Help with markdmac's Enterprise Ready Login Scripts

[MISNole]

I found this site through a Google search and markdmac's Login script seems to fit almost exactly what I am looking for. I did modify it a little to get rid of somethings I don't need.

A little background on the situation:
We have a domain called "CompanyA". In this domain, I created a new OU called "TestUsers" where I placed a test user named "Bob Villa" and also placed the test computer in this OU. I did make BVilla member of the Recruiting and Purchasing groups for testing purposes.

Our file storage server is "ServerA". The files are located on the Data (E drive, with shared folders named "Users" and "Departments".

But instead of linking the GPO to the entire domain, I linked this particular login script to the TestUsers OU only. Perhaps this is my error?

I'm going to paste the modified script below, but when I login to the domain with this particular account, no drives are being mapped and I find no errors in the Event Viewer.

Any ideas?

'==========================================================================
'
' NAME: LogonScript.vbs
'
' AUTHOR: Mark D. MacLachlan, The Spider's Parlor
' URL :

http://www.thespidersparlor.com

' Copyright (c) 2003-2010
' DATE : 4/10/2003
'
' COMMENT: Enumerates current users' group memberships in given domain.
' Maps and disconnects drives and printers
'
'==========================================================================


ON ERROR RESUME NEXT

Dim WSHShell, WSHNetwork, objDomain, DomainString, UserString, UserObj, Path


Set WSHShell = CreateObject("WScript.Shell")
Set WSHNetwork = CreateObject("WScript.Network")
'Automatically grab the user's domain name
DomainString = Wshnetwork.UserDomain
'Find the Windows Directory
WinDir = WshShell.ExpandEnvironmentStrings("%WinDir%")

'Grab the user name
UserString = WSHNetwork.UserName
'Bind to the user object to get user name and check for group memberships later
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

'Grab the computer name for use in add-on code later
strComputer = WSHNetwork.ComputerName

'Disconnect ALL mapped drives
Set clDrives = WshNetwork.EnumNetworkDrives
For i = 0 to clDrives.Count -1 Step 2
WSHNetwork.RemoveNetworkDrive clDrives.Item(i), True, True
Next

'Give the PC time to do the disconnect, wait 300 milliseconds
wscript.sleep 300

'Map drives needed by all
'Note the first command uses the user name as a variable to map to a user share.
'Note alternate mapping code in Add-In section that allows
'friendly renaming of drive mappings

WSHNetwork.MapNetworkDrive "U:", "\\Renegade\Users\" & UserString,True

'Now check for group memberships and map appropriate drives
'Note that this checks Global Groups and not domain local groups.
For Each GroupObj In UserObj.Groups
'Force upper case comparison of the group names, otherwise this is case sensitive.
Select Case UCase(GroupObj.Name)
'Check for group memberships and take needed action
'In this example below, ADMIN and WORKERB are groups.
'Note the use of all upper case letters as mentioned above.
'Note also that the groups must be Global Groups.
Case "Purchasing"
WSHNetwork.MapNetworkDrive "R:", "\\Renegade\Departments\Recruiting",True
Case "Recruiting"
WSHNetwork.MapNetworkDrive "P:", "\\Renegade\Departments\Purchasing",True
End Select
Next


'Clean Up Memory We Used
set UserObj = Nothing
set GroupObj = Nothing
set WSHNetwork = Nothing
set DomainString = Nothing
set WSHSHell = Nothing
Set WSHPrinters = Nothing


'Quit the Script
wscript.quit

 

[Geates]

Your select case is comparing UCASE(objGroup.Name) to non UCASE values. Modify the case's

case [red]"PURCHASING"[/red] :
case [red]"RECRUITING"[/red] :

Also, Purchasing group is mapping to the Recruting drive and vice-vera. Might wan to fix that

-Geates

 

[GrimR]

You might also want to comment out ON ERROR RESUME NEXT so you can see errors if they do occur.


MCITP:EA/SA, MCSE, MCSA, MCDBA, MCTS, MCP+I, MCP

 

[MISNole]

Thanks for the responses and sorry for the delayed response. I made the changes Geates and GrimR suggested, but I'm still gettting no mapped drives and no errors.

