Login Script question 1

[erikhertzel]

All,

We have Windows Server 2003 AD and use login scripts to map drives (traditional batch files).

I want to map a drive for users that fall in a certain group on the AD, otherwise, it does not map if they are not a member of this group.

For example:

User Adam is a member of Group AA

If Adam is a member of AA then
map drive L: to this \\server\share
else
don't map it

How do I write this in a bat script?

Thanks,

 

[58sniper]

You can certainly use IFMEMBER in a batch file to check for group membership, then act accordingly.

Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -

http://www.ietf.org/rfc/rfc2821.txt

 

[monsterjta]

Run GPRESULT on the local workstation. Do you see the policy applied under the User node? Are you using the GPMC? If so, you can also run a RSOP report from there.

Are you sure you have the policy linked to the OU the user resides in?

Also, of course, you need to logoff and login for the script to actually run.

Hope This Helps,

Good Luck!

 

[sparkbyte]

Here is a snippet of a logon script I have been developing for use on our Terminal Servers that you might find useful.

Note the highlighted entry. Move, replicate, and chnge this to match your needs.

'*******************************************************************
'	Author:	John Fuhrman
'			Lenexa Outlink Data Center
'			10910 W. 87th
'			Lenexa, Ks 66215
'
'	Date:	11/16/2006
'
'* Parts used in this script are from the following author. 
'
' NAME: LogonScript.vbs
'
' AUTHOR:  Mark D. MacLachlan, The Spider's Parlor
' URL   : [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 4/10/2003
'
' COMMENT: Enumerates current users' group memberships in given domain.
'          Maps and disconnects drives and printers
'
'*******************************************************************


' On Error Resume Next

' Initialize Objects and Variables we are going to use in the script.
Dim strDomain, strUser
Dim WSHNetwork, objGroup , UserObj, UserNameObj

' initial object creation
Set WSHShell = CreateObject("WScript.Shell")
set WSHNetwork = WScript.createObject("WScript.Network")

DomainString = WSHNetwork.UserDomain 'Get the users Domain
UserString = WSHNetwork.UserName ' Get the user name

'Bind to the user object so that we can read it's values
Set UserObj = GetObject("WinNT://" & WSHNetwork.UserDomain & "/" & UserString)

	strUser = UserObj.Name 'store users full name 
	strBank = (Left(UserObj.Name,3)) ' Grab the first 3 characters of the username
	
'	WScript.Echo UCase(strBank)
'	WScript.Echo "strUser: " & vbCrLf & strUser & vbCrLf
'	WScript.Echo "DomainString: " & vbCrLf & DomainString & vbCrLf
'	WScript.Echo "UserString: " & vbCrLf & UserString & vbCrLf

'****************************************************************************
' Check Username and Select Case
'****************************************************************************
Select Case UCase(strUser)

         Case "GUEST"
			WSHNetwork.AddWindowsPrinterConnection "\\PrintServer\printer01"
			WSHNetwork.SetDefaultPrinter "\\PrintServer\printer01
			[highlight]WSHNetwork.MapNetworkDrive "H:", "\\server\users\" & UserString,True[/highlight]
			
End Select

'*****************************************************************************
'Now check for group memberships and select the correct Case
'*****************************************************************************
	strCounter = 0 ' Initialize counter
	For Each GroupObj In UserObj.Groups
'    WScript.Echo UCase(GroupObj.Name) ' (Insert echo command for troubleshooting)

    Select Case UCase(GroupObj.Name) ' Convert to Upper Case for consistency
         Case "DOMAIN ADMINS"
             If strCounter > 0 Then
                 WScript.Echo "User is member of multiple banks"
'                 Exit For ' Causes For...Next loop to end
             Else
                 strCounter = strCounter + 1 ' Increment counter for next loop
             End If

				WSHNetwork.AddWindowsPrinterConnection "\\lxolcdprn01\Lenexa8"
				WSHNetwork.SetDefaultPrinter "\\lxolcdprn01\Lenexa8"

         Case "ADMINISTRATORS"
             If strCounter > 0 Then
                 WScript.Echo "User is member of multiple banks"
                 Exit For ' Causes For...Next loop to end
             Else
                 strCounter = strCounter + 1 ' Increment counter for next loop
             End If
'				msgbox ("You are logged on as a Local Administrator!" & vbCrLf _
'				& "Please be CAREFULL.")

