logon script Mark D. MacLachlan poss help 3

[FISKO]

Hi I have been fiddling around with Marks brill script and wondered if any one can help?
I wish to have an input box for the UserName and for it to then place this in the place of the user string. I post my effort below Thanks






'==========================================================================
'
' NAME: LogonScript.vbs
'
' AUTHOR: Mark D. MacLachlan, The Spider's Parlor
' URL :

http://www.thespidersparlor.com

' DATE : 4/10/2003
'
' COMMENT:
' Maps and disconnects drives
'
'
'==========================================================================




ON ERROR RESUME NEXT

Dim WSHShell, WSHNetwork, objDomain, DomainString, UserString, UserObj, Path


Set WSHShell = CreateObject("WScript.Shell")
Set WSHNetwork = CreateObject("WScript.Network")
'Automatically find the domain name
Set objDomain = getObject("LDAP://rootDse")
DomainString = objDomain.Get("dnsHostName")
WinDir = WshShell.ExpandEnvironmentStrings("%WinDir%")

'Grab the user name
UserString ="fisk"
'Bind to the user object to get user name and check for group memberships later
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)



'Disconnect ALL mapped drives
Set clDrives = WshNetwork.EnumNetworkDrives
For i = 0 to clDrives.Count -1 Step 2
WSHNetwork.RemoveNetworkDrive clDrives.Item(i), True, True
Next

'Give the PC time to do the disconnect, wait 300 milliseconds
wscript.sleep 300

'Map drives needed by all
'Note the first command uses the user name as a variable to map to a user share.
WSHNetwork.MapNetworkDrive "k:", "\\GANDALF\pupils\" & UserString,True
'MAPS a general share
WSHNetwork.MapNetworkDrive "U:", "\\gandalf\pupils",True


' THIS goes after USERSTRING WSHNetwork.UserName


'Clean Up Memory We Used
set UserObj = Nothing
set GroupObj = Nothing
set WSHNetwork = Nothing
set DomainString = Nothing
set WSHSHell = Nothing
Set WSHPrinters = Nothing


'Quit the Script
wscript.quit

 

[FISKO]

PS I also wondered if it is possible to add the strPassword so that the password for the folder could be included?
Thanks once again.

 

[markdmac]

Hi Fisko, I'll be happy to help but could you please explain WHY you are trying to do this? Do you have some system with different user IDs and passwords that the user needs to validate against?

If you are in a domain environment, then the user should be able to connect without the need for a user id and password combination provided rights to the resource have been assigned in NTFS.

Passing a password in the manner you have requested is a bad idea because it will be displayed as plain text as the user types it, so anyone walking by will see the password which defeats the purpose of having security.

I hope you find this post helpful.

Regards,

Mark

 

[FISKO]

Hi Mark, I am once again trying to find a method of keeping the Computer always logged on in a school environmet to save time with the logon logoff, this is because school PCs are hot seated pehaps as quickly as every 10-15 mins and the loggon takes 1-2 mins.
I hope to have a single logon(easy)and then have something like a HTA set up on the desk top to allow the user to map to his/her drive and logoff /disconnect drives etc
Thanks

 

[markdmac]

Gotcha,

So here is a sample HTA that will do what you ask. What is nice about the HTA solution is you can hide the password.

Thanks for asking this. I do like this solution for your specific need. I'll probably add this code as an FAQ down the road.

Save the following code to

<head>
<title>Quick Login Panel</title>
<HTA:APPLICATION 
     APPLICATIONNAME="HTALogin"
     SCROLL="no"
     SINGLEINSTANCE="yes"
 >
</head>

<SCRIPT LANGUAGE="VBScript">

    Sub MapDrives
        On Error Resume Next
        Dim UserString, UserPassword, WSHNetwork
        UserString = login.Value
        UserPassword = password.Value
        
        Set WSHNetwork = CreateObject("WScript.Network")
        WSHNetwork.MapNetworkDrive "H:", "\\server\users\" & UserString,True, UserString, UserPassword
        'Clear the boxes now that we are done using the info
        login.Value =  ""
        password.Value =""
        UserString=Nothing
        UserPassword=Nothing                
    End Sub

</SCRIPT>


<body bgcolor="cyan"><center>
<h1>Quick Login Panel</h1>
<table align="center">
<tr><td>Name:</td><td><input type="text" name="login" size="30"></td></tr>
<tr><td>Pasword:</td><td><input type="password" name="password" size="30"></td></tr>
<tr><td colspan="2" align="center"><input id=runbutton  type="button" value="Login" name="run_button" onClick="MapDrives"></td></tr>
</td></tr>
</table>


<p>
<span id = "DataArea"></span>
</center></body>

I hope you find this post helpful.

