| Author |
Message |
Nassur
Guest
|
 Posted:
Thu Jan 06, 2005 10:17 pm Post subject:
Login Script by the group a user is a member of |
|
|
I am trying to get the login script to check for the group a user is a member
of and have it give map the drives and give the neccssary desktop short cuts
for their job function. Everything in the script works fine execpt for when
it pulls in what they are a member of. I created security groups that are
strictly used for logging in. The script is pasted below.. Let me know if
you might have any Ideas... Thanks for any help.
'------------------------logon.vbs--------------------------------
Option Explicit
' Variable Declaration
Dim objNetwork, objUser, CurrentUser, objEnvar
Dim strGroup, WshNetwork, oFso, objShell, strUserVar
' Security groups used for logins scripts
Const Admin_Group = "cn=Nash-IT-Staff"
Const Manager_Group = "cn=Nash-Manager-Staff"
Const QM_Group = "cn=Nash-QM-Staff"
Const Trn_Group = "cn=Nash-Training-Staff"
Const Supv_Group = "cn=Nash-Supv-Staff"
Const Asthma_Group = "cn=Nash-Asthma-Nurses"
Const Diabetes_Group = "cn=Nash-Diabetes-Nurses"
Const Peds_Group = "cn=Nash-Peds-Nurses"
Const Support_Group = "cn=Nash-Admin-Staff"
Const Cardiac_Group = "cn=Nash-Cardiac-Nurses"
Const NewUsers_Group = "cn=Nash-Training-Nurses"
' Initialize Objects
Set oFSO = CreateObject ("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")
Set objNetwork = CreateObject("WScript.Network")
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set objUser = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & objUser.UserName)
strGroup = LCase(Join(CurrentUser.MemberOf))
' Figure out what UserProfile is
Set objEnVar = objShell.Environment("PROCESS")
strUserVar = objEnVar.Item("UserProfile")
' Forces script to skip errors (rem below line to see errors)
on error resume next
' Set all drives to be removed here.
WshNetwork.RemoveNetworkDrive "h:"
WshNetwork.RemoveNetworkDrive "i:"
WshNetwork.RemoveNetworkDrive "j:"
WshNetwork.RemoveNetworkDrive "k:"
WshNetwork.RemoveNetworkDrive "l:"
WshNetwork.RemoveNetworkDrive "m:"
WshNetwork.RemoveNetworkDrive "n:"
WshNetwork.RemoveNetworkDrive "o:"
WshNetwork.RemoveNetworkDrive "p:"
WshNetwork.RemoveNetworkDrive "q:"
WshNetwork.RemoveNetworkDrive "r:"
WshNetwork.RemoveNetworkDrive "s:"
WshNetwork.RemoveNetworkDrive "t:"
WshNetwork.RemoveNetworkDrive "u:"
WshNetwork.RemoveNetworkDrive "v:"
WshNetwork.RemoveNetworkDrive "w:"
WshNetwork.RemoveNetworkDrive "x:"
WshNetwork.RemoveNetworkDrive "y:"
WshNetwork.RemoveNetworkDrive "z:"
' Maps drives all users need.
objNetwork.MapNetworkDrive "k:", "\\nashnt1\share\" _
& objNetwork.UserName
objNetwork.MapNetworkDrive "p:", "\\hmcnt3\public"
objNetwork.MapNetworkDrive "n:", "\\nashnt1\nashvillepublic"
If InStr(strGroup, Admin_Group) Then
' add special drive mappings here.
objNetwork.MapNetworkDrive "i:", "\\nashnt1\ISSOFTWARE"
objNetwork.MapNetworkDrive "u:", "\\nashnt1\share"
' Copy the files to desktop
oFSO.CopyFile "\\nashnt1\issoftware\batchfiles\QM-Trn\*.*", strUservar &
"\Desktop", TRUE
oFSO.CopyFolder "\\nashnt1\issoftware\batchfiles\QM-Trn\*.*", strUservar &
"\Desktop", TRUE
Dim net
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashp1"
net.AddWindowsPrinterConnection "\\nashp1\nashp2"
net.AddWindowsPrinterConnection "\\nashp1\nashclr"
net.AddWindowsPrinterConnection "\\nashp1\nashlinda"
net.AddWindowsPrinterConnection "\\nashp1\nashdonna"
net.AddWindowsPrinterConnection "\\nashp1\nashjudy"
net.AddWindowsPrinterConnection "\\nashp1\nashphyllis"
net.AddWindowsPrinterConnection "\\nashp1\nashcarolyn"
net.AddWindowsPrinterConnection "\\nashp1\nashglenda"
net.AddWindowsPrinterConnection "\\nashp1\nashnancy"
'Removed the below line because if I log into another users workstation it
set this as default printer for them if one is not set
net.SetDefaultPrinter "\\nashp1\nashp1"
ElseIf InStr(strGroup, Manager-Group) Then
' add special drive mappings here.
