Simple version: Is there a utility similar to IFMEMBER to check a computer's membership in a group? IFMEMBER only checks the user's memberships.
Complex version: IFMEMBER.EXE is a MS tool for checking if a user is a member of a security group. Lots of admins use IFMEMBER in logon scripts to do various things, such as:
IFMEMBER Marketing
if errorlevel==1 net use z: \\server\marketing"
However, I need to do the same type of thing in a computer "startup" script, rather than a user "logon" script. (Without getting in to the hairy details, the startup script runs with SYSTEM privs, which are a lot higher than USER privs) I have a computer named "PC1234" and it is a member of the "SpecialPC" group in active directory. When I run IFMEMBER in a PC startup script, it checks to see if "Default User" is a member of "SpecialPC", which he is not.
I know I could do the same thing by creating a separate GPO and using the "security" trick to assign it only to the "SpecialPC" group, but I have other complexities that make adding GPOs unattractive. A util exactly like IFMEMBER that works with computer accounts rather than user accounts is the perfect solution. Does such a util exist?
Complex version: IFMEMBER.EXE is a MS tool for checking if a user is a member of a security group. Lots of admins use IFMEMBER in logon scripts to do various things, such as:
IFMEMBER Marketing
if errorlevel==1 net use z: \\server\marketing"
However, I need to do the same type of thing in a computer "startup" script, rather than a user "logon" script. (Without getting in to the hairy details, the startup script runs with SYSTEM privs, which are a lot higher than USER privs) I have a computer named "PC1234" and it is a member of the "SpecialPC" group in active directory. When I run IFMEMBER in a PC startup script, it checks to see if "Default User" is a member of "SpecialPC", which he is not.
I know I could do the same thing by creating a separate GPO and using the "security" trick to assign it only to the "SpecialPC" group, but I have other complexities that make adding GPOs unattractive. A util exactly like IFMEMBER that works with computer accounts rather than user accounts is the perfect solution. Does such a util exist?