Solved

group policy to create network folder based on username

Posted on 2014-11-18
20
200 Views
Last Modified: 2016-10-10
I've been tasked with finding a way to globally track IM chats within ShoreTel communicator.  Enabling IM chat logging is fairly straight forward per this article.

https://support.shoretel.com/kb/view.php?id=kA0C0000000LHfoKAG

My problem is creating the gpo or batch file that will create a folder on a network share based on the username.  the folder will also need to match up with the registry keys that will be pushed out for every user.

It's either that or I have to manually create each folder for every user and push out individual registry changes for each of our 140 users.  Which does not sound fun.
0
Comment
Question by:Fveng
  • 10
  • 9
20 Comments
 
LVL 23

Expert Comment

by:NVIT
ID: 40450892
"...create a folder on a network share based on the username"
Do you need to do this? The web page shows what looks like each user will have a log based on their name. Or, are those usernames of the other chat party? If you need the separate folders, I've covered that in the logon SetIMLog.bat file.

Make SetIMLog.bat. SetIMLog.bat is called by the Logon GPO later. Note: If needed, fix the key. I couldn't see the text on the web page image:

REG QUERY "hkcu\software\shoreline telleworks\shoreware client" /v IMChatTranscriptDir
IF %errorlevel%==0 GOTO skip_reg_inport
reg.exe import \\server\registry_folder\regfile.reg

if not exist "\\server\SharedIMChatFolder\%USERNAME%\nul" MD "\\server\SharedIMChatFolder\%USERNAME%"

:skip_reg_inport

Open in new window


Export your first registry key - the one you entered manually in the shoreware Communicator - to a .reg file. It will be imported by the .bat file when users logon.

Edit the .reg file, changing the path of the .reg file to the shared folder. e.g. "\\server\SharedIMChatFolder". Each user needs read-write access to this folder.

Copy the .reg file to the same folder as SetIMLog.bat.

Edit the GPO to call SetIMLog.bat as follows:

User Configuration, Policies, Windows Settings, Scripts
Open Logon.
Add the SetIMLog.bat file.
0
 

Author Comment

by:Fveng
ID: 40451436
That would be great if each user had their own log file but it generates a log for each IM conversation.  So there would be thousands in there and it would be difficult to track.  Hence the need to point each user to their own specific folder to host their log files.  I've tested this on my on machine to verify.

I believe the reg key IMAlwaysSaveChatTranscript will also need to be called in the script.  I noticed that show up when I enabled IM logging on my machine. 1 enabled 0 not enabled.

With that added will this do what I'm looking for?
0
 
LVL 23

Expert Comment

by:NVIT
ID: 40451447
OK. The user folders is covered via:
if not exist "\\server\SharedIMChatFolder\%USERNAME%\nul" MD "\\server\SharedIMChatFolder\%USERNAME%"

Open in new window


IMAlwaysSaveChatTranscript
I assume this key is also under the "hkcu\software\shoreline telleworks\shoreware client". You can export the whole branch "hkcu\software\shoreline telleworks\shoreware client". It will export any keys under that registry branch. Then, you delete any irrelevant key.

Or, you can export individual keys. Then, combine them into one file.

I wanted to clarify my prior post. Regarding editing the .reg file. Make sure IMChatTranscriptDir points to your designated shared folder. e.g. "\\\\server\\SharedIMChatFolder\\%%UserName%%". Note the double %%

However, I don't know if ShoreTel will interpret this environment variable correctly. If not, you need another approach to get the reg key in there. Maybe something like:
REG ADD "hkcu\software\shoreline telleworks\shoreware client" /v IMChatTranscriptDir /t REG_SZ /d \\\\server\\SharedIMChatFolder\\%%UserName%%

Open in new window

0
 

Author Comment

by:Fveng
ID: 40451467
I'll give that a try tomorrow and update.  Thanks!
0
 
LVL 23

Expert Comment

by:NVIT
ID: 40451471
Edit: Two changes:

1. Path should be single \, not double \\:
REG ADD "hkcu\software\shoreline telleworks\shoreware client" /v IMChatTranscriptDir /t REG_SZ /d \\server\SharedIMChatFolder\%UserName%

Open in new window


2. Should be %UserName%, not %%UserName%%
0
 

Author Comment

by:Fveng
ID: 40457850
I did find out that the two registry keys below by default are not there and are only created when the box is checked and a save location is set within the options of IM client.
"IMAlwaysSaveChatTranscript"
"IMChatTranscriptDir"

By default this is unchecked so that key is not there by default.  Will this script just edit that key or will it create the keys if they are not there?
0
 
LVL 23

Expert Comment

by:NVIT
ID: 40457879
It will create the key. An existing key is overwritten.
0
 
LVL 23

Expert Comment

by:NVIT
ID: 40457895
BTW, if these are the only 2 keys you need, it's probably better (easier to understand) to use 2 similar lines to set them up instead of 1 for REG IMPORT and the other REG ADD.
0
 

Author Comment

by:Fveng
ID: 40457913
Ok this is what I have
Batch file
REG QUERY "hkcu\software\shoreline telleworks\shoreware client" /v IMChatTranscriptDir
IF %errorlevel%==0 GOTO skip_reg_inport
reg.exe import S:\Group\IT\shoretel\IM\gpo\imdirectory.reg

if not exist "S:\Group\IT\shoretel\IM\logs\%USERNAME%\nul" MD "S:\Group\IT\shoretel\IM\logs\%USERNAME%"

