windows 8 / server 2012 logon scripts

When we switched a few computers to windows 8 and windows 2012, I've noticed the logon scripts not mounting network drives anymore. If we run the scripts manually, then everything works as expected.

I have a script that maps a network share and printers, but when the logon script runs (as the user logs in), only the printers map. The network share *does not* map.  If I log in, and run the script - via windows explorer - (\\server\netlogon\logon.vbs) then the network drive maps as normal. Did something change with the new editions of desktop/server os.

I tried to enable netlogon logging, but I didn't see anything relevant.

here is the relevant portion of my code:
Note: in the process of testing, after moving files, the DCSERVER and PRINTSERVER will be the same.

Const G_DCSERVER="\\old_dc"
Const G_PRINT_SERVER="\\new_dc"

Set oNetwork = CreateObject("WScript.Network")
strUserName = oNetwork.Username
oNetwork.MapNetworkDrive "h:", G_DCSERVER & "\home$\" & strUsername
 
 oNetwork.AddWindowsPrinterconnection G_PRINT_SERVER & "\printer 1"
 oNetwork.AddWindowsPrinterconnection G_PRINT_SERVER & "\printer 2"
camstutzAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ZamZ0Commented:
Why not use a batch file?


net use X: \\server\share


Or you could use a GPO

User Configuration\Preferences\Windows Settings\Drive Maps
0
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
I always use batch for my login scrips, vbscript absolutely gets finicy between editions of windows, though I'm not aware of any changes to 2012 that would be causing your issue.

The only thing that comes to mind are issues gaining permission to run the script from \\domain.com\netlogon\…yourscript.vbs?

Have you logged on as that user and browsed to the script?
0
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
PS, if you really want to use the vb script, try preffacing it with cscript

 cscrpt "\\domain.com\netlogon\…yourscript.vbs"

Open in new window

0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

camstutzAuthor Commented:
I have logged in as the user and can run the script from windows explorer. I type in \\dc\netlogon\logon.vbs and things run fine. I will try the cscript idea tomorrow. The same script that works fine on a 2008R2 server and win 7 machines.  But as soon as we added windows 8 machines to the mix, the windows 8 machines do not run the script. The windows 7 machines do run the script still. I believe it is something with windows 8 / server 2012 and how it might handle scripts. No proof, just conjecture.
0
ZamZ0Commented:
So why not use another method? Just curious
0
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
PS the command is "cscript", not "cscrpt".
0
camstutzAuthor Commented:
I read this this: http://powershell.org/wp/forums/topic/windows-8-and-logon-scripts/

It is potentially the UAC getting in the way. I know the GPO can map drives, but I am not certain that the GPO can check which groups a user is in before mapping a drive. I will have to research. I am going to try the cscript idea.
0
camstutzAuthor Commented:
in my case, it doesn't seem the UAC is on.
0
camstutzAuthor Commented:
just realized that I can create multiple GPO's and assign it to the specific OU.
0
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
Group based drive mapping is possible with Batch.

  If your VB script isn't working, honestly that would be your Go-To Simple solution verses multiple GPOs assigned to multiple OUs.

  The alternative is trying to keep your OU Structure the same as your group memberships which can be an administrative nightmare; making sure to move users to new OUs based on changes to group memberships and vice verse; etc.

  Either you have time to invest in fixing the VBScript issue, or you need a solution immediately, that won;t create a mess of head-aches later-on, as even if your organization is simple enough to work by using a few OUs now with only minor administrative overhead this will not always be the case int he future.

If you need a solution to get yourself up and running right his minute, just use batch, and then if you like the Vb, fix it afterwards.

Below is a script I wrote some time ago to map drives based on group membership, it runs on Windows 2000 through Windows 2012, and will get you up and running quickly.