' Copy the files to desktop
oFSO.CopyFile "\\nashnt1\issoftware\batchfiles\nurses\*.*", strUservar &
"\Desktop", TRUE
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashclr"
ElseIf InStr(strGroup, QM_Group) Then
' add special drive mappings here.
' Copy the files to desktop
oFSO.CopyFile "\\nashnt1\issoftware\batchfiles\QM-Trn\*.*", strUservar &
"\Desktop", TRUE
oFSO.CopyFolder "\\nashnt1\issoftware\batchfiles\QM-Trn\*.*", strUservar &
"\Desktop", TRUE
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashclr"
net.AddWindowsPrinterConnection "\\nashp1\nashglenda"
net.SetDefaultPrinter "\\nashp1\nashglenda"
ElseIf InStr(strGroup, nash-training-staff) Then
' add special drive mappings here.
' Copy the files to desktop
oFSO.CopyFile "\\nashnt1\issoftware\batchfiles\QM-Trn\*.*", strUservar &
"\Desktop", TRUE
oFSO.CopyFolder "\\nashnt1\issoftware\batchfiles\QM-Trn\*.*", strUservar &
"\Desktop", TRUE
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashp1"
net.AddWindowsPrinterConnection "\\nashp1\nashclr"
net.SetDefaultPrinter "\\nashp1\nashp1"
ElseIf InStr(strGroup, Supv_Group) Then
' add special drive mappings here.
' Copy the files to desktop
oFSO.CopyFile "\\nashnt1\issoftware\batchfiles\Nurses\*.*", strUservar &
"\Desktop", TRUE
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashclr"
ElseIf InStr(strGroup, Diabetes_Group) Then
' add special drive mappings here.
' Copy the files to desktop
oFSO.CopyFile "\\nashnt1\issoftware\batchfiles\Nurses\*.*", strUservar &
"\Desktop", TRUE
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashp1"
net.AddWindowsPrinterConnection "\\nashp1\nashp2"
net.SetDefaultPrinter "\\nashp1\nashp2"
ElseIf InStr(strGroup, Cardiac_Group) Then
' add special drive mappings here.
' Copy the files to desktop
oFSO.CopyFile "\\nashnt1\issoftware\batchfiles\Nurses\*.*", strUservar &
"\Desktop", TRUE
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashp1"
net.AddWindowsPrinterConnection "\\nashp1\nashp2"
net.SetDefaultPrinter "\\nashp1\nashp1"
ElseIf InStr(strGroup, Peds_Group) Then
' add special drive mappings here.
' Copy the files to desktop
oFSO.CopyFile "\\nashnt1\issoftware\batchfiles\Nurses\*.*", strUservar &
"\Desktop", TRUE
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashp1"
net.AddWindowsPrinterConnection "\\nashp1\nashp2"
net.SetDefaultPrinter "\\nashp1\nashp1"
ElseIf InStr(strGroup, Asthma_Group) Then
' add special drive mappings here.
' Copy the files to desktop
oFSO.CopyFile "\\nashnt1\issoftware\batchfiles\Nurses\*.*", strUservar &
"\Desktop", TRUE
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashp1"
net.AddWindowsPrinterConnection "\\nashp1\nashp2"
net.SetDefaultPrinter "\\nashp1\nashp1"
ElseIf InStr(strGroup, Support_Group) Then
' add special drive mappings here.
' Copy the files to desktop
oFSO.CopyFile "\\nashnt1\issoftware\batchfiles\Support\*.*", strUservar &
"\Desktop", TRUE
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashclr"
ElseIf InStr(strGroup, NewUsers_Group) Then
' add special drive mappings here.
' Copy the files to desktop
oFSO.CopyFile "\\nashnt1\ISSOFTWARE\batchfiles\training\*.*", strUservar &
"\Desktop", TRUE
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashp1"
net.SetDefaultPrinter "\\nashp1\nashp1"
End If
WScript.Quit
' End of Script. |
|
| Back to top |
|
 |
Ray Costanzo [MVP]
Guest
|
| Posted:
Thu Jan 06, 2005 10:37 pm Post subject:
Re: Login Script by the group a user is a member of |
|
|
It kinda helps to give us a clue as to what is not working, what line
an error occurs on, what results you're getting, or something along
those lines instead of just posting 227 lines of code saying
something isn't working fine. Can you give us a few specifics and
trim away the irrelevant code, perhaps?
