Logon scripts 8

[timsayles1]

I am having trouble with logon scripts. I have my scrpits running to map network drives. They have started to come up and prompt for a username and password now before they drive maps. All the PC's are running XP pro and are joined to the domain. Users are signing on using a AD username and password that should allow them access to the shares.

Any suggestions?

PS - this is EVERY PC.

 

[terry712]

how are they getting to script

ie is this on an ou gpo or from the tab on each user or ?

 

[bofhrevenge2]

Also where is the script located?

"Horsey to king bish three

 

[timsayles1]

I have the logon script assigned to each user on their profile tab. The scripts are located in netlogon.

They can access the scrpits, but they are hanging: ie

logon.bat script-

net use g: \\server1\server\usergroups\admin

(screen prompts for username)

 

[bofhrevenge2]

If you logon as the user then go to \\server\NETLOGON and run the script does it work?

"Horsey to king bish three

 

[markdmac]

Time to move away from the old bat files and go with newer technology.

I recommend that you use vbscript in a GPO.

Here is the script that I have written and deployed at most of my customers locations. I've documented it fairly extensively so modification should be easy.

This script does a lot and showcases the power you have with vbscript.

You can delete drives, map drives. Delete printers and add printers. Add drives and printers based on group membership.

[script]
'==========================================================================
'
' NAME: LogonScript.vbs
'
' AUTHOR: Mark D. MacLachlan, The Spider's Parlor
' URL :

http://www.thespidersparlor.com

' DATE : 4/10/2003
'
' COMMENT: Enumerates current users' group memberships in given domain.
'
'==========================================================================


ON ERROR RESUME NEXT

Dim WSHShell, WSHNetwork, objDomain, DomainString, UserString, UserObj, Path


Set WSHShell = CreateObject("WScript.Shell")
Set WSHNetwork = CreateObject("WScript.Network")
Set objDomain = getObject("LDAP://rootDse")
DomainString = objDomain.Get("dnsHostName")

UserString = WSHNetwork.UserName
'Bind to the user object to get user name and check for group memberships later
Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

'Synchronizes the time with Server our NTP Server
WSHShell.Run "NET TIME \\Server /set /y"

'Disconnect any drive mappings as needed.
WSHNetwork.RemoveNetworkDrive "F:"

'Disconnect ALL mapped drives
Set clDrives = WshNetwork.EnumNetworkDrives
For i = 0 to clDrives.Count -1 Step 2
WSHNetwork.RemoveNetworkDrive clDrives.Item(i)
Next

'Give the PC time to do the disconnect, wait 300 milliseconds
wscript.sleep 300

'Map drives needed by all
WSHNetwork.MapNetworkDrive "U:", "\\server\users",True
WSHNetwork.MapNetworkDrive "X:", "\\server\executables",True

'Now check for group memberships and map appropriate drives
For Each GroupObj In UserObj.Groups
Select Case GroupObj.Name
'Check for group memberships and take needed action
'In this example below, ADMIN and WORKERB are groups.
Case "Admin"
WSHNetwork.MapNetworkDrive "w:", "\\Server\Admin Stuff",True
Case "WorkerB"
WSHNetwork.MapNetworkDrive "w:", "\\Server\Shared Documents",True
End Select
Next

'Remove ALL old printers
'Enumerate all printers first, after that you can select the printers you want by performing some string checks
Set WSHPrinters = WSHNetwork.EnumPrinterConnections
For LOOP_COUNTER = 0 To WSHPrinters.Count - 1 Step 2
'To remove only networked printers use this If Statement
If Left(WSHPrinters.Item(LOOP_COUNTER +1),2) = "\\" Then
WSHNetwork.RemovePrinterConnection WSHPrinters.Item(LOOP_COUNTER +1),True,True
End If
'To remove all printers incuding LOCAL printers use this statement and comment out the If Statement above
'WSHNetwork.RemovePrinterConnection WSHPrinters.Item(LOOP_COUNTER +1),True,True
Next

'Remove a specific printer
WSHNetwork.RemovePrinterConnection "\\ServerOld\HP5si",True,True

'Install Printers
WSHNetwork.AddWindowsPrinterConnection "\\Server\HP5si"


' This section of script will prevent the baloon window that appears when printing
' to a network shared printer after XP Service Pack 2 is installed.
'=====================================

Path = "HKCU\Printers\Settings\EnableBalloonNotificationsRemote"
WshShell.RegWrite Path, 0 ,"REG_DWORD"

'Clean Up Memory We Used
set UserObj = Nothing
set GroupObj = Nothing
set WSHNetwork = Nothing
set DomainString = Nothing
set WSHSHell = Nothing
Set WSHPrinters = Nothing


'Quit the Script
wscript.quit

[/script]

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[Tightpants]

That is certainly useful for me.

Is it possible to map drives, connect printers and set the user profile path (for the roaming profile) based upon the IP address of the workstation?

I would like to have a single username for logging into two different sites connected by a VPN but the roaming profile is too big to download remotely. At the moment I have two usernames per person - one for Site A and one for Site B. But it's double the work!

If it is possible, will the user profile path be detected early enough during the running of the script to load the correct profile?

 

[markdmac]

I'm afraid you would not be able to do what you are looking for with the profiles. Is there a reason you can't combine the environments (from the user desktop perspective) and just have one environment use a roaming profile and the second use a cached copy?

You can take action based on the local IP if you wanted to. All you need to do is alter the script to detect the local IP address and use a select case just like I do for the group memberships.



I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[markdmac]

Here is a script I found on the net that works well to give the IP address.

