group policy to create network folder based on username

I've been tasked with finding a way to globally track IM chats within ShoreTel communicator.  Enabling IM chat logging is fairly straight forward per this article.

My problem is creating the gpo or batch file that will create a folder on a network share based on the username.  the folder will also need to match up with the registry keys that will be pushed out for every user.

It's either that or I have to manually create each folder for every user and push out individual registry changes for each of our 140 users.  Which does not sound fun.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NVITEnd-user supportCommented:
"...create a folder on a network share based on the username"
Do you need to do this? The web page shows what looks like each user will have a log based on their name. Or, are those usernames of the other chat party? If you need the separate folders, I've covered that in the logon SetIMLog.bat file.

Make SetIMLog.bat. SetIMLog.bat is called by the Logon GPO later. Note: If needed, fix the key. I couldn't see the text on the web page image:

REG QUERY "hkcu\software\shoreline telleworks\shoreware client" /v IMChatTranscriptDir
IF %errorlevel%==0 GOTO skip_reg_inport
reg.exe import \\server\registry_folder\regfile.reg

if not exist "\\server\SharedIMChatFolder\%USERNAME%\nul" MD "\\server\SharedIMChatFolder\%USERNAME%"


Open in new window

Export your first registry key - the one you entered manually in the shoreware Communicator - to a .reg file. It will be imported by the .bat file when users logon.

Edit the .reg file, changing the path of the .reg file to the shared folder. e.g. "\\server\SharedIMChatFolder". Each user needs read-write access to this folder.

Copy the .reg file to the same folder as SetIMLog.bat.

Edit the GPO to call SetIMLog.bat as follows:

User Configuration, Policies, Windows Settings, Scripts
Open Logon.
Add the SetIMLog.bat file.
FvengAuthor Commented:
That would be great if each user had their own log file but it generates a log for each IM conversation.  So there would be thousands in there and it would be difficult to track.  Hence the need to point each user to their own specific folder to host their log files.  I've tested this on my on machine to verify.

I believe the reg key IMAlwaysSaveChatTranscript will also need to be called in the script.  I noticed that show up when I enabled IM logging on my machine. 1 enabled 0 not enabled.

With that added will this do what I'm looking for?
NVITEnd-user supportCommented:
OK. The user folders is covered via:
if not exist "\\server\SharedIMChatFolder\%USERNAME%\nul" MD "\\server\SharedIMChatFolder\%USERNAME%"

Open in new window

I assume this key is also under the "hkcu\software\shoreline telleworks\shoreware client". You can export the whole branch "hkcu\software\shoreline telleworks\shoreware client". It will export any keys under that registry branch. Then, you delete any irrelevant key.

Or, you can export individual keys. Then, combine them into one file.

I wanted to clarify my prior post. Regarding editing the .reg file. Make sure IMChatTranscriptDir points to your designated shared folder. e.g. "\\\\server\\SharedIMChatFolder\\%%UserName%%". Note the double %%

However, I don't know if ShoreTel will interpret this environment variable correctly. If not, you need another approach to get the reg key in there. Maybe something like:
REG ADD "hkcu\software\shoreline telleworks\shoreware client" /v IMChatTranscriptDir /t REG_SZ /d \\\\server\\SharedIMChatFolder\\%%UserName%%

Open in new window

Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

FvengAuthor Commented:
I'll give that a try tomorrow and update.  Thanks!
NVITEnd-user supportCommented:
Edit: Two changes:

1. Path should be single \, not double \\:
REG ADD "hkcu\software\shoreline telleworks\shoreware client" /v IMChatTranscriptDir /t REG_SZ /d \\server\SharedIMChatFolder\%UserName%

Open in new window

2. Should be %UserName%, not %%UserName%%
FvengAuthor Commented:
I did find out that the two registry keys below by default are not there and are only created when the box is checked and a save location is set within the options of IM client.

By default this is unchecked so that key is not there by default.  Will this script just edit that key or will it create the keys if they are not there?
NVITEnd-user supportCommented:
It will create the key. An existing key is overwritten.
NVITEnd-user supportCommented:
BTW, if these are the only 2 keys you need, it's probably better (easier to understand) to use 2 similar lines to set them up instead of 1 for REG IMPORT and the other REG ADD.
FvengAuthor Commented:
Ok this is what I have
Batch file
REG QUERY "hkcu\software\shoreline telleworks\shoreware client" /v IMChatTranscriptDir
IF %errorlevel%==0 GOTO skip_reg_inport
reg.exe import S:\Group\IT\shoretel\IM\gpo\imdirectory.reg

if not exist "S:\Group\IT\shoretel\IM\logs\%USERNAME%\nul" MD "S:\Group\IT\shoretel\IM\logs\%USERNAME%"


