?
Solved

Login Script to map drives based on group membership

Posted on 2014-01-14
11
Medium Priority
?
8,334 Views
Last Modified: 2014-01-27
I'm looking to map drives based upon group memberships.  I had a scr file I was using at a previous work place to accomplish this.  I would just copy and paste a previous entry and update the group name and unc path to the share.  Would someone have a sample file they could post to me that I could just edit the group name and unc path to fit my network?
0
Comment
Question by:bsjj2727
  • 4
  • 3
  • 2
  • +2
11 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39781222
What OS are you running on the desktop/server.  The reason I ask is because you can use group policy preferences to do this an eliminate the need for the login scripts.  More on that here

https://blogs.technet.com/b/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspx

Thanks

Mike
0
 

Author Comment

by:bsjj2727
ID: 39781225
I'm running Server 2008 and have a mix of Windows 7 and Windows XP desktops
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39781230
ok then you can use GPP, the XP boxes will need the client side extensions

http://www.microsoft.com/en-us/download/details.aspx?id=3628

small reminder...xp support ends in 85 days.  You have time but not much.

Thanks


Mike
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 

Author Comment

by:bsjj2727
ID: 39781239
Thanks for the help, but I would also like to try to script this so I don't have to go around installing this on my XP desktops when I'm in the process of removing them over the next 30 days.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39781241
ok I won't have time to write and test the script against XP machines in a domain.   Another expert will hopefully pick that up.

Thanks

Mike
0
 

Author Comment

by:bsjj2727
ID: 39781244
Thanks for the time Mike
0
 
LVL 5

Expert Comment

by:Jullez
ID: 39781304
Are you looking for a .bat like this?

use "*" /DELETE
 if ingroup("Domain Users")
 use x: "\\server_name\share_name"
 endif


Or

Map drive if user is *not* a member of a certain group (in this case, "Students"):

 If InGroup("Students") = 0
   Use R: "\\server\records"
EndIf


Using Select...EndSelect (stops processing on the first true Case) Select

   Case InGroup("Students")
      Use S: "\\server\student_storage"
   Case InGroup("Office")
      Use O: "\\server\office_docs"
      Use R: "\\server\records"
   Case InGroup("Teachers")
      Use O: "\\server\office_docs"
      Use S: "\\server\student_storage"
      Use T: "\\server\teaching_materials"
EndSelect

Using Boolean operators: If InGroup("Teachers") Or InGroup("Office") Or InGroup("PTA")
   Use G: "\\server\Grownup_Files"
EndIf

If InGroup("2013 Class") And InGroup("Honors")
   Use S: "\\server\smart_kids"
EndIf
0
 

Author Comment

by:bsjj2727
ID: 39781310
I have roughly 10 network shares and right now the current login script maps all drives even of the user doesn't have access, if the user tries to access a drive they don't hVe access too they'll get an access denied.  I want the login script to only map drives that the user has access too I'm in the process now of changing the security in all the shares based off of groups. So I figure the script will look and see of the user is in HR for example it will map the hr share, also all shares will have different letters also
0
 
LVL 5

Accepted Solution

by:
Jullez earned 2000 total points
ID: 39781356
For the above example:
1.Get KiXtart
2.Put WKIX32.EXE in both the domain controller's NETLOGON share and %SystemRoot% of each machine.

You can also use a vbscript:

This script checks for finance, accounting, and IT group membership, then maps the corresponding R:, S:, or T: drive.

 Set objNetwork = CreateObject("WScript.Network")
 Set objUser = CreateObject("ADSystemInfo")
 Set objCurrentUser = GetObject("LDAP://" & objUser.UserName)
 strGroup = LCase(Join(objCurrentUser.MemberOf))

 If InStr(strGroup, lcase("Finance")) Then
 objNetwork.MapNetworkDrive "R:", "\\server\shared\finance"
 End If

 If InStr(strGroup, lcase("Accounting")) Then
 objNetwork.MapNetworkDrive "S:", "\\server\shared\accounting"
 End If

 If InStr(strGroup, lcase("IT")) Then
 objNetwork.MapNetworkDrive "T:", "\\server\shared\IT"
 End If

 You can add additional mapped drives by adding more If-Then statements.

Create vbscript, save in NETLOGON, add to your test gpo under User Configuration | Policies | Windows Settings | Scripts (Logon/Logoff) | Logon section .

Don't forget to apply the GPO on the OU you are testing and run GPupdate on the server.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 39783901
To solve it, one can download and use ifmember.exe from Microsoft.
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39783951
Aside from the fact I would use Group Policy preferences for mapping drives going forward if you want a slightly fancier script that will run on XP and VBS I have one here that gives an Internet Explorer page to give status as it goes along:

http://scripts.dragon-it.co.uk/links/vbscript-login-script

Otherwise use GPP for your Windows 7 machines and keep your XP ones in a different OU or OU structure and assign them the current batch script, or use VBScript or ifmember.exe like has been suggested until they have all gone.

Steve
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question