'GetIPaddr.vbs - Check the IP address you are currently
'connected to the Internet with (or LAN IP).
'© Bill James - bill@billsway.com
' rev 15 Jan 2002
'   Now works with Windows NT, 2K, XP

Option Explicit
Dim IP_Address : IP_Address = GetIP()

If IP_Address = "0.0.0.0" OR IP_Address = "" Then
  MsgBox "No IP Address found."
Else
  InputBox vbcrlf & "Current IP Address is " &  IP_Address & _
           vbcrlf & vbcrlf & vbcrlf & vbcrlf & _
           "(Use Ctrl + C to copy IP Address to Clipboard)", _
           "GetIPaddr.vbs © Bill James", IP_Address
End If

Function GetIP()
  Dim ws : Set ws = CreateObject("WScript.Shell")
  Dim fso : Set fso = CreateObject("Scripting.FileSystemObject")
  Dim TmpFile : TmpFile = fso.GetSpecialFolder(2) & "/ip.txt"
  Dim ThisLine, IP
  If ws.Environment("SYSTEM")("OS") = "" Then
    ws.run "winipcfg /batch " & TmpFile, 0, True
  Else
    ws.run "%comspec% /c ipconfig > " & TmpFile, 0, True
  End If
  With fso.GetFile(TmpFile).OpenAsTextStream
    Do While NOT .AtEndOfStream
      ThisLine = .ReadLine
      If InStr(ThisLine, "Address") <> 0 Then IP = Mid(ThisLine, InStr(ThisLine, ":") + 2)
    Loop
    .Close
  End With
  'WinXP (NT? 2K?) leaves a carriage return at the end of line
  If IP <> "" Then
    If Asc(Right(IP, 1)) = 13 Then IP = Left(IP, Len(IP) - 1)
  End If
  GetIP = IP
  fso.GetFile(TmpFile).Delete  
  Set fso = Nothing
  Set ws = Nothing
End Function

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[schtek]

mark is totally right time to learn .vbs script writing..here is a artical that might help as well about the whole subject

http://www.windowsnetworking.com/ar...Pure-Mixed-Active-Directory-Environments.html

hope it helps

It's the same each time with progress. First they ignore you, then they say you're mad, then dangerous, then there's a pause and then you can't find anyone who disagrees with you.

 

[timsayles1]

This information is great! Thank you. I am unfamiliar with VPS scripts, so I have one question.

In my old logon bat files I am mapping to a server that a different user name (ie, server we do not own, but have to use).

ie:

Tom logs on

logon.bat
net use h: \\server6\apps /anotheruserass

(something similar to that)

How would I do that in VBS?

 

[markdmac]

Here is the full context for MapNetworkDrive (coped from the DevGuru site).

WshNetwork.MapNetworkDrive strLocalName, strRemoteName [,bUpdateProfile] [,strUser] [,strPassword]

The MapNetworkDrive method maps a remote share point specified by strRemoteName to a local drive letter specified by strLocalName. If the optional parameter bUpdateProfile is set to True (default is False), the mapping will be saved to the current user's profile. The parameters strUser and strPassword can be used to connect to remote drives using someone else's credentials.


I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[Tightpants]

Thanks for the script to find the IP address. The article on VBS in place of BAT files is useful too.

My problem is that people sometimes need to work at Site A and sometimes at Site B. They may logon at any computer at any site and therefore need to pick up their profile from the local server; at Site A it is Server1 and at Site B it is Server3.

If I specify the user profile path as \\Server1\Profiles\%username% and the person tries to logon at Site B, the profile is remote therefore it doesnt download.

What I really need to be able to do is specify the user profile path as \\<localserver>\Profiles\%username%. Then, wherever they are, they will pick up the roaming profile from the local server. I thought using the IP address might be the best way to do this.

I hope I haven't confused you all by asking questions within someone else's thread. Thanks for your help so far.

 

[markdmac]

Are these two sights part of the same domain? If so how about using DFS to make the profile available anywhere?

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[Tightpants]

They are both part of the same domain.

I have considered DFS however DFS causes our network to "hang" periodically when switched on - a cause of major headaches for many months during the course of last year! Also the volume of data may take too long to replicate over the VPN.

Do you think it would be feasible to create two OUs (Site A and Site B) and use GPOs to assign logon scripts and user profile paths to the computers rather than the users? Then if a user logged into a computer in the other office the logon script and profile path would be adjusted accordingly.

 

[bofhrevenge2]

Is it possible to use the %Logonserver% variable in this situation? e.g. \\%logonserver%\Profiles

"Horsey to king bish three

 

[Tightpants]

I have just looked for more details on the %logonserver% variable. However that could be a problem - it's variable! So conceivably a user could logon at Site B but be authenticated at Site A leaving the %logonserver% as the wrong server.

We have used a hosts file to sort out a couple of DNS issues so perhaps I could add an entry to that instead. I could create a dummy server called say SERVER4 in the hosts file then assign an IP address of 192.168.1.1 for the Site A computers and 192.168.2.1 for the Site B computers. Then when the computer looks for a user profile in \\SERVER4\PROFILES it would find the correct local server.

In the meantime I'm off to read up on DFS...

Thanks for all your help and suggestions.

Do you think this would work or is this a real botch?

 

[markdmac]

I think if you get DFS working you would be in business.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[bofhrevenge2]

You would need seperate subnets for each site and the sites correctly configured in AD Sites & Services to ensure your users logon at the local DC.
Like Mark says try DFS it might work, i had performance problems with it in the past when using it for user profiles but it may of been configured incorrectly.

"Horsey to king bish three

 

[timsayles1]

This script worked perfectly! Thanks for the help!