Logon Script Question/Problem 3

[JEG78]

I am using VBScript to write a logon script that maps network drives. No big deal, they work. I am used to Novell Mappings in Logon Scripts where I can say if user is in a specific group then map this. I can't seem to to figure this out with this 2003 script.

Any suggestions??

Thanks in advance...

 

[ChicagoTechNet]

quoted from

http://www.ms-mvps.com/

Sample of VBScript - Mapping a network drive based on the group

' Map a network drive if the user is a member of the group.
' Alert the user if the drive cannot be mapped.
If IsMember(objUser, "accounting&quot Then
If Not MapDrive("Q:", "\\chicagotech\data&quot Then
MsgBox "Unable to Map Q: to AdminShare"
End If
End If


Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com

 

[markdmac]

Here is a sample login script I use. Allows drive mappings based on group memberships as well as adding of printers.

'==========================================================================
'
' NAME: LogonScript
'
' AUTHOR: Mark D. MacLachlan, The Spider's Parlor
' URL :

http://www.thespidersparlor.com

' DATE : 4/10/2003
'
' COMMENT: Enumerates current users' group memberships in given domain.
'
'==========================================================================


ON ERROR RESUME NEXT

Set WSHShell = CreateObject("WScript.Shell&quot
Set WSHNetwork = CreateObject("WScript.Network&quot
DomainString = "DomainName"
UserString = WSHNetwork.UserName

Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

'Synchronizes the time with Server our NTP Server
WSHShell.Run "NET TIME \\Server /set /y"


WSHNetwork.RemoveNetworkDrive "F:"

wscript.sleep 300

'Maps drives needed by all
WSHNetwork.MapNetworkDrive "U:", "\\server\users",True
WSHNetwork.MapNetworkDrive "X:", "\\server\executables",True

'Now check for group memberships and map appropriate drives
For Each GroupObj In UserObj.Groups

Select Case GroupObj.Name
'Check for group memberships and take needed action
Case "Admin"
WSHNetwork.MapNetworkDrive "w:", "\\Server\Admin Stuff",True
Case "WorkerB"
WSHNetwork.MapNetworkDrive "w:", "\\Server\Shared Documents",True

End Select

Next


'Install Printers

WSHNetwork.AddWindowsPrinterConnection "\\Server\HP5si"



set UserObj = Nothing
set GroupObj = Nothing
set WSHNetwork = Nothing
set DomainString = Nothing
set WSHSHell = Nothing

wscript.quit


I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[JEG78]

Thanks for the help! That is what I needed.

 

[JEG78]

The network drive mappings for all users, but the drive mappings for the groups are not. Any suggestions...?

 

[JEG78]

I fixed it, I used both of your ideas and merged them together. Tell me what you think and if I need to change anything... Thanks, you guys have been a huge help!

***
Login Script
***
ON ERROR RESUME NEXT

Set WSHShell = CreateObject("WScript.Shell&quot
Set objNet = CreateObject("WScript.Network&quot
DomainString = "DomainName"
UserString = objNet.UserName

'Synchronizes the time with Server our NTP Server
WSHShell.Run "NET TIME \\Server /set /y"

'All Users Drive Mappings
objNet.MapNetworkDrive "H:", "\\Server1\Data",True
objNet.MapNetworkDrive "U:", "\\Server1\Users",True
objNet.MapNetworkDrive "Z:", "\\Server1\Public",True

'Group Membership Drive Mappings
'Check Group Memberships
If IsMember(objUser, "Administrators&quot Then
objNet.MapNetworkDrive "L:", "\\Server1\C",True
objNet.MapNetworkDrive "M:", "\\Server1\Apps",True
objNet.MapNetworkDrive "N:", "\\Server1\Users Root",True
objNet.MapNetworkDrive "O:", "\\Server1\Data",True
objNet.MapNetworkDrive "P:", "\\Server2\C",True
objNet.MapNetworkDrive "Q:", "\\Server2\Data",True
objNet.MapNetworkDrive "R:", "\\Server2\Info",True
If IsMember(objUser, "Software&quot Then
objNet.MapNetworkDrive "I:", "\\Server1\Software Data",True
If IsMember(objUser, "DB Administrators&quot Then
objNet.MapNetworkDrive "J:", "\\Server1\DB",True
If IsMember(objUser, "Collections&quot Then
objNet.MapNetworkDrive "K:", "\\Server1\Collections",True

End If
End If
End If
End If

set UserObj = Nothing
set objNet = Nothing
set DomainString = Nothing
set WSHSHell = Nothing

wscript.quit

 

[markdmac]

I think you are not going to get the result you want because of the placement of your END IF statements.

Are all members of collections also administrators? Same question for DB Admins. If the answer is yes then that part is ok.

