Good Morning all!
I'm hoping one of you can help with an issue that's come up recently. Our group is
running the following:
Windows 2003 AD Controller (single forest/single domain)
Windows XP Professional Workstations (SP1 and latest patches)
We need to have a logon script capable of some basic mappings, as well as a few
special drive mappings based on group membership. I've attached all of our logon
script attempts to date for your reference. The first logon script accomplished most
of what we wanted, except the IsMEMBER program we used wouldn't work (it mapped the
drive for everyone)
The second script was a two-part process, based on some recommendations I've seen on
this and other boards. The .BAT file calls the VBS script, which does seem to map the
drives according to specific group memberships.
Our problem.....this BAT file doesn't seem to run when a user logs onto our network.
Originally, we placed the script in the NETLOGON directory and that (the first script)
would run just fine. This script, the new one, doesn't seem to run that same way.
Authenticated users have access to the files, but the script doesn't seem to run.
Launch the BAT file manually....Voila!
The only GPO we have in use is the Default Domain Policy GPO, which locks our
workstation policy in place. I've tried attaching this BAT file/script to the "Logon"
script process in the GPO User Configuration, as well as launching it on startup.
Nothing seems to work.
Can anyone assist with this? Or maybe point me in a better direction?
TIA,
-Steve
' Logon1.vbs
' VBScript logon script program.
'
' ----------------------------------------------------------------------
' Copyright (c) 2002 Richard L. Mueller
' Version 1.0 - November 10, 2002
' Version 1.1 - February 19, 2003 - Standardize Hungarian notation.
' Version 1.2 - June 10, 2003 - Map user home directory.
' Do not test computer group membership.
'
' This program demonstrates how to bind to the user object, test for
' user group membership, map network shares according to user group
' membership, and connect shared printers. The IsMember function used
' keeps track of user group memberships in a dictionary object. Since
' the WinNT provider is used, the IsMember function reveals membership
' in the "Primary Group", but does not reveal "Nested Group"
' memberships. It cannot be used to test computer group membership. The
' NetBIOS domain name is hardcoded.
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.
Option Explicit
Dim objGroupList, objUser, strGroup, objNetwork, strNTName
Dim strNetBIOSDomain, strHomeDrive, strHomeShare
' NetBIOS Domain name.
strNetBIOSDomain = "EXECDIR"
Set objNetwork = CreateObject("Wscript.Network")
' Loop required for Win9x clients during logon.
strNTName = ""
On Error Resume Next
Err.Clear
Do While strNTName = ""
strNTName = objNetwork.userName
Err.Clear
If Wscript.Version > 5 Then
Wscript.Sleep 100
End If
Loop
On Error GoTo 0
' Bind to the user object in Active Directory with the WinNT provider.
Set objUser = GetObject("WinNT://" & strNetBIOSDomain & "/" _
& strNTName & ",user")
' Map user home directory.
strHomeShare = objUser.homeDirectory
If strHomeShare <> "" Then
strHomeDrive = objUser.homeDirDrive
If strHomeDrive = "" Then
strHomeDrive = "H:"
End If
On Error Resume Next
Err.Clear
objNetwork.MapNetworkDrive strHomeDrive, strHomeShare
If Err.Number <> 0 Then
Err.Clear
On Error GoTo 0
objNetwork.RemoveNetworkDrive strHomeDrive, True, True
objNetwork.MapNetworkDrive strHomeDrive, strHomeShare
End If
On Error GoTo 0
End If
' Map the General Drives for All users.
strGroup = "Domain Users"
If IsMember(strGroup) Then
On Error Resume Next
Err.Clear
objNetwork.MapNetworkDrive "F:", "\\EDI2K3FS01\APPS"
objNetwork.MapNetworkDrive "G:", "\\EDI2K3FS01\CLIENTS"
objNetwork.RemoveNetworkDrive "M:", True, True
If Err.Number <> 0 Then
Err.Clear
On Error GoTo 0
objNetwork.RemoveNetworkDrive "F:", True, True
objNetwork.MapNetworkDrive "F:", "\\EDI2K3FS01\APPS"
objNetwork.RemoveNetworkDrive "G:", True, True
objNetwork.MapNetworkDrive "G:", "\\EDI2K3FS01\CLIENTS"
End If
On Error GoTo 0
End If
' Map a drive if the user is a member of the group.