::----------------------------------------------------------------------------::
:: Script Name: DOIFMEMBER.bat												  ::
:: Version: 1.2																  ::
:: Copyright: Ben Personick													  ::
:: Date: 2010-08-21															  ::
::----------------------------------------------------------------------------::
:Begin-Script
	ECHO OFF
	:Start-Prep
		SET "GroupStart=FALSE"
		SET "GroupList=_"
		FOR /F "Tokens=1-3 Delims=*" %%U IN ('net user "%username%" /domain 2^>^&1 ') DO CALL :Start-Get-Group-Membership "%%U" "%%V" "%%W"
		SET GroupList=%GroupList:_, =%
		ECHO GroupList for %UserName%: %GroupList%
	:End-Prep

	:Start-Main

		:Start-Map-Domain-Users
			CALL :Start-IFMEMBER "Domain Users"
			IF "%ISMEMBER%"=="NO" GOTO :End-Script
			ECHO "%UserName%" Is a Member of "%IFMEMBER%"
                        ECHO NET USE * /D /Y
			ECHO NET USE A: \\SERVER\Share\Somedir\ /P
			ECHO NET USE H: \\SERVER\Home$\%UserName%\ /P
			ECHO NET USE P: \\SERVER\Share\Public\ /P
		:End-Map-Domain-Users

		:Start-Map-Operations
			CALL :Start-IFMEMBER "Operations"
			IF "%ISMEMBER%"=="NO" GOTO End-Map-Operations
			ECHO %UserName% Is a Member of %IFMEMBER%
			ECHO NET USE O: \\SERVER\Share\Operations\ /P
			ECHO NET USE L: \\SERVER\Share\Love\ /P
		:End-Map-Operations

		:Start-Map-Domain-Admins
			CALL :Start-IFMEMBER "Domain Admins"
			IF "%ISMEMBER%"=="NO" GOTO End-Map-Domain-Admins
			ECHO NET USE I: \\SERVER\Share\IT\ /P
		:End-Map-Domain-Admins
		
	:End-Main
	GOTO End-Script
	:Start-Subs
		:Start-IFMEMBER
			SET "IFMEMBER=%~1"&SET "ISMEMBER=NO"
			ECHO IFMEMBER == %IFMEMBER% and ISMEMBER == %ISMEMBER%
			FOR %%G IN (%GroupList%) DO IF /I %%G=="%IFMEMBER%" SET "ISMEMBER=YES"
			ECHO IFMEMBER == %IFMEMBER% and ISMEMBER == %ISMEMBER%
			GOTO :EOF
		:End-IFMEMBER
		:Start-Get-Group-Membership
			SET "Term=%~n1"&SET "GroupA=%~n2"&SET "GroupB=%~n2"
			::ECHO "%Term%" "%GroupA%" "%GroupB%"
			IF /I "%GroupStart%"=="FALSE" FOR /F %%F IN ('ECHO "%Term%" ^| Find /I "Group"') DO SET "GroupStart=TRUE"
			IF /I "%GroupStart%" NEQ "FALSE" SET GroupList=%GroupList%, "%GroupA%", "%GroupB%"
			GOTO :EOF
		:End-Get-Group-Membership
	:End-Subs
:End-Script
ECHO The Script Is Exiting.

Open in new window


NOTE: The Above Script has "ECHO" in front of all the drive mapping lines so you can test it.
Also, and there are a lot of niceties that can be I put into my newer scripts, but works solidly.

PS: Once you see this script working, try gutting it and put just the following line in to the batch file, and see if your vbscript runs then.

 CScript "\\yourdomain.com\netlogon\path\yourscript.vbs"

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
camstutzAuthor Commented:
Hello All,

it has been busy here at the office and I just now got started working on this again. Thanks to all that posted, I will have to do some catching up on reading. I found the answer to get VBscript to map drives in 8 / Server 2012. Apparently when you turn the UAC off via the GUI, it doesn't actually turn off. You have to modify a registry.

Disabling UAC in 8/2012 Reference: https://social.technet.microsoft.com/wiki/contents/articles/13953.windows-server-2012-deactivating-uac.aspx

Another good Reference
http://www.ezaudit.net/faq/uac_and_logon_scripts.pdf

I found a good work around to get rid of the scripts and set multiple GPO's. This seems to work regardless of the UAC setting.

I am awarding points to ZamZ0 for suggesting to try something else and for QCubed taking the time to write/post the bat file with good information on administration nightmare.
0
camstutzAuthor Commented:
Don't want to resurrect an old post, I just wanted to post one more link for future reference for those who come across this.

http://blogs.technet.com/b/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspx
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.