I notice that you have references to UserString, objUser and UserObj, you need to decide what variable name you want to use and stick with it. Did you test this to see if it works?

I am curious to know if the IsMember works out of the box on 2000 or do you need to have the IsMember utility like you had to in NT4. Please let me know. My solution works without the need for the resource kit utility.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[JEG78]

I am using Windows 2003 Server. I see your point with the "End If" statements. I tested it with my admin account and it worked, I assumed that everything else mapped because I was a member of the Admin Group... Should the Group Login portion look like this?

'Group Membership Drive Mappings
'Check Group Memberships
If IsMember(objUser, "Administrators&quot Then
objNet.MapNetworkDrive "L:", "\\Server1\C",True
objNet.MapNetworkDrive "M:", "\\Server1\Apps",True
objNet.MapNetworkDrive "N:", "\\Server1\Users Root",True
objNet.MapNetworkDrive "O:", "\\Server1\Data",True
objNet.MapNetworkDrive "P:", "\\Server2\C",True
objNet.MapNetworkDrive "Q:", "\\Server2\Data",True
objNet.MapNetworkDrive "R:", "\\Server2\Info",True

End If

If IsMember(objUser, "Software&quot Then
objNet.MapNetworkDrive "I:", "\\Server1\Software Data",True

End If

If IsMember(objUser, "DB Administrators&quot Then
objNet.MapNetworkDrive "J:", "\\Server1\DB",True
End If

If IsMember(objUser, "Collections&quot Then
objNet.MapNetworkDrive "K:", "\\Server1\Collections",True

End If


Also, is there any way to do multiple group choices? For example, would this work:

If IsMember(objUser, "Collections", "Administrators&quot Then
objNet.MapNetworkDrive "K:", "\\Server1\Collections",True

End If

Thanks for your help!

 

[JEG78]

Also, I am confused on what you mean by this...

"I notice that you have references to UserString, objUser and UserObj, you need to decide what variable name you want to use and stick with it."

 

[markdmac]

Hi Jeg78,

You now have the If and End If statements right.

For your question on the multiple groups, try something like this:

If IsMember(objUser, "Collections&quot And IsMember(objUser, "Administrators&quotThen
objNet.MapNetworkDrive "K:", "\\Server1\Collections",True

End If


OR you could use the nesting that you did unintentionally before:

If IsMember(objUser, "Collections&quot Then
If IsMember(objUser, "Administrators&quot Then
objNet.MapNetworkDrive "K:", "\\Server1
\Collections",True
End If
End If


Regarding your variables: You can't switch the names, you need to stick with a naming convention.

here is what you have in your script:
UserString = objNet.UserName
If IsMember(objUser
set UserObj = Nothing

You get the UserString but don't use it anywhere.
You are using objUser but not defining what that is.
You are setting UserObj to nothing but it had no value before that.

Frankly I don't understand how this is working for you. It all relies on objUser and I see nothing defining what that is. Make sure you don't have any mappings when you test this to make sure it is doing what you expect it to. You should be able to get it all working if you change the entries for UserString and UserObj to objUser.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[JEG78]

Here is my final script, I hope , that is working properly. Please let me know what I could to possibly improve it, I really want to understand what I am doing, not just doing it and not caring.

Thanks for your help!

**
Login Script
**

ON ERROR RESUME NEXT

Set WSHShell = CreateObject("WScript.Shell&quot
Set objNet = CreateObject("WScript.Network&quot
DomainString = "ZSWSDMN"
UserString = objNet.UserName

'Synchronizes PC's With Time Server
WSHShell.Run "NET TIME \\ZSWSDMN01 /set /y"

'All Users Drive Mappings
objNet.MapNetworkDrive "H:", "\\Server1\Data",True
objNet.MapNetworkDrive "J:", "\\Server1\DB",True
objNet.MapNetworkDrive "U:", "\\Server1\Users",True
objNet.MapNetworkDrive "Z:", "\\Server1\Public",True

'Group Membership Drive Mappings
'Check Group Memberships
If IsMember(objUser, "Administrators&quot Then
objNet.MapNetworkDrive "L:", "\\Server1\Server1 C",True
objNet.MapNetworkDrive "M:", "\\Server1\Server1 Apps",True
objNet.MapNetworkDrive "N:", "\\Server1\Server1 Users",True
objNet.MapNetworkDrive "O:", "\\Server1\Server1 Data",True
objNet.MapNetworkDrive "P:", "\\Server2\Server2 C",True
objNet.MapNetworkDrive "Q:", "\\Server2\Server2 Data",True
objNet.MapNetworkDrive "R:", "\\Server2\Server2 Info",True

End If

If IsMember(objUser, "Software&quot And IsMember(objUser, "Administrators&quot Then
objNet.MapNetworkDrive "I:", "\\Server1\Software",True

End If

If IsMember(objUser, "Collections&quot And IsMember(objUser, "Administrators&quot Then
objNet.MapNetworkDrive "K:", "\\Server1\Collections",True

End If

If IsMember(objUser, "Reports&quot And IsMember(objUser, "Administrators&quot Then
objNet.MapNetworkDrive "V:", "\\Server1\Reports",True

End If

wscript.quit

 

[markdmac]

Hi jeg78, looks good. If that script is working then you can remove the line

UserString = objNet.UserName

I am guessing that the IfMember is somehow setting up the objuser since there is no other reference to it anywhere.
ChicagoTechNet can you verify this?

