Re: [ActiveDir] Internet Explorer Home Page Question

[Kamlesh Parmar]

Nice to know, that it worked out for you.

 

>I also tried using the /delete to delete the group but if the person isnt in that group the script just  hangs.

I am just curious, Why would u delete the group? also why you require password in the script ?

 

If you just give "add/remove self as member" access it doesn't work thru GUI. You have to specifically go to propery level permission and assign WRITE access on members attribute, then members will be able to manage their membership of group. Give that right to SELF security principal. ( I just tested that again)

 

Also, one caveat, If you have an AD2000 forest or an AD2003 forest running on the Windows 2000 functional level, you should take into account the following warning: If you delegate group management to members, it might create problem if user update their membership on different DC. All members of a group are stored in one multivalued property. If that member list is modified on two domain controllers simultaneously (within replication latency), one of the two changes will be lost.

 

-

Kamlesh

 

On 11/22/05, Craig Gauss <[EMAIL PROTECTED]> wrote:

Been working on this one most of the day.....have it sort of working.

 

Needed to use CPAU from joeware, but there is one problem.  The password is displayed in the batch which is pretty much unsecure and goes against any password policy.  Anyways, I have it adding the user to the correct group upon logon.  It takes a little while though for the user to show in the group.  I also tried using the /delete to delete the group but if the person isnt in that group the script just hangs.

---

From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Micheal S. Mand
Sent: Monday, November 21, 2005 11:46 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Internet Explorer Home Page Question

 

Craig,

 

Quoting what Kamlesh said before your email:

 

"To remove logged-in user, I would use something like

if new-users is Domain Local group then
net localgroup new-users  %username% /delete /domain

if new-users is Domain Global group then
net group new-users  %username% /delete /domain"

 

His email was sent 11/19/2005 10:37 AM. If you didn't get it I can forward that to you.

 

Thanks,

 

Micheal

 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Craig Gauss
Sent: Monday, November 21, 2005 9:09 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Internet Explorer Home Page Question

 

How would you go about removing the user from the group in a login script?

 

---

From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Kamlesh Parmar
Sent: Friday, November 18, 2005 12:11 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Internet Explorer Home Page Question

Building on what James said,

You can make it automatic, create a group New-Users and assign the intranet homepage GPO to this group. and importantly, Allow members to remove themselves from group.

When you create a new user, just make her member of this group.

Make a login script, in the same GPO, which will remove the logged in user from this group.

When user logs in first, time, she is member of this New-Users group, so this GPO applies
and her homepage is set to intranet.
At the same time, login script runs and removes user from that group.
This makes sure that, this GPO is never applied again, as user no longer member of New-Users group. And intranet was set for first login only.

-
Kamlesh

On 11/18/05, Blair, James < [EMAIL PROTECTED]> wrote:

Michael,

 

You could create a new user security group and a GPO for the homepage. Use security filtering so that group only gets the policy. Remove the new users from the group after x days.

 

James

 

---

From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Brian Desmond
Sent: Friday, 18 November 2005 12:29 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Internet Explorer Home Page Question

 

How about a logon script to take care of this? Check for a HKCU key/value. If it's not there, assume it's the first logon and set their homepage and then set the homepage.

 

Thanks,
Brian Desmond

[EMAIL PROTECTED]

 

c - 312.731.3132

 

 

---

From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Micheal S. Mand
Sent: Thursday, November 17, 2005 6:37 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Internet Explorer Home Page Question

 

Hello,

 

I just joined the list, so forgive me if this has been answered already.

 

I've been put to the task of using AD to set the home page of all NEW users to our company intranet, but not override the current user's settings. We want this to happen automatically because we are usually creating new users with little notice, and very little time to make the account active. I've searched and searched all over existence for something related to this, and so far have only come up with some hacks to permanently set every user's home page the same. We want users to be able to change this home page if they wish, without it resetting every time they log in to their machine. If they log into a new machine, we could also set the home page to the intranet, but this isn't as necessary.

 

Has anyone even heard of doing anything like this? Is it even possible?

 

Thanks in advance,

Micheal S. Mand
Network Administrator
Applied Research Associates, Inc.
Email:  [EMAIL PROTECTED]
http://www.ara.com

 

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Fortune and Love befriend the bold"
~~~~~~~~~~~~~~~~~~~~~~~~~~~

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Fortune and Love befriend the bold"
~~~~~~~~~~~~~~~~~~~~~~~~~~~