strGroup = "Accounting"
If IsMember(strGroup) Then
On Error Resume Next
Err.Clear
objNetwork.MapNetworkDrive "M:", "\\EDI2KAP02\APP"
If Err.Number <> 0 Then
Err.Clear
On Error GoTo 0
objNetwork.RemoveNetworkDrive "M:", True, True
objNetwork.MapNetworkDrive "M:", "\\EDI2KAP02\APP"
End If
On Error GoTo 0
End If
' Add the shared printer connection.
' objNetwork.AddPrinterConnection "LPT1:", "\\PrintServer\Printer1"
' Clean up.
Set objGroupList = Nothing
Set objUser = Nothing
Set objNetwork = Nothing
Function IsMember(strGroup)
' Function to test for user group membership.
' strGroup is the NT name (sAMAccountName) of the group to test.
' objGroupList is a dictionary object, with global scope.
' Returns True if the user is a member of the group.
If IsEmpty(objGroupList) Then
Call LoadGroups
End If
IsMember = objGroupList.Exists(strGroup)
End Function
Sub LoadGroups
' Subroutine to populate dictionary object with group memberships.
' objUser is the user object, with global scope.
' objGroupList is a dictionary object, with global scope.
Dim objGroup
Set objGroupList = CreateObject("Scripting.Dictionary")
objGroupList.CompareMode = vbTextCompare
For Each objGroup In objUser.Groups
objGroupList(objGroup.name) = True
Next
Set objGroup = Nothing
End Sub
REM ************************Network Login Script********************************
REM *****************Executive Director, Incorporated***************************
REM ******************** as of September 19, 2003*******************************
REM *****************Unmapping of Drives****************************************
REM
IF EXIST F:\*.* NET USE F: /DELETE
IF EXIST G:\*.* NET USE G: /DELETE
IF EXIST M:\*.* NET USE M: /DELETE
IF EXIST Y:\*.* NET USE Y: /DELETE
IF EXIST Z:\*.* NET USE Z: /DELETE
REM
REM ****************************************************************************
REM *****************IF MEMBER OF ACCOUNTING****************************************
REM
IFMEMBER "EXECDIR\Accounting"
IFNOT ERRORLEVEL 1 GOTO COMMON
NET USE M: \\EDI2KAP01\VP2000
REM
REM ****************************************************************************
:COMMON
REM *****************Mapping of Drives for All Users****************************
REM
NET USE F: \\EDI2K3FS01\APPS
NET USE G: \\EDI2K3FS01\DATA
REM
REM ****************************************************************************
@echo off
REM ** NetLogon.bat
REM ** Logon script batch file
REM ** Copyright (c) 2002 Richard L. Mueller
REM ** Email: [EMAIL PROTECTED]
REM ** Version 1.0 - November 19, 2002
REM **
REM ** You have a royalty-free right to use, modify, reproduce, or distribute
REM ** this batch file in any way you find useful, provided that you agree
REM ** that the copyright owner above has no warranty, obligations, or
REM ** liability for such use.
REM ** Synchronize time with server.
REM ** This only works on Win9x clients.
REM ** Normal users on NT, W2k, and XP cannot set the time.
REM net time \\EDI2K3DC01 /set /yes
REM ** Check for 32-bit Windows.
REM If "%windir%"=="" goto NO_WIN
REM If exist %windir%\system\kernel32.dll goto WIN_OK
REM If exist %windir%\system32\kernel32.dll goto WIN_OK
REM ** 16-bit Windows or DOS.
REM goto NO_WIN
REM :WIN_OK
REM ** Execute VBScript logon script program.
wscript \\Edi2k3dc01\LOGON\Logon.vbs
REM goto EXIT
REM :NO_WIN
REM ** VBScript programs not supported.
REM If exist %0\..\DosLogon.bat call %0\..\DosLogon.bat
REM goto EXIT
:EXIT
