IF INGROUP('Administration')
USE h: \\sps-staff\home\administr
USE i: \\sps-staff\home\office\co
USE p: \\sps-staff\home\public
USE s: \\spssm\sm4d
ENDIF
IF INGROUP('Acct')
USE b: \\sps-staff
ENDIF
IF INGROUP('Office')
USE h: \\sps-staff\home\office\%u
USE i: \\sps-staff\home\office\co
USE p: \\sps-staff\home\public
USE s: \\spssm\sm4d
ENDIF
IF INGROUP('Teacher')
USE h: \\sps-staff\home\teacher\%
USE p: \\sps-staff\home\public
USE s: \\spssm\sm4d
ENDIF
This is what the old script using KiXtart looked like.
When I try to run the script I get:
ERROR: error in USE statement!
Script: \\servername\netlogon\sps-
Line:3
here is a sample of the script:
USE * /d /y
IF INGROUP('IT-Admins')
USE h: \\sps-staff\home\it-admin\
ENDIF
IF INGROUP('Administration')
USE h: \\sps-staff\home\administr
USE i: \\sps-staff\home\office\co
USE p: \\sps-staff\home\public
USE s: \\spssm\sm4d
ENDIF
IF INGROUP('Acct')
USE b: \\sps-staff
ENDIF
IF INGROUP('Office')
USE h: \\sps-staff\home\office\%u
USE i: \\sps-staff\home\office\co
USE p: \\sps-staff\home\public
USE s: \\spssm\sm4d
ENDIF
IF INGROUP('Teacher')
USE h: \\sps-staff\home\teacher\%
USE p: \\sps-staff\home\public
USE s: \\spssm\sm4d
ENDIF
This is what the old script using KiXtart looked like.
Joseph Daly
disregard please.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Example screenshot from one of my servers (It's SBS2003, but works the same way on later versions too).
Remember that this group policy is not a security measure. Actual access control to your shared folders should be done using the security settings and permissions on the shared folder itself. The group policy, the batch file, and the ability for you to only map drives for the desired users is there purely for convenience so the users don't have to map the drive themselves.
Remember that this group policy is not a security measure. Actual access control to your shared folders should be done using the security settings and permissions on the shared folder itself. The group policy, the batch file, and the ability for you to only map drives for the desired users is there purely for convenience so the users don't have to map the drive themselves.
ASKER
I will get this designed hopefully this evening and then present it to the Director. Looks much cleaner than the other way. I will post more after testing.
You may actually want to just create a simple script for each Security Group. One for Accounting, Executives, Customer Service etc. This way, when you create a new User you would point the Login Script field to that particular Security Group script. As Frosty555 stated you don't want the script identifying the access and doing it as I stated would remove that need, and is also the Best Practice.
You also may want to use the 'net use' command
You also may want to use the 'net use' command
ASKER
Sorry for the delay in posting a reply.
I did setup drive mappings within Group Policy and then assigned them to the groups. Works great. Most of my users were already assigned to specific OU's and adding the drive mappings was a breeze.
Machienet, I looked over your suggestion and that would work as well. Having users in multiple buildings and multiple security groups branching down from there made the Group Policy suggestion seem easier to apply.
Everything is working well.
Thanks for the help guys.
I did setup drive mappings within Group Policy and then assigned them to the groups. Works great. Most of my users were already assigned to specific OU's and adding the drive mappings was a breeze.
Machienet, I looked over your suggestion and that would work as well. Having users in multiple buildings and multiple security groups branching down from there made the Group Policy suggestion seem easier to apply.
Everything is working well.
Thanks for the help guys.
ASKER
One more thing. We are using Windows servers 2008/20012 and in the GPE I mapped the drive and didn't actually point to a script. Everything was done within the policy itself. I have tested on my users and everything works well. Is there a reason to point to specific script as shown in the example above?
It's perfectly fine to use the group policy's "Network Drive Mapping" option to map the drive instead of a batch script. It works nicely provided that you can ensure all your clients are Windows XP SP3 or later.
I didn't know what server you had, and since you were using a Kixtart script, I imagined you probably had a pretty old server (Server 2000 or Server 2003), so I didn't mention it.
I didn't know what server you had, and since you were using a Kixtart script, I imagined you probably had a pretty old server (Server 2000 or Server 2003), so I didn't mention it.