--
Ray at work
Microsoft ASP/ASP.NET MVP
"Nassur" <Nassur@discussions.microsoft.com> wrote in message
news:2FC14EE7-4560-4064-81EF-65849B85B4E1@microsoft.com...
| Quote: | I am trying to get the login script to check for the group a user
is a member
of and have it give map the drives and give the neccssary desktop
short cuts
for their job function. Everything in the script works fine execpt
for when
it pulls in what they are a member of. I created security groups
that are
strictly used for logging in. The script is pasted below.. Let me
know if
you might have any Ideas... Thanks for any help.
'------------------------logon.vbs--------------------------------
Option Explicit
... |
|
|
| Back to top |
|
|
Nassur
Guest
|
| Posted:
Fri Jan 07, 2005 2:39 am Post subject:
Re: Login Script by the group a user is a member of |
|
|
I am not receiving any errors form the script, the problem is when I
associate a test user to one of the security groups for logging in it does
not run the correct part of the script.
Example I associate the user to the Nash-QM-Staff security group, instead of
running the section of the Vb script for Nash-QM-Staff, it will run the part
for Nash-Managers. I am setting the security groups to a Const in the top
part of the script. I have check and the user is in not member of any other
groups. This is the main reason why I created new groups for logging in.
Option Explicit
' Variable Declaration
Dim objNetwork, objUser, CurrentUser, objEnvar
Dim strGroup, WshNetwork, oFso, objShell, strUserVar
' Security groups used for logins scripts
Const Admin_Group = "cn=Nash-IT-Staff"
Const Manager_Group = "cn=Nash-Manager-Staff"
Const QM_Group = "cn=Nash-QM-Staff"
Const Trn_Group = "cn=Nash-Training-Staff"
Const Supv_Group = "cn=Nash-Supv-Staff"
Const Asthma_Group = "cn=Nash-Asthma-Nurses"
Const Diabetes_Group = "cn=Nash-Diabetes-Nurses"
Const Peds_Group = "cn=Nash-Peds-Nurses"
Const Support_Group = "cn=Nash-Admin-Staff"
Const Cardiac_Group = "cn=Nash-Cardiac-Nurses"
Const NewUsers_Group = "cn=Nash-Training-Nurses"
' Initialize Objects
Set oFSO = CreateObject ("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")
Set objNetwork = CreateObject("WScript.Network")
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set objUser = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & objUser.UserName)
strGroup = LCase(Join(CurrentUser.MemberOf))
' Figure out what UserProfile is
Set objEnVar = objShell.Environment("PROCESS")
strUserVar = objEnVar.Item("UserProfile")
' Forces script to skip errors (rem below line to see errors)
on error resume next
' Set all drives to be removed here.
WshNetwork.RemoveNetworkDrive "h:"
WshNetwork.RemoveNetworkDrive "i:"
WshNetwork.RemoveNetworkDrive "j:"
WshNetwork.RemoveNetworkDrive "k:"
WshNetwork.RemoveNetworkDrive "l:"
WshNetwork.RemoveNetworkDrive "m:"
WshNetwork.RemoveNetworkDrive "n:"
WshNetwork.RemoveNetworkDrive "o:"
WshNetwork.RemoveNetworkDrive "p:"
WshNetwork.RemoveNetworkDrive "q:"
WshNetwork.RemoveNetworkDrive "r:"
WshNetwork.RemoveNetworkDrive "s:"
WshNetwork.RemoveNetworkDrive "t:"
WshNetwork.RemoveNetworkDrive "u:"
WshNetwork.RemoveNetworkDrive "v:"
WshNetwork.RemoveNetworkDrive "w:"
WshNetwork.RemoveNetworkDrive "x:"
WshNetwork.RemoveNetworkDrive "y:"
WshNetwork.RemoveNetworkDrive "z:"
' Maps drives all users need.
objNetwork.MapNetworkDrive "k:", "\\nashnt1\share\" _
& objNetwork.UserName
objNetwork.MapNetworkDrive "p:", "\\hmcnt3\public"
objNetwork.MapNetworkDrive "n:", "\\nashnt1\nashvillepublic"
If InStr(strGroup, Admin_Group) Then
' add special drive mappings here.
objNetwork.MapNetworkDrive "i:", "\\nashnt1\ISSOFTWARE"
objNetwork.MapNetworkDrive "u:", "\\nashnt1\share"
' Copy the files to desktop
Dim net
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashp1"
'Removed the below line because if I log into another users workstation it
set this as default printer for them if one is not set
net.SetDefaultPrinter "\\nashp1\nashp1"
"Ray Costanzo [MVP]" wrote:
| Quote: | It kinda helps to give us a clue as to what is not working, what line
an error occurs on, what results you're getting, or something along
those lines instead of just posting 227 lines of code saying
something isn't working fine. Can you give us a few specifics and
trim away the irrelevant code, perhaps?
