Using NT 4.0 server with lastest security updates. Clients are W2k. Currently using net use statements in login.bat file to map drives. We now have a need to map drives per group membership. How can I do this?
Ok, have ifmember installed and part of the path statement. If I create a login.bat file and have every user logging in using it, should the following work? Also, on the last section; how do I get all the groups to map the last 3 drives?
ifmember accounting
if not errorlevel 1 exit
net use F: \\pandora\accounting /persistent:no
ifmember marketing
if not errorlevel exit
net use m: "\\pandora\MarketingSales" /persistent:no
net use o: \\mbomer\GoldMine /persistent:no
ifmember programs
if not errorlevel exit
net use E: \\pandora\programs /persistent:no
nET use I:\\pandora\execadmin /persistent:no
ifmember hr
if not errorlevel exit
net use r: \\pandora\hr /persistent:no
rem How do I get all the users to map the follwing 3 drives?
rem net use n: \\pandora\psware /persistent:no
rem net use s: \\pandora\software /persistent:no
rem net use p: \\server\psware /persistent:no
I'm doing the exact same thing, but I have 3 BDC's on different segment, how does that login.bat script file gets replicated and where should it be placed.
Andy: Can you send me a copy of the ifmember.exe and let me know where (which Domain Controller) it should be and which folder.
As a test, I logged in as a user who has membership to some of the groups, all the drives get mapped but only access to the correct groups is accessed. I do not want the other drives to be visable drives. Any ideas?
Below is my login.bat file:
net use n: \\pandora\psware /persistent:no
net use s: \\pandora\software /persistent:no
net use p: \\server\psware /persistent:no
ifmember accounting
if not errorlevel 1 exit
net use F: \\pandora\accounting /persistent:no
ifmember bphone
if not errorlevel 1 exit
net use G: \\pandora\bphone /persistent:no
ifmember marketing
if not errorlevel 1 exit
net use m: "\\pandora\MarketingSales" /persistent:no
net use o: \\mbomer\GoldMine /persistent:no
ifmember programs
if not errorlevel 1 exit
net use E: \\pandora\programs /persistent:no
net use I:\\pandora\execadmin /persistent:no
ifmember hr
if not errorlevel 1 exit
net use r: \\pandora\hr /persistent:no
ifmember smiths engineering
if not errorlevel 1 exit
net use q: \\pandora\smiths\smiths_engineering
ifmember smiths marketing
if not errorlevel 1 exit
net use t: \\pandora\smiths\smiths_marketing
try replacing exit with "goto exit" and create an "exit" label at the end of the script. Also you will need to use quotes " when your group name contains a space :-
If each user is only in one group
ifmember "smiths engineering"
if not errorlevel 1 goto exit
net use q: \\pandora\smiths\smiths_engineering
ifmember "smiths marketing"
if not errorlevel 1 goto exit
net use t: \\pandora\smiths\smiths_marketing
:exit
Or if multiple groups
ifmember "smiths engineering"
if not errorlevel 1 goto SmithsMarketing
net use q: \\pandora\smiths\smiths_engineering
:SmithsMarketing
ifmember "smiths marketing"
if not errorlevel 1 goto exit
net use t: \\pandora\smiths\smiths_marketing
Ok, created the new script, following NortonES2's advise. The 1st section below is the 1st 2 group statements in my batch file, the 2nd section is the error response when the batch file runs at login. The errors repeat for all the groups. ifmember is installed on the NT server.
ifmember accounting
if not errorlevel 1 goto bphone
net use F: \\pandora\accounting /persistent:no
:bphone
ifmember bphone
if not errorlevel 1 goto marketing
net use G: \\pandora\bphone /persistent:no
--------
U:\>ifmember accounting
'ifmember' is not recognized as an internal or external command,
operable program or batch file.
U:\>if not errorlevel 1 goto bphone
U:\>net use F: \\pandora\accounting /persistent:no
The command completed successfully.
