Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Deploy a logon script via gpo?

Status
Not open for further replies.

trojanman

IS-IT--Management
Jun 14, 2006
280
US
Ive created a shared folder on the member server \\FSHARE that I would like to have the users of the \\FSG domain automatically connect to via a logon script. The \\FSG domain users do not have local accounts on \\FSHARE. The script I have created below doesnt work because of a lack of a password, what can I do to fix this? Is it possible to setup some kind of trust on \\FSHARE's local secpol using the script??

net use M: \\FSHARE\Imaging /persistent:YES
 
One way to go about it is to create a security group in Active Directory and add all the users in which you want to give access to this share.

Go to the server that hosts the shared folder. Right-click the share and choose Properties. On the security tab, add the security group you created to the list of users that have access. The share permission under that share tab should have the Everyone group already applied with READ permissions. Add your new security group to the share permissions and give them the respective permission. In this case, you could probably give the group FULL permissions, as the granular NTFS permission will derive from whatever you have set under the security tab.

I hope you find this post helpful,

Jonathan Almquist
Minneapolis, MN
 
I cant browse to the security group because the containing object is the file server itself and cant be changed. I know why, its because the file server logs on to a workgroup, not a domain. For security reasons the previous Admin set this up and I dont think they want me to change it.
 
Ive created a shared folder on the [red]member server [/red]

Please be more specific in the future, your original post gave inaccurate and pertinent information.

A standalone server will not process a domain GPO. It can process a local policy, but that will only happen if your users are logging into the server directly and not just accessing resources on it.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
I was specific, it was a typo, I meant to say file not member.
 
Using vbscript, you can do the following:

Set objNetwork = Wscript.CreateObject("WScript.Network")
objNetwork.MapNetworkDrive "J:", "\\servername\sharename", "False", "username", "password"


The main issue is that the username and password is written in plain text, so it's not a secure way of doing things.

Your best bet, imo, would be to try to get permission to join the server to the domain. If they are worried about security, just lock it down and ensure access is only available to the proper users.

---------------------------------------
Bob Beck
Systems Administrator
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top