Regards,

Mark

 

[FISKO]

Thanks Mark,if this can be made to work as I intend it will be a fantastic acheivement.

 

[FISKO]

This works like a charm, I just need to setup my network to get it to work.
The only extras now needed are to have a LOGOFF to disconnect the drives and to get it to change the path for the My Documents to avoid confusion on saveing of work, but it should be possible to educate the users if not.

Thanks again Mark for your brill help.

 

[FISKO]

loggoff and diconect drives sorted, just the my docs bit and thats it

 

[FISKO]

mmm needs more thought, to set up..
If there is already a user who has loged on to the net work its fine, as Active directory has created a folder under the root \\server\user\
However if this is not te case it cannot map to a folder, also the password could be a problem as again unless the user has logged on, created the folder, set a password it will not work. But I feel it is worth sorting as when it does have all the right settings it is so easy and quick.

 

[markdmac]

You will run into problems I think with the redirecting of My Docs as that is a logon setting. Your best bet is to disable the use of My Documents entirely and have your users save files to a drive letter that you can map on the fly.

Next, for your folders, you should just make it a practice when you create users to either log in as them with a temporary password to create the folder OR manually create the folder. Do some searching in this forum because we recently answered a question on how to automate this via script including setting permissions.

Since your users need to change their password, you could also just set a policy that the first time they log in they need to do all of this.

I hope you find this post helpful.

Regards,

Mark

 

[ICFUC]

You can use a GPO to redirect users to a 'My Doc...' on a network share. Or If you don't use GPO's then use reg.write on your logon-script to set def. folders to a network share

 

[markdmac]

Unless you disable the use of My Documents you are faced with a lot more than just changing the redirect at login, you also have to manage it at logoff since these machines will continue to remain logged in using a generic ID.

If you fail to take this into account, then the next user to use a PC will have access to someone else's files before they "log in" using the HTA.

Trust me on this one, you are better of disabling this feature, hide the icon and educate your users to store data on a network drive.

I hope you find this post helpful.

Regards,

Mark

 

[markdmac]

Also ICFUC, read all the notes above. GPO can not be used in this case. The machines in question are logged on with a generic ID and students will be using the HTA applicaiton to simulate a login. ALl it rally does is map their drives and printers etc. An actual WIndows login will not take place so GPO processing will not happen.

I hope you find this post helpful.

Regards,

Mark

 

[FISKO]

Thats correct the GPO will be set to produce a standard login which will be set to do so automaticaly on start up via Registry settings. The GPO will set the desk top printers and programs available. The "Quick Login" HTA will then allow users to logon by mapping a drive letter to their "home" folder this will save the long logon /logoff times that a normal XP/server 2003 login would take.

 

[FISKO]

Hi Mark, it all is progressing well, I Have a generic logon to the server,GPO is set and blank password enabled for first loggon. I have found a script of yours for password reset, this works but only at Admin level.
Is it possible to script to get the AD to check credentials for the user? ie
ENTER YOUR USERNAME
ENTER YOUR CURRENT PASSWORD
To get a validation so that any user who provides the correct data can then input a new Password?
Thanks once again for you invaluable help.

 

[markdmac]

You will need to look at WMI impersonation.

Here is an example:

strComputer = "atl-dc-01"
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer _
(strComputer, "root\cimv2", "fabrikam\administrator", "password")
objWMIServices.Security_.ImpersonationLevel = 3

Take a look at this article from MS.

http://msdn.microsoft.com/library/d...mi/connecting_to_wmi_on_a_remote_computer.asp

I hope you find this post helpful.

Regards,

Mark

 

[FISKO]

Checking it out, will test my password change script tomorrow. Fingers crossed

 

[FISKO]

Sorry just had a thought (creative juices flowing(or the bottle of wine I'm drinking))I wonder if I only need to get the WMI impersonation to log to the user account that needs to be changed?
If so then it should be possible to get this info from the Original drive Mapping part of the script and then use this to pop it into the WMI...
(code)
strComputer = "atl-dc-01"
Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objSWbemServices = objSWbemLocator.ConnectServer _
(strComputer, "root\cimv2", "fabrikam\administrator", "password")
objWMIServices.Security_.ImpersonationLevel = 3
(code/)

Funny I cannot wait to find out tommorow...sad eh!

 

[markdmac]

That was what I thought you were going to do with it. Sorry if I did not articulate that.

You will already knwo the user ID and password so use those variables in a sub that binds to the user object and changes the password. Just add another button to the HTM to call the sub to do the password change.

I hope you find this post helpful.

Regards,

Mark

 

[tfg13]

Mark,
Once again, proving your worth! BTW, didn't know you dabbled in HTA as well (okay, simple conversion from VBScript to HTA, but most don't take the time).