Logon Script

[zatblast]

Working on a project for an experiential learning class and well... I got asked to take care of the logon script, we're not ready to fully implement it yet, and I myself am not "good" with scripts, but I tried and this is what I have. I am wondering if someone that is knowledgeable could take a lookover and point out any mistakes-I can do more research as to why its wrong if I know to look at things.

Thanks for any help.

The goal of this script is to detect which group the user is a part of and then give the proper shares for the department. Payroll will have access to every department's "Payroll" share.

Department Key: HR, Accounting=ACT, Payroll=PYR, IT, Admin=AD, Production=PRD, Custodial=CST



Const ACT_GROUP = "cn=Accounting"
Const AD_GROUP = "cn=Admin"
Const CST_GROUP = "cn=Custodial"
Const HR_GROUP = "cn=Human Resources"
Const IT_GROUP = "cn=IT"
Const PYR_GROUP = "cn=Payroll"
Const PRD_GROUP = "cn=Production"



Set wshNetwork = CreateObject("WScript.Network")


Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" &
ADSysInfo.UserName)
strGroups = LCase(Join(CurrentUser.MemberOf))

If InStr(strGroups, ACT_GROUP) Then

wshNetwork.MapNetworkDrive "N:",
"\\FileServer\Accounting\Department\"
wshNetwork.MapNetworkDrive "M:",
"\\FileServer\Accounting\Users\" & wshNetwork.UserName
wshNetwork.MapNetworkDrive "O:",
"\\FileServer\Accounting\ACTPayroll\"

ElseIf InStr(strGroups, AD_GROUP) Then

wshNetwork.MapNetworkDrive "N:",
"\\FileServer\Admin\Department\"
wshNetwork.MapNetworkDrive "M:",
"\\FileServer\Admin\Users\" & wshNetwork.UserName
wshNetwork.MapNetworkDrive "O:",
"\\FileServer\Admin\ADPayroll\"

ElseIf InStr(strGroups, CST_GROUP) Then

wshNetwork.MapNetworkDrive "N:",
"\\FileServer\Custodial\Department\"
wshNetwork.MapNetworkDrive "M:",
"\\FileServer\Custodial\Users\" & wshNetwork.UserName
wshNetwork.MapNetworkDrive "O:",
"\\FileServer\Custodial\CSTPayroll\"

ElseIf InStr(strGroups, HR_GROUP) Then

wshNetwork.MapNetworkDrive "g:",
"\\FileServer\Human Resources\Department\"
wshNetwork.MapNetworkDrive "M:",
"\\FileServer\Human Resources\Users\" & wshNetwork.UserName
wshNetwork.MapNetworkDrive "O:",
"\\FileServer\Human Resources\HRPayroll\"

ElseIf InStr(strGroups, IT_GROUP) Then

wshNetwork.MapNetworkDrive "g:",
"\\FileServer\IT\Department\"
wshNetwork.MapNetworkDrive "M:",
"\\FileServer\IT\Users\" & wshNetwork.UserName
wshNetwork.MapNetworkDrive "O:",
"\\FileServer\IT\ITPayroll\"

ElseIf InStr(strGroups, PYR_GROUP) Then

wshNetwork.MapNetworkDrive "g:",
"\\FileServer\Payroll\Department\"
wshNetwork.MapNetworkDrive "M:",
"\\FileServer\Payroll\Users\" & wshNetwork.UserName
wshNetwork.MapNetworkDrive "O:",
"\\FileServer\Payroll\PYRPayroll\"

wshNetwork.MapNetworkDrive "Q:",
"\\FileServer\Accounting\ACTPayroll\"
wshNetwork.MapNetworkDrive "R:",
"\\FileServer\Admin\ADPayroll\"
wshNetwork.MapNetworkDrive "S:",
"\\FileServer\Custodial\CSTPayroll\"
wshNetwork.MapNetworkDrive "T:",
"\\FileServer\Human Resources\HRPayroll\"
wshNetwork.MapNetworkDrive "U:",
"\\FileServer\IT\ITPayroll\"
wshNetwork.MapNetworkDrive "V:",
"\\FileServer\Production\PRDPayroll\"