You should add a few lines above your wscript.quit that says

Set objNet = Nothing
Set WSHShell = Nothing

Technically these are not needed since the script will exit, but it is good practice to free the memory.


I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[JEG78]

Cool, thanks very much for help!

 

[ChicagoTechNet]

Mark,

I wish I could do what you did, details and quick reply. Thank you for the tips.

Robert Lin, MS-MVP, MCSE & CNE
Windows, Network, Internet, VPN, Routing and How to at

http://www.ms-mvps.com

 

[c0r0]

Another way of doing it using ADSystemInfo
No error checking on this or tidying up after but it works for me on 2003.

'** set group name to check in containername format
Const GROUP_NAME = "cn=mygroup"

'** Create Object to find login name, used later
Set wshNetwork = CreateObject("WScript.Network")

'** Get name (not login name)of user and find groups this
'** is a member of and put into a string

Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName)
strGroups = LCase(Join(CurrentUser.MemberOf))

'** If groupname is in this string then map drive
If InStr(strGroups, GROUP_NAME) Then
wshNetwork.MapNetworkDrive "J:","\\Fileservername\Users\" & wshNetwork.UserName

end if
wscript.quit

 

[Leke]

Thanks mark,

I have used the following script, but its not working

1.

**
Login Script
**

ON ERROR RESUME NEXT

Set WSHShell = CreateObject("WScript.Shell")
Set objNet = CreateObject("WScript.Network")
DomainString = "ZSWSDMN"
UserString = objNet.UserName

'Synchronizes PC's With Time Server
WSHShell.Run "NET TIME \\ZSWSDMN01 /set /y"

'All Users Drive Mappings
objNet.MapNetworkDrive "H:", "\\server-fs\leke",True


'Group Membership Drive Mappings
'Check Group Memberships
If IsMember(objUser, "Administrators") Then
objNet.MapNetworkDrive "L:", "\\server-fs\netcom-fs C",True
objNet.MapNetworkDrive "M:", "\\server-fs\netcom-fs leke",True


End If

If IsMember(objUser, "test") And IsMember(objUser, "Administrators") Then
objNet.MapNetworkDrive "I:", "\\server-fs\leke",True

End If

Set objNet = Nothing
Set WSHShell = Nothing

wscript.quit

I also tried this one, but none seems to work.

2.

**
Login Script
**

ON ERROR RESUME NEXT

Set WSHShell = CreateObject("WScript.Shell")
Set objNet = CreateObject("WScript.Network")
DomainString = "ZSWSDMN"
UserString = objNet.UserName

'Synchronizes PC's With Time Server
WSHShell.Run "NET TIME \\ZSWSDMN01 /set /y"

'All Users Drive Mappings
objNet.MapNetworkDrive "H:", "\\Server1\leke",True


'Group Membership Drive Mappings
'Check Group Memberships
If IsMember(objUser, "Administrators") Then
objNet.MapNetworkDrive "L:", "\\Server1\server-fs C",True
objNet.MapNetworkDrive "M:", "\\Server1\server-fs leke",True


End If

If IsMember(objUser, "test") And IsMember(objUser, "Administrators") Then
objNet.MapNetworkDrive "I:", "\\server-fs\leke",True

End If

Set objNet = Nothing
Set WSHShell = Nothing


wscript.quit

Do i need to have vb script running on my domain controller before this can run.

please let me know the actual character i need to edit on the code.

Thanks

Leke

Thanks for your patience

 

[markdmac]

leke,

Please refer to my FAQ faq329-5798 as it has a lot of updates in it since this thread was started. If after reviewing that FAQ you still have questions, please post a new thread and we'll get you taken care of.

I hope you find this post helpful.

