Re: Drive Mapping Script Based on Group Membership Fails Due to LD
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Fri, 23 Mar 2007 13:42:39 -0500
I can't find anything wrong with this code. I have had issues with WMI were
I have had to reload on a particular machine. Have you tried running this
on a machine other than the one you have tested this on?
I have executed this code successfully as a fully non-privileged user.
I don't see the following in your case, but I would try running on a
separate machine if you haven't already.
http://www.computerperformance.co.uk/Logon/code/code_800A01C3.htm
Other than that I don't have anything else I can think of.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Nicholas Whitesel" <nicholas.whitesel@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:D10E8F3F-B207-47AE-878C-8C430B905115@xxxxxxxxxxxxxxxx
Sorry, I should have made that clear. Line 9 is identical to line 9 from
the
stock script from the link I posted on my original thread post. The first
9
lines read:
1>'On Error Resume Next
2>
3>Set objSysInfo = CreateObject("ADSystemInfo")
4>Set objNetwork = CreateObject("Wscript.Network")
5>
6>strUserPath = "LDAP://"; & objSysInfo.UserName
7>Set objUser = GetObject(strUserPath)
8>
9>For Each strGroup in objUser.MemberOf
At one point I thought it was a simple syntax error, but I ran a
wscript.echo line that returned the strUserPath object (worked on all
three
accounts) and there is no syntax error that I see.
I also ran a wscript.echo that returned objUser.CN. Again, this worked
for
my Domain Admins user but not for the other two. I think there must
either
be a syntax error (resulting from the returned user DN) when i pass the
strUserPath variable into the GetObject function OR a permission problem
that
is not allowing the GetObject function to be executed with limited
credentials... Any thoughts?
--
Nicholas Whitesel
MIS Support / Help Desk
"Paul Bergson [MVP-DS]" wrote:
Ok so what is line 9? Is the script small enough that you can post it?
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Nicholas Whitesel" <nicholas.whitesel@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in
message news:1E239AE6-3B14-4447-872F-6D00621E38D6@xxxxxxxxxxxxxxxx
Ok, I logged on locally and ran the script locally under three
scenarios.
The first attempt I logged on locally using my administrator login that
is
a
member of both the Local and Domain Admins group; The script runs to
perfection.
For the second scenario, I logged in as a user who is a member of the
local
administrator group, but only a member of the Domain Users group (not
Domain
Admins). The outcome resulted in the following error message:
WINDOWS SCRIPT HOST
Script: \\smrserv1\scripts$\MapLocalPublic.vbs
Line: 9
Char: 1
Error: 0x80005000
Code: 80005000
Source: (null)
For the third scenario I logged in under a roaming profile who is a
member
of the Domian Users group (not Domain Admins). The resulting error
code
is
as follows:
WINDOWS SCRIPT HOST
Script: \\smrserv1\scripts$\MapLocalPublic.vbs
Line: 9
Char: 1
Error: Object not a collection
Code: 800A01C3
Source: Microsoft VBScript runtime error
I also inserted a Wscript.echo line that returned the strUserpath
variable
and it returned the fully qualified LDAP user path. So my thinking
there
is
that the GetObject command is failing (for some reason), but have so
little
experience scripting and with active directory, that I have no idea
why.
I appreciate all of the time and effort you have put into helping me
resolve
this.
--
Nicholas Whitesel
MIS Support / Help Desk
"Paul Bergson [MVP-DS]" wrote:
Poor word choice on my part. Logon on to the machine and run on the
local
machine as the domain authenticated user and see if it works.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Nicholas Whitesel" <nicholas.whitesel@xxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote
in
message news:4AADAB49-59AF-4243-8D6E-1BE29F5709BB@xxxxxxxxxxxxxxxx
The script I am running is located on a network drive with
read/excecute
priveleges granted to members of the Domain Users security group.
I am more interested in running the script as a domain user rather
than
a
local user. I have tried running the script using a raoming profile
and a
local profile (both with non-elevated permissions.) I also tried
using
the
ADSIEDIT.MSC tool to grant list and read priveleges to the Domain
Users
group; however, the only thing that seems to work is adding the user
to
the
Domain Admins security group. I must be missing something...
--
Nicholas Whitesel
MIS Support / Help Desk
"Paul Bergson [MVP-DS]" wrote:
The easiest way to test to see if a script can be run as a local
user
is
once logged on run it locally. I see no special calls in the
script
you
pointed to that require special rights.
Where is the script located that it is failing in the logon script?
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"wheresITat" <wheresITat@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:D2628800-C136-4328-B3AA-DB9AFE0F70C3@xxxxxxxxxxxxxxxx
I recently tried to deploy a logon script using VBScript that uses
an
LDAP
query to gain knowledge about the currently logged on user's
group
membership. The script then maps drives based on the user's
group
membership.
The problem I encountered is that when I try running the script
as a
user
who is not a member of the Domain Admins security group, the
script
fails.
When logged in as an administrator, the script runs to
perfection.
What specific security setting can I change to allow members of
the
Domain
Users security group permission to run the script?
Here is the URL of the article containing the script:
http://www.microsoft.com/technet/scriptcenter/resources/qanda/dec04/hey1210.mspx
.
- References:
- Re: Drive Mapping Script Based on Group Membership Fails Due to LDAP Q
- From: Paul Bergson [MVP-DS]
- Re: Drive Mapping Script Based on Group Membership Fails Due to LD
- From: Paul Bergson [MVP-DS]
- Re: Drive Mapping Script Based on Group Membership Fails Due to LD
- From: Nicholas Whitesel
- Re: Drive Mapping Script Based on Group Membership Fails Due to LD
- From: Paul Bergson [MVP-DS]
- Re: Drive Mapping Script Based on Group Membership Fails Due to LD
- From: Nicholas Whitesel
- Re: Drive Mapping Script Based on Group Membership Fails Due to LDAP Q
- Prev by Date: DNS errors after setting up sites
- Next by Date: Re: Windows 2000 to 2003 replacement/upgrade
- Previous by thread: Re: Drive Mapping Script Based on Group Membership Fails Due to LD
- Next by thread: PROBLEM SOLVED!
- Index(es):
Relevant Pages
|