--
Ray at work
Microsoft ASP/ASP.NET MVP
"Nassur" <Nassur@discussions.microsoft.com> wrote in message
news:2FC14EE7-4560-4064-81EF-65849B85B4E1@microsoft.com...
I am trying to get the login script to check for the group a user
is a member
of and have it give map the drives and give the neccssary desktop
short cuts
for their job function. Everything in the script works fine execpt
for when
it pulls in what they are a member of. I created security groups
that are
strictly used for logging in. The script is pasted below.. Let me
know if
you might have any Ideas... Thanks for any help.
'------------------------logon.vbs--------------------------------
Option Explicit
...
|
|
|
| Back to top |
|
|
Al Dunbar [MS-MVP]
Guest
|
| Posted:
Fri Jan 07, 2005 6:38 am Post subject:
Re: Login Script by the group a user is a member of |
|
|
"Nassur" <Nassur@discussions.microsoft.com> wrote in message
news:0E003BC9-3518-4179-86A0-3E0F04080F4D@microsoft.com...
| Quote: | I am not receiving any errors form the script, the problem is when I
associate a test user to one of the security groups for logging in it does
not run the correct part of the script.
Example I associate the user to the Nash-QM-Staff security group, instead
of
running the section of the Vb script for Nash-QM-Staff, it will run the
part
for Nash-Managers.
|
One possibility: if the test user account belongs to BOTH groups, then at
logon, the script will execute ONLY the code associated with the FIRST of
its actual group memberships is tested. For example, if the user is in both
the QM and the managers groups, only the code for the managers group will
run because that membership is tested first.
Another possibility: you are not so much testing actual group membership as
you are testing "does this string appear anywhere in a string created by
concatenating the distinguished names of all of the groups to which the user
belongs?". An account could conceivably belong to a group whose common name
is the same as that of the managers group, but located in a different OU.
A few other issues that might cause you problems at some point:
A) Variable strGroup contains no upper case characters, i.e.:
strGroup = LCase(Join(CurrentUser.MemberOf))
however, the default compare mode of the InStr function is binary, and you
are looking for an occurrence of the various mixed-case group names. Are you
sure that *any* of the code sections is being executed, or might the
workstation simply have the shortcuts for the managers group on the desktop.
B) Once you get this working, should someone be moved from one group to
another, there seems to be no code dedicated to removing the old desktop
shortcuts.
C) You instantiate the network object three times for no apparent reason.
These two appear at the start:
Set objNetwork = CreateObject("WScript.Network")
Set WshNetwork = WScript.CreateObject("WScript.Network")
and this one appears in each conditional block:
Set net = CreateObject("WScript.Network")
You need only one of these.
D) Suggest indenting your code to better show the block structure.
and finally:
E) Does this method successfully detect group membership that is inherited
through group nesting?
/Al
| Quote: | I am setting the security groups to a Const in the top
part of the script. I have check and the user is in not member of any
other
groups. This is the main reason why I created new groups for logging in.
Option Explicit
' Variable Declaration
Dim objNetwork, objUser, CurrentUser, objEnvar
Dim strGroup, WshNetwork, oFso, objShell, strUserVar
' Security groups used for logins scripts
Const Admin_Group = "cn=Nash-IT-Staff"
Const Manager_Group = "cn=Nash-Manager-Staff"
Const QM_Group = "cn=Nash-QM-Staff"
Const Trn_Group = "cn=Nash-Training-Staff"
Const Supv_Group = "cn=Nash-Supv-Staff"
Const Asthma_Group = "cn=Nash-Asthma-Nurses"
Const Diabetes_Group = "cn=Nash-Diabetes-Nurses"
Const Peds_Group = "cn=Nash-Peds-Nurses"
Const Support_Group = "cn=Nash-Admin-Staff"
Const Cardiac_Group = "cn=Nash-Cardiac-Nurses"
Const NewUsers_Group = "cn=Nash-Training-Nurses"
' Initialize Objects
Set oFSO = CreateObject ("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")
Set objNetwork = CreateObject("WScript.Network")
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set objUser = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & objUser.UserName)
strGroup = LCase(Join(CurrentUser.MemberOf))
' Figure out what UserProfile is
Set objEnVar = objShell.Environment("PROCESS")
strUserVar = objEnVar.Item("UserProfile")
' Forces script to skip errors (rem below line to see errors)
on error resume next
' Set all drives to be removed here.