Regards,

Mark

 

[Leke]

Hi all,

I implemented this following script on my domain:

ON ERROR RESUME NEXT

Set WSHShell = CreateObject("WScript.Shell")
Set objNet = CreateObject("WScript.Network")
DomainString = "ZSWSDMN"
UserString = objNet.UserName

'Synchronizes PC's With Time Server
WSHShell.Run "NET TIME \\ZSWSDMN01 /set /y"

'All Users Drive Mappings
objNet.MapNetworkDrive "H:", "\\DC\data",True


'Group Membership Drive Mappings
'Check Group Memberships
If IsMember(objUser, "Administrators") Then
objNet.MapNetworkDrive "L:", "\\DC",True
objNet.MapNetworkDrive "M:", "\\DC\Data",True


End If

If IsMember(objUser, "test1") And IsMember(objUser, "Administrators") Then
objNet.MapNetworkDrive "I:", "\\DC\operations",True

End If



wscript.quit.

Result:

There was no mapped drive in "My Computer" of a client marchine when domain users and administrators logs on to domain.

On the contrary, there were mapped drives when domain administrators log on to domain through domain controller.

What I want: How can I edit this script to enable users in test1 group to have mapped drive on their machine when they log on to domain through their computer.

Thank you very much.

Leke

 

[markdmac]

Hi Leke,

The problem you have here is that you are specifying that every user to get a mapped L, M or I drive has to be a member of Administrators. I think your intention for the I drive is to use the word OR instead of AND in your If/Then.

I personally don't like to use the IsMember and prefer instead to query the AD for the users memberships.

I don't however see any reason why your users do not get the H drive unless you have not implemented the script in a GPO correctly. What happens when you run the script manually when logged on as a user?

I've written an extensive FAQ on login scripts, I encourage you to use the sample I have provided. You will find information here.

http://www.tek-tips.com/faqs.cfm?fid=5798

For the policy, it sounds like you may have added the script into your default domain controller policy. You should not implement a script in either the Default Domain Controller Policy or the Default Domain Policy. In fact, I would recommend that you not touch these at all with the exception of the Default Domain Policy for configuring password policy settings such as password complexity, password history etc. I give detailed instructions on the GPO stuff in the above referenced FAQ as well.


I hope you find this post helpful.

Regards,

Mark

 

[Leke]

Thanks Marks,

I appreciate your limited resources (Time spent to address my problem).

I have removed the other code and added the following:

DomainString = objDomain.Get("dnsHostName")

'Grab the user name
UserString = WSHNetwork.UserName
'Bind to the user object to get user name and check for group memberships later
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

'Grab the computer name for use in add-on code later
strComputer = WSHNetwork.ComputerName


'Synchronizes the time with Server our NTP Server
WSHShell.Run "NET TIME \\Server /set /y"

'Disconnect any drive mappings as needed.
WSHNetwork.RemoveNetworkDrive "F:", True, True

'Disconnect ALL mapped drives
Set clDrives = WshNetwork.EnumNetworkDrives
For i = 0 to clDrives.Count -1 Step 2
WSHNetwork.RemoveNetworkDrive clDrives.Item(i), True, True
Next

'Give the PC time to do the disconnect, wait 300 milliseconds
wscript.sleep 300

'Map drives needed by all
'Note the first command uses the user name as a variable to map to a user share.
WSHNetwork.MapNetworkDrive "H:", "\\domainserver\operations\" & UserString,True
WSHNetwork.MapNetworkDrive "U:", "\\domainserver\legal",True
WSHNetwork.MapNetworkDrive "X:", "\\domainserver\payroll",True

'Now check for group memberships and map appropriate drives
For Each GroupObj In UserObj.Groups
Select Case GroupObj.Name
'Check for group memberships and take needed action
'In this example below, ADMINISTRATORS and TEST1 are groups.
Case "Administrators"
WSHNetwork.MapNetworkDrive "w:", "\\domainserver\legal",True
Case "test1"
WSHNetwork.MapNetworkDrive "w:", "\\domainserver\payroll",True

End Select

'Clean Up Memory We Used
set UserObj = Nothing
set GroupObj = Nothing
set WSHNetwork = Nothing
set DomainString = Nothing
set WSHSHell = Nothing
Set WSHPrinters = Nothing


'Quit the Script
wscript.quit


There was no changes at all when I removed the other code and added the above cove.

This is what I did to remove and add your code:

From Active directory users and computers windows.
I right click on Test OU (Test OU contains some test users including myself).
Select Properties.
Select Group Policy
delete the default GPO and the other code that did not work and create new one named logon script
Navigate to Logon\lofoff under user configuration
Double click on the logon properties
Click add
click browse.
copy the above script (Already saved as logonscript.vbs) and paste on logon window.
click ok. ok,ok to close the Logon script GPO.
I ensured that "Applied Group Policy" is applied to authenticated users.
Click ok to close the window.
Run GPUPDATE to activate the changes.

Result: I restarted the Domain controller and logon to the domain through a client machine.

there former script i applied is still running and there is no mapped drive on the client machine.

What I want:

I want users in Test1 OU to be mapped to shared Payroll folder and administrator mapped to both payroll and legal and operations shared folders.

Thanks.

Leke