Solved

Login Script to map drives based on group membership

Posted on 2014-01-14
11
6,899 Views
Last Modified: 2014-01-27
I'm looking to map drives based upon group memberships.  I had a scr file I was using at a previous work place to accomplish this.  I would just copy and paste a previous entry and update the group name and unc path to the share.  Would someone have a sample file they could post to me that I could just edit the group name and unc path to fit my network?
0
Comment
Question by:bsjj2727
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39781222
What OS are you running on the desktop/server.  The reason I ask is because you can use group policy preferences to do this an eliminate the need for the login scripts.  More on that here

https://blogs.technet.com/b/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspx

Thanks

Mike
0
 

Author Comment

by:bsjj2727
ID: 39781225
I'm running Server 2008 and have a mix of Windows 7 and Windows XP desktops
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39781230
ok then you can use GPP, the XP boxes will need the client side extensions

http://www.microsoft.com/en-us/download/details.aspx?id=3628

small reminder...xp support ends in 85 days.  You have time but not much.

Thanks


Mike
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:bsjj2727
ID: 39781239
Thanks for the help, but I would also like to try to script this so I don't have to go around installing this on my XP desktops when I'm in the process of removing them over the next 30 days.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39781241
ok I won't have time to write and test the script against XP machines in a domain.   Another expert will hopefully pick that up.

Thanks

Mike
0
 

Author Comment

by:bsjj2727
ID: 39781244
Thanks for the time Mike
0
 
LVL 5

Expert Comment

by:Jullez
ID: 39781304
Are you looking for a .bat like this?

use "*" /DELETE
 if ingroup("Domain Users")
 use x: "\\server_name\share_name"
 endif


Or

Map drive if user is *not* a member of a certain group (in this case, "Students"):

 If InGroup("Students") = 0
   Use R: "\\server\records"
EndIf


Using Select...EndSelect (stops processing on the first true Case) Select

   Case InGroup("Students")
      Use S: "\\server\student_storage"
   Case InGroup("Office")
      Use O: "\\server\office_docs"
      Use R: "\\server\records"
   Case InGroup("Teachers")
      Use O: "\\server\office_docs"
      Use S: "\\server\student_storage"
      Use T: "\\server\teaching_materials"
EndSelect

Using Boolean operators: If InGroup("Teachers") Or InGroup("Office") Or InGroup("PTA")
   Use G: "\\server\Grownup_Files"
EndIf

If InGroup("2013 Class") And InGroup("Honors")
   Use S: "\\server\smart_kids"
EndIf
0
 

Author Comment

by:bsjj2727
ID: 39781310
I have roughly 10 network shares and right now the current login script maps all drives even of the user doesn't have access, if the user tries to access a drive they don't hVe access too they'll get an access denied.  I want the login script to only map drives that the user has access too I'm in the process now of changing the security in all the shares based off of groups. So I figure the script will look and see of the user is in HR for example it will map the hr share, also all shares will have different letters also
0
 
LVL 5

Accepted Solution

by:
Jullez earned 500 total points
ID: 39781356
For the above example:
1.Get KiXtart
2.Put WKIX32.EXE in both the domain controller's NETLOGON share and %SystemRoot% of each machine.

You can also use a vbscript:

This script checks for finance, accounting, and IT group membership, then maps the corresponding R:, S:, or T: drive.

 Set objNetwork = CreateObject("WScript.Network")
 Set objUser = CreateObject("ADSystemInfo")
 Set objCurrentUser = GetObject("LDAP://" & objUser.UserName)
 strGroup = LCase(Join(objCurrentUser.MemberOf))

 If InStr(strGroup, lcase("Finance")) Then
 objNetwork.MapNetworkDrive "R:", "\\server\shared\finance"
 End If

 If InStr(strGroup, lcase("Accounting")) Then
 objNetwork.MapNetworkDrive "S:", "\\server\shared\accounting"
 End If

 If InStr(strGroup, lcase("IT")) Then
 objNetwork.MapNetworkDrive "T:", "\\server\shared\IT"
 End If

 You can add additional mapped drives by adding more If-Then statements.

Create vbscript, save in NETLOGON, add to your test gpo under User Configuration | Policies | Windows Settings | Scripts (Logon/Logoff) | Logon section .

Don't forget to apply the GPO on the OU you are testing and run GPupdate on the server.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39783901
To solve it, one can download and use ifmember.exe from Microsoft.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39783951
Aside from the fact I would use Group Policy preferences for mapping drives going forward if you want a slightly fancier script that will run on XP and VBS I have one here that gives an Internet Explorer page to give status as it goes along:

http://scripts.dragon-it.co.uk/links/vbscript-login-script

Otherwise use GPP for your Windows 7 machines and keep your XP ones in a different OU or OU structure and assign them the current batch script, or use VBScript or ifmember.exe like has been suggested until they have all gone.

Steve
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question