End Select

Next

Hope this helps you.



Thanks

John Fuhrman
Titan Global Services

http://www.titangs.com

 

[mbryson]

Run GPRESULT on the local workstation. Do you see the policy applied under the User node? Are you using the GPMC? If so, you can also run a RSOP report from there.

Are you sure you have the policy linked to the OU the user resides in?

Also, of course, you need to logoff and login for the script to actually run.

Hope This Helps,

Good Luck!

Wow! That's a sweet tool.

Policy is applied under the user node. It's even named 'Accounts logon'. I'm not experienced using the GPMC, but it's up and running. I'll check into the reports.

I'm a little concerned about the linking, but if it's showing in GPRESULT, isn't it linked?

I've got the batch file sitting in a folder on the server's desktop. Is that an issue?

 

[monsterjta]

it's showing in GPRESULT, isn't it linked?

That is correct.

I've got the batch file sitting in a folder on the server's desktop. Is that an issue?

I would suggest keeping the batch file in it's default location with the logon script policy, which is:

\\<domain>\SysVol\<domain>\Policies\<policyGUID>\User\Scripts\Logon\

Now, are you logging off the workstation, then logging back in?

Hope This Helps,

Good Luck!

 

[mbryson]

RI would suggest keeping the batch file in it's default location with the logon script policy, which is:

\\<domain>\SysVol\<domain>\Policies\<policyGUID>\User\Scripts\Logon\

Now, are you logging off the workstation, then logging back in?

Hope This Helps,

Good Luck!

I'll move the batch files and see how that does. I'm logging off and then logging in. Periodically, I'll even do a 'restart' just to make sure I'm not on crack.

.....more to come?

Again, thanks for the help!

 

[mbryson]

That didn't seem to help. I've reset the server and workstation to see if that would help and still no mapped drive.

 

[monsterjta]

net use J: \\<servername>\<sharedfolder> /persistent:no

You don't need the persistent switch unless you want the drive to be persistent.

Can you map the drive manually on the client machine? If not, check the share and make sure the permissions are properly configured.


Hope This Helps,

Good Luck!

 

[mbryson]

You don't need the persistent switch unless you want the drive to be persistent.

Can you map the drive manually on the client machine? If not, check the share and make sure the permissions are properly configured.

Hope This Helps,

Good Luck!

No problem mapping with the batch file (copied it to the client and ran it to check if had a syntax error or something). I just don't get the drive mapping when logging on.

Is there something missingin Sharper's instructions above? I've followed those to the letter (and they match my book and my old training materials pretty well).

I'm cornfused a little. It seems like it should work. The GP is getting applied on login at the workstation, the batch file is attached to the GPO in the GPOEditor under User-Windows Settings-Scripts-Logon..... Seems like all the ducks are in a row. That is the ONLY GPO getting executed other than the 'Default Domain Policy'. There doesn't appear to be anything in that restricting mapping that I've seen.

 

[monsterjta]

I'm wondering if you have some other policy in place that is preventing this script from running.

Try running this script instead of the batch file. It's VBS, so of course needs a VBS extension.

''''''''''''''''
' Drive mappings
''''''''''''''''
Set objNetwork = CreateObject("WScript.Network") 
objNetwork.MapNetworkDrive "S:", "\\<servername\<share>"

Hope This Helps,

Good Luck!

 

[mbryson]

SWEET!!!

I got a compilation error, but wonder if I just used the wrong character in the 'code' section around 'Drive Mappings'

 

[mbryson]

I took out the whole 'drive mappings' section and ran it again and mapped the drive!

Thanks for everybody's help!!!!

 

[monsterjta]

The "drive mappings' section is just a comment. That can either be deleted entirely, or the apostrophe should not be removed.

Anyway, so now the policy is working?

Hope This Helps,

Good Luck!

 

[mbryson]

Yep, policy is working. I must not know how to write a batch file? (but it works on a workstation..... )


Any good sources for VB scripting other than what's above?


PS: It does matter where the scrip files are located. Just for giggles, I moved the files out to the desktop where the source files were and browsed to that in the GPOEditor and it didn't run. Put it back in the 'default' location and it runs fine.

 

[monsterjta]

You most likely have a GPO configured in another policy that is not allowing the batch file to run, like:

Prevent access to the command prompt: Enabled
Disable the command prompt script processing also? Yes



Hope This Helps,

Good Luck!