:skip_reg_inport

Open in new window


reg export
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Shoreline Teleworks\ShoreWare Client]
"IMAlwaysSaveChatTranscript"=dword:00000001
"IMChatTranscriptDir"="S:\Group\IT\shoretel\IM\logs\%username%"

Open in new window

0
 
LVL 23

Accepted Solution

by:
NVIT earned 500 total points
ID: 40457983
New Version. I assume you're adding just these 2 keys. So, this just uses REG ADD, to keep it simpler.
Be sure to test this before posting it for everyone to use.
REG QUERY "hkcu\software\Shoreline Teleworks\ShoreWare Client" /v IMChatTranscriptDir
IF %errorlevel%==0 GOTO skip_reg_import
REG ADD "hkcu\software\Shoreline Teleworks\ShoreWare Client" /v IMChatTranscriptDir /t REG_SZ /d S:\Group\IT\shoretel\IM\logs\%USERNAME% /f
REG ADD "hkcu\software\Shoreline Teleworks\ShoreWare Client" /v IMAlwaysSaveChatTranscript /t REG_DWORD /d 1 /f

if not exist "S:\Group\IT\shoretel\IM\logs\%USERNAME%\nul" MD "S:\Group\IT\shoretel\IM\logs\%USERNAME%"

:skip_reg_import

Open in new window

0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 

Author Comment

by:Fveng
ID: 40458002
Yes..just those two keys are added if they aren't there.  If they are there they should be edited to point to the new location on the network share.  

I'll test this out on a small group and keep you posted.  Thanks!
0
 

Author Comment

by:Fveng
ID: 40458101
added to group policy and assigned it to a small test group which includes myself.  Ran gpupdate on server and my machine.  Rebooted and logged on.  It didn't create those folders or edit the registry keys.

I then tried just running that batch file and a command window popped up and closed as it should.  The folders it was supposed to create in the batch did not get created and the keys did not get edited.

on my machine those keys are already there as I did some testing on it earlier.  but the value for IMAlwaysSaveChatTranscript is 00000000 and IMChatTranscriptDir is blank.  is the batch skipping the reg inport as the keys are there already?
0
 
LVL 23

Expert Comment

by:NVIT
ID: 40458119
You're correct. It's skipping because it exists. Remove that line.

For the MD line, can you manually run that line?

Try running the bat file again. This time:
1. Open CMD prompt
2. Run bat file.
Note: First, disable any @echo off in you .bat file

For the reg keys, using regedit, can you manually create a key in that branch?
0
 

Author Comment

by:Fveng
ID: 40458140
It actually does work.  I tried it with a different user and had them login, maps the directory per username and edits the registry key.

It seems like it doesn't work if you have those keys are already in place.

Now is there a way to set permissions on this folder so it can be written to but not read?  I don't want someone poking around and navigating to the logs folder and reading everyones IM chats. I can edit those permissions and test.
0
 

Author Comment

by:Fveng
ID: 40458165
Just an updated...I deleted those two keys on my machine and manually ran that batch file and it worked.  So it is skipping the script if the key is there.
0
 
LVL 23

Expert Comment

by:NVIT
ID: 40458188
Glad it's working.
It's skipping because it exists. Remove that line. You want to force it anyway.

Regarding the permissions, I haven't tested this, or know if this is the best way, but... http://community.spiceworks.com/scripts/show/2522-windows-user-share-exclusive-access
I think this is run by the admin. Again, be sure to test first.
0
 

Author Closing Comment

by:Fveng
ID: 40458296
Perfect answer and very quick.  Thanks a lot this was a huge help!
0
 

Author Comment

by:Fveng
ID: 40462342
Sorry, quick follow up question.  In regards to the script not running if the key already exists, when you say "remove that line" do you mean this....
IF %errorlevel%==0 GOTO skip_reg_import
0
 
LVL 23

Expert Comment

by:NVIT
ID: 40462675
Yes. Doing so will always run the remaining lines.
0
 

Expert Comment

by:MGM
ID: 41837048
This article helped me out a lot.  After getting it set up I decided I didn't want to map a drive for all users they wouldn't have access to, so I'm using UNC filenames instead.

I've simplified the Logon script submitted by NVIT to make it a lot simpler:

if not exist "\\[ServerName]\Chat Logs\%USERNAME%\nul" MD "\\[ServerName]\Chat Logs\%USERNAME%"
		
REG ADD "hkcu\software\Shoreline Teleworks\ShoreWare Client" /v IMChatTranscriptDir /t REG_SZ /d "\\[ServerName]fileserver\Chat Logs\%USERNAME%" /f
		
REG ADD "hkcu\software\Shoreline Teleworks\ShoreWare Client" /v IMAlwaysSaveChatTranscript /t REG_DWORD /d 1 /f

Open in new window


-This script first checks to see if the user has a folder inside the network share.  If not, one is created.
-Next, it adds the key (if it doesn't exist) IMChatTranscriptDir and sets the value for  Key to "\\[ServerName]fileserver\Chat Logs\%USERNAME%".  If the user changes it, it will set it back to this next time they log on.
-Next, it checks the box to save the chat transcripts.

I asked ShoreTel about locking Communicator settings to prevent users from changing them and received this response, "Because the settings within Communicator are on a client to client basis and require local admin permissions to function, there is no way to prevent the users from changing them within the Communicator after logging in."  If you want to prevent them from changing the settings, you'll have to figure out another way.

Good luck!
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Introduction: Recently, I got a requirement to zip all files individually with batch file script in Windows OS. I don't know much about scripting, but I searched Google and found a lot of examples and websites to complete my task. Finally, I was ab…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now