group policy to create network folder based on username

"...create a folder on a network share based on the username"
Do you need to do this? The web page shows what looks like each user will have a log based on their name. Or, are those usernames of the other chat party? If you need the separate folders, I've covered that in the logon SetIMLog.bat file.

Make SetIMLog.bat. SetIMLog.bat is called by the Logon GPO later. Note: If needed, fix the key. I couldn't see the text on the web page image:

REG QUERY "hkcu\software\shoreline telleworks\shoreware client" /v IMChatTranscriptDir
IF %errorlevel%==0 GOTO skip_reg_inport
reg.exe import \\server\registry_folder\regfile.reg

if not exist "\\server\SharedIMChatFolder\%USERNAME%\nul" MD "\\server\SharedIMChatFolder\%USERNAME%"

:skip_reg_inport

Select allOpen in new window

Export your first registry key - the one you entered manually in the shoreware Communicator - to a .reg file. It will be imported by the .bat file when users logon.

Edit the .reg file, changing the path of the .reg file to the shared folder. e.g. "\\server\SharedIMChatFolder". Each user needs read-write access to this folder.

Copy the .reg file to the same folder as SetIMLog.bat.

Edit the GPO to call SetIMLog.bat as follows:

User Configuration, Policies, Windows Settings, Scripts
Open Logon.
Add the SetIMLog.bat file.

That would be great if each user had their own log file but it generates a log for each IM conversation.  So there would be thousands in there and it would be difficult to track.  Hence the need to point each user to their own specific folder to host their log files.  I've tested this on my on machine to verify.

I believe the reg key IMAlwaysSaveChatTranscript will also need to be called in the script.  I noticed that show up when I enabled IM logging on my machine. 1 enabled 0 not enabled.

With that added will this do what I'm looking for?

OK. The user folders is covered via:

if not exist "\\server\SharedIMChatFolder\%USERNAME%\nul" MD "\\server\SharedIMChatFolder\%USERNAME%"

Select allOpen in new window

IMAlwaysSaveChatTranscript
I assume this key is also under the "hkcu\software\shoreline telleworks\shoreware client". You can export the whole branch "hkcu\software\shoreline telleworks\shoreware client". It will export any keys under that registry branch. Then, you delete any irrelevant key.

Or, you can export individual keys. Then, combine them into one file.

I wanted to clarify my prior post. Regarding editing the .reg file. Make sure IMChatTranscriptDir points to your designated shared folder. e.g. "\\\\server\\SharedIMChatFolder\\%%UserName%%". Note the double %%

However, I don't know if ShoreTel will interpret this environment variable correctly. If not, you need another approach to get the reg key in there. Maybe something like:

REG ADD "hkcu\software\shoreline telleworks\shoreware client" /v IMChatTranscriptDir /t REG_SZ /d \\\\server\\SharedIMChatFolder\\%%UserName%%

Select allOpen in new window

I'll give that a try tomorrow and update.  Thanks!

Edit: Two changes:

1. Path should be single \, not double \\:

REG ADD "hkcu\software\shoreline telleworks\shoreware client" /v IMChatTranscriptDir /t REG_SZ /d \\server\SharedIMChatFolder\%UserName%

Select allOpen in new window

2. Should be %UserName%, not %%UserName%%

I did find out that the two registry keys below by default are not there and are only created when the box is checked and a save location is set within the options of IM client.
"IMAlwaysSaveChatTranscript"
"IMChatTranscriptDir"

By default this is unchecked so that key is not there by default.  Will this script just edit that key or will it create the keys if they are not there?

It will create the key. An existing key is overwritten.

BTW, if these are the only 2 keys you need, it's probably better (easier to understand) to use 2 similar lines to set them up instead of 1 for REG IMPORT and the other REG ADD.

