Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Logon scripts 8

Status
Not open for further replies.
timsayles1

timsayles1

MIS
Nov 18, 2002
121
US
I am having trouble with logon scripts. I have my scrpits running to map network drives. They have started to come up and prompt for a username and password now before they drive maps. All the PC's are running XP pro and are joined to the domain. Users are signing on using a AD username and password that should allow them access to the shares.

Any suggestions?

PS - this is EVERY PC.
 
Sort by date Sort by votes
I am using 192.168.1.x on one site and 192.168.2.x on the other so that should be fine. Is there anything I can do to force logon at the local DC? You mention correctly configuring the sites in AD Sites and Services - is there anything I should check specficically? I thought that usually a workstation would seek out any available server for authentication.

Still reading about DFS..!
 
Upvote 0 Downvote
Workstations will use any available DC *in their local site* to authenticate. If none are available they will then start looking elsewhere.

Therefore, if you have AD configured as a single site, Site A and Site B will randomly authenticate each other, which will also add to your bandwidth overhead (although not by a huge amount, compared with roaming profiles).

If you configure AD into two sites, as mentioned above, then machines will *prefer* to authenticate locally. They will still use the other site automatically, if the closest site is down.

Also, if you configure two sites in AD, you can try using site based GPO's (that is, a GPO linked to the site, rather than to an OU). I have never had a use for them myself, so I can't comment too much on what can and can't be done with them, but I do know they are available.

Another option is to create an environment variable on each PC (through the SYSTEM object in Control Panel, or however else you want), and set its value to the name of the prefered server. Then in the user profile tab for the users, you can set the Home Drive to \\%MyLocalServer%\%UserName% (or whatever).

The problem with this method is making sure that all PC's get the env var. If one doesn't have it set at all, you will see all sorts of errors when users try to login.

Also, it doesn't help with laptops. They will still have the env var set to one site or the other. You don't mention if laptops are an issue, but even if they aren't now, it is something you should consider for the future.

One possibility is to combine the two options, and use the site based GPO's to configure an env var on the PC's and then use that env var in the user profile configuration.

Just some idle thoughts. Hope it is of some use.
Aaron.
 
Upvote 0 Downvote
Oh, incidentally, I used to have exactly the same issue. The way we got around it was to set the users home drive, etc to "Local Drive, H:". This wouldn't actually exist at logon time, but one of the first things the login script would do was to map the H: drive to the nearest File & Print server. We would then force an update of the %HomeShare%, %HomePath% and %HomeDrive% variables.

But Microsoft broke this method with the introduction of MS04-011. Once that patch was installed, it was no longer possible to force the update to the Home* env vars.

Having these variables set incorrectly caused various small but annoying issues. Fortunately, by that stage we had consolidated all our servers into one site, with big pipes between them, so it was no longer needed.

Aaron.
 
Upvote 0 Downvote
My conclusions are as follows:

If the system environment variable works correctly then this is the way to go. I can create a user defined variable called %SITE% on each computer. Then I can set the user profile path as \\%site%\profiles\%username% and the logon script as %site%.vbs. I can manually copy all the predefined profiles from one site to the other to get me started with the roaming profiles and it is not a problem if the profiles become slightly out of sync at the different sites. Therefore DFS is probably unnecessary.

From the Microsoft recommendations it would appear that the two offices should exist as separate "sites" within a single domain. The WAN between the two sites is a VPN so this cannot be classed as a big pipe. A high bandwidth connection (>10Mbps) would be the ideal option but the cost is prohibitive.

Thanks for all your help and suggestions. I will let you know when I get it all working!
 
Upvote 0 Downvote
Can anyone kindly provide me with steps/ howtos to set up a logon script that would map printers.
I need to know the entire process on how it is done as I havent done it before.
Thanks.
 
Upvote 0 Downvote
I agree, start a new thread, but take a look at the login script I posted above as it has the code you need.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark
 
Upvote 0 Downvote
Markdmac,
I have started another thread as well in the same forum. Can you kindly provide tips specific to my issue.
Basically want to map printers, shared Novell drives. I want to know the entire process from start to finish. Links, howtos, tutorials would be great as well.
Thanks.
 
Upvote 0 Downvote
This info is great. I've seen basic VBS scripts that would work wonders here, but being in a mixed OS env. it's next to impossible as far as I know to get Win98 systems to interpret the scripts. I've looked and something I read mentioned the DSclient. Something else said if I had Windows Scripting on it would work then too, but I found that not being the case.

I'm having to use a login.bat that maps drives, but XP and 2000 show the drives disconnected although they're not and you can read in them. I also don't know how to pass a %username% variable in the batch file so it'll map to H:\ in their user dir instead of the root of H: where all names are shown.

I'd rather have the same domain script or batch file for all domain users instead of going to each user and creating a batch file for them.

If it sounds messed up, it is. I can't find an answer or haven't yet. Any response would be appreciated.

Thanks!

-----------------------------
A+ Certified
HP Certified
 
Upvote 0 Downvote
gcobb, you should start a new thread.

Quick answer for you though:

Install WSH 5.6 Engine
Install WMI Core
Install DSClient

The scripts will then run but not from a GPO. You would need to add them to the netlogon directory or if your users are static (by that I mena stay at the same PC all the time) then map them to the login script in the user account properties.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark
 
Upvote 0 Downvote
The user defined system variable doesn't work in the user profile path. I created a system variable called ServerId and then used a user profile path of \\%ServerID%\Profiles\%username% and I get an error stating that the profile path is not found.

%logonserver% didn't work either because I was authenticated by our second server where the profiles were not stored.

However the variable ServerId worked fine for the logon script if I used %ServerId%.bat in the user configuration. I haven't tried configuring this using group policy yet.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
136
ADB100
ADB100
DrB0b
  • Locked
  • Question
RDWeb server getting hit with odd logon requests....
Replies
1
Views
141
DrB0b
DrB0b
Leozack
  • Locked
  • Question
LOGON SPEED : GPO settings vs script reg import etc
Replies
3
Views
123
Leozack
Leozack
jrjetta1
  • Locked
  • Question
Failed logon script
Replies
0
Views
50
jrjetta1
jrjetta1
poohsan
  • Locked
  • Question
Remotely Determine Logon Server
Replies
1
Views
184
itsp1965
itsp1965

Part and Inventory Search

Sponsor

Back
Top