Open in new window

reg export
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Shoreline Teleworks\ShoreWare Client]

Open in new window

NVITEnd-user supportCommented:
New Version. I assume you're adding just these 2 keys. So, this just uses REG ADD, to keep it simpler.
Be sure to test this before posting it for everyone to use.
REG QUERY "hkcu\software\Shoreline Teleworks\ShoreWare Client" /v IMChatTranscriptDir
IF %errorlevel%==0 GOTO skip_reg_import
REG ADD "hkcu\software\Shoreline Teleworks\ShoreWare Client" /v IMChatTranscriptDir /t REG_SZ /d S:\Group\IT\shoretel\IM\logs\%USERNAME% /f
REG ADD "hkcu\software\Shoreline Teleworks\ShoreWare Client" /v IMAlwaysSaveChatTranscript /t REG_DWORD /d 1 /f

if not exist "S:\Group\IT\shoretel\IM\logs\%USERNAME%\nul" MD "S:\Group\IT\shoretel\IM\logs\%USERNAME%"


Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FvengAuthor Commented:
Yes..just those two keys are added if they aren't there.  If they are there they should be edited to point to the new location on the network share.  

I'll test this out on a small group and keep you posted.  Thanks!
FvengAuthor Commented:
added to group policy and assigned it to a small test group which includes myself.  Ran gpupdate on server and my machine.  Rebooted and logged on.  It didn't create those folders or edit the registry keys.

I then tried just running that batch file and a command window popped up and closed as it should.  The folders it was supposed to create in the batch did not get created and the keys did not get edited.

on my machine those keys are already there as I did some testing on it earlier.  but the value for IMAlwaysSaveChatTranscript is 00000000 and IMChatTranscriptDir is blank.  is the batch skipping the reg inport as the keys are there already?
NVITEnd-user supportCommented:
You're correct. It's skipping because it exists. Remove that line.

For the MD line, can you manually run that line?

Try running the bat file again. This time:
1. Open CMD prompt
2. Run bat file.
Note: First, disable any @echo off in you .bat file

For the reg keys, using regedit, can you manually create a key in that branch?
FvengAuthor Commented:
It actually does work.  I tried it with a different user and had them login, maps the directory per username and edits the registry key.

It seems like it doesn't work if you have those keys are already in place.

Now is there a way to set permissions on this folder so it can be written to but not read?  I don't want someone poking around and navigating to the logs folder and reading everyones IM chats. I can edit those permissions and test.
FvengAuthor Commented:
Just an updated...I deleted those two keys on my machine and manually ran that batch file and it worked.  So it is skipping the script if the key is there.
NVITEnd-user supportCommented:
Glad it's working.
It's skipping because it exists. Remove that line. You want to force it anyway.

Regarding the permissions, I haven't tested this, or know if this is the best way, but...
I think this is run by the admin. Again, be sure to test first.
FvengAuthor Commented:
Perfect answer and very quick.  Thanks a lot this was a huge help!
FvengAuthor Commented:
Sorry, quick follow up question.  In regards to the script not running if the key already exists, when you say "remove that line" do you mean this....
IF %errorlevel%==0 GOTO skip_reg_import
NVITEnd-user supportCommented:
Yes. Doing so will always run the remaining lines.
This article helped me out a lot.  After getting it set up I decided I didn't want to map a drive for all users they wouldn't have access to, so I'm using UNC filenames instead.

I've simplified the Logon script submitted by NVIT to make it a lot simpler:

if not exist "\\[ServerName]\Chat Logs\%USERNAME%\nul" MD "\\[ServerName]\Chat Logs\%USERNAME%"
REG ADD "hkcu\software\Shoreline Teleworks\ShoreWare Client" /v IMChatTranscriptDir /t REG_SZ /d "\\[ServerName]fileserver\Chat Logs\%USERNAME%" /f
REG ADD "hkcu\software\Shoreline Teleworks\ShoreWare Client" /v IMAlwaysSaveChatTranscript /t REG_DWORD /d 1 /f

Open in new window

-This script first checks to see if the user has a folder inside the network share.  If not, one is created.
-Next, it adds the key (if it doesn't exist) IMChatTranscriptDir and sets the value for  Key to "\\[ServerName]fileserver\Chat Logs\%USERNAME%".  If the user changes it, it will set it back to this next time they log on.
-Next, it checks the box to save the chat transcripts.

I asked ShoreTel about locking Communicator settings to prevent users from changing them and received this response, "Because the settings within Communicator are on a client to client basis and require local admin permissions to function, there is no way to prevent the users from changing them within the Communicator after logging in."  If you want to prevent them from changing the settings, you'll have to figure out another way.

Good luck!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.