What else could I look for to see why nothing seems to be happening?

 

[TheKidd]

The script looks fine to me as long as you did what Geates and GrimR suggested.

 

[TheKidd]

You can also try using gpresult to see what's going on with your GPO's. You can use the command line or Group Policy Management for gp results.

 

[markdmac]

Hi there guys, sorry I have been gone for so long.

Are you still having problems with the drive mappings?

My first question for you would be what OS are you testing this on? If Vista or Windows 7 there are some security "features" that can bite you. If XP then there really should not be an issue. Let's dive into the security settings of your GPO. You applied the GPO to an OU, that is fine as long as the user ID is also in that OU. Open your GPO and edit it. Right click the top most part of the tree on the left. Choose Properties. Choose the Security tab. Select Authenticated Users, scroll down in the permissions list slightly to check the Apply GPO setting and verify that you have selected to APPLY the GPO. Make sure that you do not have DENY chosen anywhere since that will override.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[MISNole]

Thanks for all of the responses. I did verify that Authenticated Users were set to Apply GPO settings and no Deny option was chosen.

I am running XP SP2 and Server 2003. I have placed both the test user and test computer in this particular OU.

When I am back on the server, I ran the resultant set of policy wizard on this particular OU and on the results, I checked under Computer Configuration --> Windows Settings --> Scripts --> Startup and the login.vbs script was not listed.

Maybe this is the issue?

Thanks for the help,

 

[markdmac]

Sounds like you may have implemented in the wrong spot in the policy. This is a logon script, so it has to go under

User Configuration
Windows Settings
Scripts
Logon

Click show files, paste the script in there. Close that window. Now click Add and select the script you just added. Click OK and close out the policy. Now test logon again.

If you just want to validate that the script code works and that you have an issue with Group Policy implementation, just copy the script to a workstation and double click it.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[MISNole]

Ok, I validated the script and it does work. So the issue is linking it and implementing it to the correct OU.

I am going to attach an image with a screen shot of what I am done. For the life of me, I swear I've followed your instructions.

I right clicked on the OU created a new GPO named Login. Then I right clicked on Login and chose edit. then I went to User Configuration --> Windows Settings --> Scripts and chose Logon. Double clicked and it picked Show Files and copied the "loginscript.vbs" into this folder. Closed the window and hit OK. Went to the test computer and logged in as the test user, but no mapped drives appeared.

Any ideas?

Thanks,

http://scbcinfo.org/images/mappingdrives.jpg

 

[markdmac]

Sounds like you missed one step. After you pasted the script into the GPO, you still need to add it so it shows up in the list.

You can see this in the screen shot of the window that says Logon Properties. You need to click ADD and then select the script that you pasted in the previous step.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[MISNole]

Ok, I've gone back and included adding it as well but did not include any parameters. Still nothing however.

Any other ideas? Seems like it's so close, but I can't find anything else wrong from what you guys have told me to do.

 

[TheKidd]

Did you try gpupdate? Also, what do you get from GPResults?

 

[markdmac]

After adding the script to the GPO it will take about 15 minutes to replicate. You can speed that up by running GPUPDATE /FORCE on the client side, then log out and back in.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[MISNole]

Ok, it is working now. Guess maybe it took a little time to push out the group policy. But I have restarted the test PC twice and logged off and on the network two more times and everytime it maps the drives.

Thanks for all of your help.

 

[markdmac]

You are welcome.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[MISNole]

Not sure if I should create a new thread or ask in this one, but how would change the directory of My Documents to the U:\ drive that is created for each user?

 

[markdmac]

Use the policy for that:

http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[MISNole]

Thanks again Mark. That is a simple fix and was able to almost get it to where we want it. But instead of making the U:\ drive itself the "My Documents" folder, it is creating a directory of "username's Document's" within the U:\ drive.

Would there be a way to change this (if I made sense)?

 

[markdmac]

That is the way the policy works on the redirection. You might however be able to tweak the local desktop icon further.

Path = "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal"
WSHShell.RegWrite Path, "U:\My Documents","REG_SZ"

I grabbed the path on my system which is running Windows 7 x64, so please validate that path in your environment if you are using an older OS.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.