ElseIf InStr(strGroups, PRD_GROUP) Then

wshNetwork.MapNetworkDrive "g:",
"\\FileServer\Production\Department\"
wshNetwork.MapNetworkDrive "M:",
"\\FileServer\Production\Users\" & wshNetwork.UserName
wshNetwork.MapNetworkDrive "O:",
"\\FileServer\Production\PRDPayroll\"

End If

 

[wimwauters]

Why aren't you relying on the user profile to remember the drive letter mapping?

 

[zatblast]

Why aren't you relying on the user profile to remember the drive letter mapping?

The environment being a simulation of sorts will require that 3 end user devices have the ability to be logged into via any departmental employee and function as if it was meant for them. I believe that disconnecting the drives on logoff and then connecting any drives that specific employee needs would be the best way to go about this.

I guess in short the goal isn't for the computer to maintain a record of the drives it can map, rather, we want that to be done every time someone logs in so that we don't get overlapping shares.

 

[wimwauters]

OK, given that you are integrating with AD, your question might be better off on serverfault.com (a forum/social-networking site for sysadmins)

 

[pceinc]

This should help you sort it out.

http://www.computerperformance.co.uk/vbscript/index.htm

 

[zatblast]

@wimwauters
tyvm, i really didn't think to post it on a server forum even though that would be the obvious choice, guess i'm just more comfortable posting here xD thanks for the link

@pceinc
i've actually been using that site and a few others to piece this login script together, i "think" it's right but atm we don't have the servers or machines setup just yet so hoping to get some feedback on whether or not I can even expect it to work when we are ready to implement it lol... being a total novice at something is sad but that's the world of learning

again, thanks both of you

 

[pceinc]

I can give you a few tips for debugging and testing scripts.

1) Make sure the scripts are in a shared folder accessible by everyone such as sysvol\scripts. You may already know this.

2) No need to log on and off a million times to test and debug. Simply open the folder where the scripts are located and click to execute. If you get an error it's easier to step through the script, modify, and then run it again.

3) If your in a Win Vista/7 environment, you'll most likely need to disabled UAC to get your scripts to work.

4) If your using Windows 2008, ditch the scripts and use group policy. Mapping drives and objects is much easier to do with the new GPO's built into Windows 2008.

P.S. - You'll find it's easier for a novice to use more than once script rather than trying to develop one to do it all.

 

[vdub12]

One tip I would suggest is to make sure you disconnect all shares before adding more.

For instance if one person logs on with some shares make sure the next time the script runs all the possible shares are deleted.

Example would be if you had user 1 with X Y & Z shares and user 2 With just X & Z if user 1 logged on and then user 2 user 2 would have access to the Y share.

Here is a script I wrote in AutoIT that will make Windows XP home remember network passwords.

Run("cmd /c net use Y: /delete", "", @SW_HIDE)
Run("cmd /c net use Z: /delete", "", @SW_HIDE)
Run("cmd /c net use Y: \\server\share /user:username password", "", @SW_HIDE)
Run("cmd /c net use Z: \\server\share /user:username password", "", @SW_HIDE)

This script saved many calls from a specific client that had a POS system that ran XP home. Every time the system rebooted they where calling me saying "it is doing it again" I complied this script and put it in the system startup and I haven't gotten a call since.

 

[DList]

I don't have access to that particular script that i wrote like 8 years ago as i don't work at that place anymore. This was written in kix32 and was pretty straighforward

In your case it would look similar to that:

If InGroup("IT_GROUP", "HR_GROUP") = 1
Use N: “\\FileServer\Custodial\Department\”
EndIf

Google kix32, it's simple yet powerful enough to do what you need.