Ok this is what I have
Batch file

REG QUERY "hkcu\software\shoreline telleworks\shoreware client" /v IMChatTranscriptDir
IF %errorlevel%==0 GOTO skip_reg_inport
reg.exe import S:\Group\IT\shoretel\IM\gpo\imdirectory.reg

if not exist "S:\Group\IT\shoretel\IM\logs\%USERNAME%\nul" MD "S:\Group\IT\shoretel\IM\logs\%USERNAME%"

:skip_reg_inport

Select allOpen in new window

reg export

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Shoreline Teleworks\ShoreWare Client]
"IMAlwaysSaveChatTranscript"=dword:00000001
"IMChatTranscriptDir"="S:\Group\IT\shoretel\IM\logs\%username%"

Select allOpen in new window

Yes..just those two keys are added if they aren't there.  If they are there they should be edited to point to the new location on the network share.  

I'll test this out on a small group and keep you posted.  Thanks!

added to group policy and assigned it to a small test group which includes myself.  Ran gpupdate on server and my machine.  Rebooted and logged on.  It didn't create those folders or edit the registry keys.

I then tried just running that batch file and a command window popped up and closed as it should.  The folders it was supposed to create in the batch did not get created and the keys did not get edited.

on my machine those keys are already there as I did some testing on it earlier.  but the value for IMAlwaysSaveChatTranscript is 00000000 and IMChatTranscriptDir is blank.  is the batch skipping the reg inport as the keys are there already?

You're correct. It's skipping because it exists. Remove that line.

For the MD line, can you manually run that line?

Try running the bat file again. This time:
1. Open CMD prompt
2. Run bat file.
Note: First, disable any @echo off in you .bat file

For the reg keys, using regedit, can you manually create a key in that branch?

It actually does work.  I tried it with a different user and had them login, maps the directory per username and edits the registry key.

It seems like it doesn't work if you have those keys are already in place.

Now is there a way to set permissions on this folder so it can be written to but not read?  I don't want someone poking around and navigating to the logs folder and reading everyones IM chats. I can edit those permissions and test.

Just an updated...I deleted those two keys on my machine and manually ran that batch file and it worked.  So it is skipping the script if the key is there.

Glad it's working.
It's skipping because it exists. Remove that line. You want to force it anyway.

Regarding the permissions, I haven't tested this, or know if this is the best way, but... http://community.spiceworks.com/scripts/show/2522-windows-user-share-exclusive-access
I think this is run by the admin. Again, be sure to test first.

Perfect answer and very quick.  Thanks a lot this was a huge help!

Sorry, quick follow up question.  In regards to the script not running if the key already exists, when you say "remove that line" do you mean this....
IF %errorlevel%==0 GOTO skip_reg_import

Yes. Doing so will always run the remaining lines.

This article helped me out a lot.  After getting it set up I decided I didn't want to map a drive for all users they wouldn't have access to, so I'm using UNC filenames instead.

I've simplified the Logon script submitted by NVIT to make it a lot simpler:

if not exist "\\[ServerName]\Chat Logs\%USERNAME%\nul" MD "\\[ServerName]\Chat Logs\%USERNAME%"
		
REG ADD "hkcu\software\Shoreline Teleworks\ShoreWare Client" /v IMChatTranscriptDir /t REG_SZ /d "\\[ServerName]fileserver\Chat Logs\%USERNAME%" /f
		
REG ADD "hkcu\software\Shoreline Teleworks\ShoreWare Client" /v IMAlwaysSaveChatTranscript /t REG_DWORD /d 1 /f

Select allOpen in new window

-This script first checks to see if the user has a folder inside the network share.  If not, one is created.
-Next, it adds the key (if it doesn't exist) IMChatTranscriptDir and sets the value for  Key to "\\[ServerName]fileserver\Chat Logs\%USERNAME%".  If the user changes it, it will set it back to this next time they log on.
-Next, it checks the box to save the chat transcripts.

I asked ShoreTel about locking Communicator settings to prevent users from changing them and received this response, "Because the settings within Communicator are on a client to client basis and require local admin permissions to function, there is no way to prevent the users from changing them within the Communicator after logging in."  If you want to prevent them from changing the settings, you'll have to figure out another way.

Good luck!