WshNetwork.RemoveNetworkDrive "h:"
WshNetwork.RemoveNetworkDrive "i:"
WshNetwork.RemoveNetworkDrive "j:"
WshNetwork.RemoveNetworkDrive "k:"
WshNetwork.RemoveNetworkDrive "l:"
WshNetwork.RemoveNetworkDrive "m:"
WshNetwork.RemoveNetworkDrive "n:"
WshNetwork.RemoveNetworkDrive "o:"
WshNetwork.RemoveNetworkDrive "p:"
WshNetwork.RemoveNetworkDrive "q:"
WshNetwork.RemoveNetworkDrive "r:"
WshNetwork.RemoveNetworkDrive "s:"
WshNetwork.RemoveNetworkDrive "t:"
WshNetwork.RemoveNetworkDrive "u:"
WshNetwork.RemoveNetworkDrive "v:"
WshNetwork.RemoveNetworkDrive "w:"
WshNetwork.RemoveNetworkDrive "x:"
WshNetwork.RemoveNetworkDrive "y:"
WshNetwork.RemoveNetworkDrive "z:"
' Maps drives all users need.
objNetwork.MapNetworkDrive "k:", "\\nashnt1\share\" _
& objNetwork.UserName
objNetwork.MapNetworkDrive "p:", "\\hmcnt3\public"
objNetwork.MapNetworkDrive "n:", "\\nashnt1\nashvillepublic"
If InStr(strGroup, Admin_Group) Then
' add special drive mappings here.
objNetwork.MapNetworkDrive "i:", "\\nashnt1\ISSOFTWARE"
objNetwork.MapNetworkDrive "u:", "\\nashnt1\share"
' Copy the files to desktop
Dim net
Set net = CreateObject("WScript.Network")
net.AddWindowsPrinterConnection "\\nashp1\nashp1"
'Removed the below line because if I log into another users workstation it
set this as default printer for them if one is not set
net.SetDefaultPrinter "\\nashp1\nashp1"
"Ray Costanzo [MVP]" wrote:
It kinda helps to give us a clue as to what is not working, what line
an error occurs on, what results you're getting, or something along
those lines instead of just posting 227 lines of code saying
something isn't working fine. Can you give us a few specifics and
trim away the irrelevant code, perhaps?
--
Ray at work
Microsoft ASP/ASP.NET MVP
"Nassur" <Nassur@discussions.microsoft.com> wrote in message
news:2FC14EE7-4560-4064-81EF-65849B85B4E1@microsoft.com...
I am trying to get the login script to check for the group a user
is a member
of and have it give map the drives and give the neccssary desktop
short cuts
for their job function. Everything in the script works fine execpt
for when
it pulls in what they are a member of. I created security groups
that are
strictly used for logging in. The script is pasted below.. Let me
know if
you might have any Ideas... Thanks for any help.
'------------------------logon.vbs--------------------------------
Option Explicit
...
|
|
|
| Back to top |
|
|
Dan King
Guest
|
| Posted:
Fri Jan 07, 2005 10:55 pm Post subject:
Re: Login Script by the group a user is a member of |
|
|
When I do things like this I figure there are two ways of
complicating/resolving the whole process:
1. write a complex login script like you have done
2. add complexity to AD and have several simple scripts for each group
By method 2 I mean this:
1. Create groups specifically for login scripts, and add users (you have
done this)
2. Create a single ALL_USER login script which will remove then map all
common drives and add all printers
3. Create small simple login scripts for each group for removing/adding
drives and printers
4. Create a GPO for the ALL_USERS login script and make sure AUTHENTICATED
USERS have rights to apply the GPO
5. Create a GPO for each group's login script. For example, you have a group
called "Nash-IT-Staff". Create a GPO called something like "LS -
Nash-IT-Staff", and then only let the "Nash-IT-Staff" group apply the GPO.
Set that GPO to have a login script of "Nash-IT-Staff.vbs". This way you can
keep uniform names between GPO, group, and script name. Updating the scripts
will be much easier since you will not have to search through 250 lines, but
it will be more like 20 lines.
If you want to undo things done in the script when a group change is made,
you can always throw those UNDOs into the ALL_USER login script and have
that run first, or you can create a LOGOFF script and have that clean up the
system at every logoff.
By doing it this way will also help future admins that might not know
VBScript. A complicated script like that can be hard to figure out for
someone who has never used it before.
I wonder if this way will be a faster logon than 1 large script as well.
Hope that helps
Dan. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in