Solved

Writing a batch file

Posted on 2013-12-26
6
810 Views
Last Modified: 2013-12-29
To all the scripting guru's out there (admittedly I am not one)... I know enough about active directory to know that it is possible (preferred) to have drive mapping done by security permissions, but alas, I missed that class of scripting 101. What I would like is to have a script that has an array of possible drives to be mapped but will only map the drives if the appropriate NTFS permissions are met, any assistance to this end would be very well appreciated.
This can be accomplished using either Visual Basic, a Batch file, or Powershell whatever the preferred method I would like it to be scalable and easy so changes can be made on the fly with even the least savvy IT person able to edit it, thanks.
Working in a Windows environment with Win 7 and a mix of Server 2003 and 2008 R2, this would be a logon script an added bonus would be to have the same script be able to assign printer based on group security permissions too...
0
Comment
Question by:juslearning
  • 2
  • 2
6 Comments
 
LVL 9

Expert Comment

by:tsaico
Comment Utility
It isn't actually scripting really, and it easier to do through AD- IMHO.
http://www.howtogeek.com/99403/it-how-to-map-network-drives-on-windows-clients-via-group-policy/

is a decent one on this.  My only comment is to make your names of the security groups or your GPO reflect the drive letters (if it matters) or more descriptive as possible.    They kind of gloss over this, so in AD, you would have already made a security group that allows access to the drive.  I also remove the default authenticated users from the second window and add my security group in AD.  I tend to use the same one if possible, so the drive only shows up if they also have rights to do something in it.

If you leave it as authenticated user, then everyone will get the drive, but when they double click it will say access denied.

When you want a particular person to have a drive, you will then jsut add them in AD to the security group you had the GPO apply to, then have them log out and back in...
0
 

Author Comment

by:juslearning
Comment Utility
Part of the issue is I do not want to handle it using GPOs as not all folks following me in the job will be savvy with AD and GPOs also I am low in the totem pole regarding domain level rights. So keeping it local with regards to a logon script so that anyone with local domain admin rights can edit, makes life easier and less to explain, you know what I mean?
0
 
LVL 9

Accepted Solution

by:
tsaico earned 150 total points
Comment Utility
Not really, since the term "local domain admin" refers to a user who can do what they want anywhere, regardless if at local or domain level.  If you mean local admin rights, then this is also a bad idea since your end users should not have local admin rights.  But regardless, if that the direction you wanted to go in, that is entirely your prerogative.  I know sometimes politics or personalities can interfere with managing systems.

So back to the OP,
http://www.robvanderwoude.com/loginscripts.php

I found was a decent site for scripting help.  In your case, you can hid the kixart and VB stuff, then focus on how to do drive mapping on a group membership basis.  (command line)  When you get the immediate need done, then you can start checking out the VBscripting part and start practicing on that.

It also has information on how to add to the batch doing network printers, since that is usually the second thing admins want to do after drives and that can make your life easier too, which is really what any of this stuff is for.
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
I have an example login script here too in VBScript of mine which shows results in a status window using IE etc.

http://scripts.dragon-it.co.uk/links/vbscript-login-script

For anything new I would be using Group Policy preferences too, otherwise a group policy based login script allocated to relevant containers, though I understand that some people do prefer to point specific user login scripts using their user property instead / aswell.

Whichever way you end up doing it you aren't going to get the drives mapped based on the NTFS permissions, aside from anything else you could have NTFS permissions allowing / denying access for a user at  x:\somedir but they have access to a specific file in that dir or a level durther down.

Share permissions you could read I suppose but the most logical is to use groups, either:

Group "Map drive X to server1-share1" - check for this in login script
Group "Some users in this group" - put users in this group, and put group in "Map x drive ...." etc. or check if the user is in "some users in this group" and map the drive.

Other more logical ways of course is to use DFS, the user has one or more drives mapped to \\domain.local\dfs-share  and then under that you create links to the actual shares they need.

Waffled on a lot more than intended to there but you get the idea, ask questions if needed.
Steve
0
 

Author Comment

by:juslearning
Comment Utility
I will test these out first thing when I return to work, thanks so far for all the input...
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This script checks a path to see if a folder exists. If the folder does exist you will get output "The folder has previously been created. No action taken" If not it will create the folder. Then adds one user modify permission to the folder. It …
Email signature management is something that is often overlooked in many organizations or is simply not implemented effectively. Let's take a look at what methods are available for managing this important piece of corporate branding.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now