Friday, 10 September 2010

Windows Server 2000/2003 VBScript Logon Script

I just discovered a logon script that I created in 2003, possibly for Windows Server 2000/2003. It maps resources based on the user logging in and the groups of which the user is a member. All users are given this one script and this one script fits all. The script required that all users requiring a single resource were members of a named Group.

I am posting it for a keepsake...

The Login script is stored in a Profile Folder on each domain controller in the C:\WINNT\SYSVOL folder. Namely:

C:\WINNT\SYSVOL\sysvol\mydomain.local\Policies\{43E365AC-BD01-4082-9780-A5E227CA2E2D}\User\Scripts\Logon\LogonScript.VBS

The users' drives are mapped according to which group they are a member of and if they have individually mapped drives then this is also done in the script.

See below which groups are important. When moving a user from one group to another (DeptA to DeptB) all that is necessary is to change their group membership and the relevant drives will be mapped when they next log in.

LogonScript.VBS

Option Explicit
On error resume next

' Declare Variables

Dim oNet, colDrives, i, sUser

' Dim wshShell - reserved for setting printers
Dim ADSysInfo, CurrentUser, strGroups, myUserName
Dim userServer, fileServer, printServer, fileServerBack
Dim nyAccounts, lonAccounts, launchServer

' Set Server Names

userServer = "\\server01.mydomain.local\"
printServer = "\\server01.mydomain.local\"
fileServer = "\\server01.mydomain.local\"
lonAccounts = "\\server02.mydomain.local\Accounts"
launchServer = "\\server02.mydomain.local\"

' NY folder shared over permanent WAN VPN
nyAccounts = "\\ny-server01.mydomain.com\office_admin"

' Set Helper objects

Set oNet = CreateObject("WScript.Network")
Set ADSysInfo = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & ADSysInfo.Username)

' Set wshShell = CreateObject("WScript.Shell") - reserved for setting printers

sUser = oNet.UserName
' - gets the username, ie user2, user3, etc from the Network Object

' If..Then.. Script for LimitedUsers to prevent drive mappings
If sUser <> "limitedUserA" Then

     ' Get Username, Full Name and Groups user is member of
     strGroups = LCase(Join(CurrentUser.MemberOf))
     myUserName = Right(CurrentUser.Name, Len(CurrentUser.Name)-3)

     ' Remove mapped drives

     Set colDrives = oNet.EnumNetworkDrives
     For i = 0 to colDrives.Count - 1 Step 2
          oNet.RemoveNetworkDrive(colDrives.Item(i))
     Next

     ' Map allowed drives

     ' Home Drive (shared with following $)
     oNet.MapNetworkDrive "H:", userServer & SUser & "$"

     ' Shared Drives
     oNet.MapNetworkDrive "P:", fileServer & "Shared"

     ' Group Specific Drives
     If InStr(strGroups, "cn=itsupport,") > 0 or sUser = "administrator" Then
          oNet.MapNetworkDrive "R:", fileServer & "recovery$"
          oNet.MapNetworkDrive "Z:", fileServer & "applications$"
     End If

     If InStr(strGroups, "cn=deptA,") > 0 Then
          oNet.MapNetworkDrive "N:", fileServer & "deptA"
     End If

     If InStr(strGroups, "cn=deptB,") > 0 Then
          oNet.MapNetworkDrive "L:", fileServer & "deptB"
     End If

     If InStr(strGroups, "cn=managers,") > 0 Then
          oNet.MapNetworkDrive "L:", fileServer & "deptB"
          oNet.MapNetworkDrive "M:", fileServer & "Management"
          oNet.MapNetworkDrive "N:", fileserver & "deptA"
     End If

     If InStr(strGroups, "cn=support,") > 0 Then
          oNet.MapNetworkDrive "L:", fileServer & "deptB"
          oNet.MapNetworkDrive "N:", fileserver & "deptA"
          oNet.MapNetworkDrive "S:", fileServer & "Support"
     End if

     If Instr(strGroups, "cn=sageline,") > 0 Then
          oNet.MapNetworkDrive "Q:", lonAccounts
     End If

     If Instr(strGroups, "cn=launch sec,") > 0 Then
          oNet.MapNetworkDrive "L:", fileServer & "deptB"
          oNet.MapNetworkDrive "K:", launchServer & "Launch$"
     End If

     ' User-specific Drives - acctUserA, acctUserB, etc
     ' Two users can see the other user's home drive

     If sUser = "acctUserA" Then
          oNet.MapNetworkDrive "G:", userServer & "acctUserB$"
          oNet.MapNetworkDrive "W:", nyAccounts
     End If

     If sUser = "acctUserB" Then
          oNet.MapNetworkDrive "G:", userServer & "acctUserA$"
          oNet.MapNetworkDrive "W:", nyAccounts
     End If

     ' specific resources required by one user only

     If sUser = "UserC" then
          oNet.MapNetworkDrive "E:", "\\server03\data", , "server03data", ""
     End if

     If sUser = "UserD" then
          oNet.MapNetworkDrive "Z:", fileServer & "applications$"
     End if

     ' Other Drives

     ' Printers - sample - not in place yet

     'If InStr(strGroups, "cn=deptE,") > 0 or sUser = "administrator" Then
          ' oNet.AddPrinterConnection "Invoicing", "\\server01\Invoicing"
          ' oNet.SetDefaultPrinter "Invoicing"
     'End If

End If    ' - ends If not LimitedUser
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)