U:\>ifmember bphone
'ifmember' is not recognized as an internal or external command,
operable program or batch file.
You need to copy the ifmember.exe to the c:\winnt\system32 and the c:\winnt\system folder of the NT Domain Controller (PDC and BDC's)that the users are authenticating to, if you have Replication configured, it will automatically replicated to the BDC, but I copy mine for good measure.
Also you may want to copy it to the c:\winnt\system32\repl\import\scripts folder.
At at DOS prompt type PATH on the PDC and this will give you an indication which directories are scanned when the ifmember.exe is processed.
I had the same issue, during my install.
Below is my login.bat which works like a charm:
rem Remote group Login Script ******
@echo off
ifmember TXGROUP
if not errorlevel 1 goto LA
NET USE H: \\nbtxdc\home
NET USe N: \\nbtxdc\apps
:LA
ifmember LAGROUP
if not errorlevel 1 goto MI
NET USE H: \\nbtxdc\home
NET USe N: \\nbtxdc\apps
:MI
ifmember MIGROUP
if not errorlevel 1 goto IT
NET USE H: \\nbtxdc\home
NET USe N: \\nbtxdc\apps
:IT
ifmember ITGroup
if not errorlevel 1 goto end
NET USE M: \\nbtxdc\home
NET USe K: \\nbtxdc\apps
OK but, the logon script runs on the local machine so you need to copy ifmember.exe to a directory that is in the path on the pc. Below is the first line of our logon script that achieves this.
It is now working!!!!!
I did not have to copy ifmember.exe to the workstations at all. Once I copied ifmember.exe to:
"copy the ifmember.exe to the c:\winnt\system32 and the c:\winnt\system folder of the NT Domain Controller"
The bat file worked.
Thank you guys for the assistance with this it is appreciated.
This is great information. There are other options, Kix32, testgrp.exe, ect., but they all have there share of problems! I currently am useing a product that work flawlessly except for one drawback. I have discovered that in a mutli-dc enviroment where a star, spoke, network design has been implimented the testgrp.exe will not verify that the login user is a member of the specified group if the circuit is broken. This is a problem due to the need to insure that the login user can still get to data, drive mappings, to the servers on his side of the wire "Local LAN" So my question about ifmember.exe is "Has anyone ever deployed this solution is an enterprise enviroment with muti remote locations? Each remote having a BDC for fault tolerence regarding attenication and to reduce the need to have addition traffic go accross the WAN ciruits. If you have tested this what happened in the event of a ciruit outage? Did the ifmember.exe arp out the request for athenication, hence the bdc answered the call or did the script through errors?
Recall, that the BDC's in your remote offices (I have exactly same configuration - BDC at each site over Frame Relay) are requested to Sync up databases with the PDC, if I recall correctly, this happens every 12 mins.
So, now that your circuit is down, the BDC (local to the user) handles the authentication because it has the group memberships (unless you're adding users to groups constantly) and knows how to process the ifmember.exe call.
But, there's no better way to test this out than yanking the circuit late one evening.
I'm haveing alittle trouble and need help. We have been useing a logon.bat file from some time. we have just been mapping all drives and if your not a member, you just dont get access. I installed ifmember and wrote at new bat and here is a part of it:
:ENG
ifmember Engineering
if not errorlevel 1 goto MS
net use g: \\server1\engineering
:MS
ifmember MarketingandSales
if not errorlevel 1 goto TDT
net use k: \\server1\Marketingandsales
I put drives everyone needs access to, at the top of the bat file.
Ok the problem is on the local machine, XP is remembering the mapped drives. So before, as not a member of Engineering, you would get the drive mapped but not have access. I put a few pauses in the bat file to watch it. it does step over that line, but XP is still mapping it. If I unmap the drive locally the bat file workes. When i move to another machine I used with the old bat, it still gets Engineering mapped.
I guess i need a line where errorlevel 0 then unnet use.... I don't know the command to unmap the drive.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.