Re: Login Script Help

In news:ecn1Gv$IJHA.740@xxxxxxxxxxxxxxxxxxxx,
Richard Mueller [MVP] <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> requesting assistance, typed the following:
Bud Veltman wrote:

I have just started at a new company with approximately 65 users in
house. They are currently attempting to implement a login script
that defines each
user's home share as well as mapped drives and printer assignment to
include
the default printer based on group membership. The script works
fine as long
as each user belongs to only one group.

How can I modify my login script to help me to segregate each user's
primary
group membership and then only install the printers as per the
primary membership, or otherwise modify the script so that I can map
drives for users
in multiple groups, but only printers from one group?


I advise you not to modify the default "primary" group assignment,
which is the group "Domain Users". You can determine which group is
the "primary" in a script, but it is more involved. There is no
reason to make your life more difficult. Use you own global security
groups to assign printers.
You may need to post code from your script. I would have to guess why
you have a problem if the user is a member of more than one group.

I often assign printers by checking the group that the computer object
(instead of the user) is a member of. This is better if computers are
stationary, but users login to various computers.

A possible VBScript logon script to assign printers according to one
group, but assigning multiple drives according to group membership
might be similar to:
=========
Set objNetwork = CreateObject("Wscript.Network")

' Retrieve Distinguished Name (DN) of current user and computer.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
strComputerDN = objSysInfo.ComputerName

' Assign printer according to user group membership.
' Only assign one printer.
' You could use strComputerDN to test computer object group
membership. Set objGroup1 =
GetObject("LDAP://cn=Group1,ou=West,dc=MyDomain,dc=com";) If (objGroup1.IsMember("LDAP://"; & strUserDN) = True) Then
objNetwork.AddWindowsPrinterConnection "\\PrintServer\HPLaser1"
objNetwork.SetDefaultPrinter "\\PrintServer\HPLaser1"
Else
Set objGroup2 =
GetObject("LDAP://cn=Group2,ou=West,dc=MyDomain,dc=com";) If
(objGroup2.IsMember("LDAP://"; & strUserDN) = True) Then
objNetwork.AddWindowsPrinterConnection
"\\PrintServer\HPLaser2" objNetwork.SetDefaultPrinter
"\\PrintServer\HPLaser2" Else Set objGroup3 =
GetObject("LDAP://cn=Group3,ou=West,dc=MyDomain,dc=com";)
If (objGroup3.IsMember("LDAP://"; & strUserDN) = True) Then
objNetwork.AddWindowsPrinterConnection
"\\PrintServer\HPLaser3" objNetwork.SetDefaultPrinter
"\\PrintServer\HPLaser3" End If
End If
End If

' Map drives according to user group membership.
' Each share must be mapped to a different drive letter.
Set objGroupA =
GetObject("LDAP://cn=GroupA,ou=West,dc=MyDomain,dc=com";) If (objGroupA.IsMember("LDAP://"; & strUserDN) = True) Then
objNetwork.MapNetworkDrive "K:", "\\MyServer\ShareA"
End If
Set objGroupB =
GetObject("LDAP://cn=GroupB,ou=West,dc=MyDomain,dc=com";) If (objGroupB.IsMember("LDAP://"; & strUserDN) = True) Then
objNetwork.MapNetworkDrive "L:", "\\MyServer\ShareB"
End If
Set objGroupC =
GetObject("LDAP://cn=GroupC,ou=West,dc=MyDomain,dc=com";) If (objGroupC.IsMember("LDAP://"; & strUserDN) = True) Then
objNetwork.MapNetworkDrive "L:", "\\MyServer\ShareC"
End If
=======
There are other methods to check group membership, but using the
IsMember method of the group object seems most direct to me (as long
as you are only concerned with direct group membership and can ignore
group nesting). For more discussion of methods to check group
membership see this link:
http://www.rlmueller.net/MemberOf.htm

A more elaborate logon script that maps printers and shares according
to group membership, and handles group nesting as well, is linked
here:
http://www.rlmueller.net/Logon3.htm

And an even more elaborate logon script that also handles membership
in the "primary" group is linked here:

http://www.rlmueller.net/Logon6.htm

Otherwise, post an example of your code if you have specific
questions.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net


Thanks for the great links, Richard!

--?
Regards,
Ace

.

Relevant Pages

  • Re: Login Script Help
    ... They are currently attempting to implement a login script that defines ... user's home share as well as mapped drives and printer assignment to ... group membership and then only install the printers as per the primary ...
    (microsoft.public.windows.server.active_directory)
  • Re: Automatic install of network printer(s) based on AD location f
    ... their group membership. ... Create a new GPO "Printers ROOM1 GPO" link it to the place where the ... What you're describing is indeed the sort of script i'm looking ...
    (microsoft.public.windows.server.active_directory)
  • Map Printer based on Computer Group Membership
    ... I need to be able to map Printers based on Computer group membership, ... script that will take the Computer's Group memberships and map certain ...
    (microsoft.public.scripting.wsh)
  • Re: Changing the local admin password base on the computers OU
    ... The intent is to put thsi script in a GPO that runs everytime the ... allowing us to cahnge local admin passwords pretty ... Your script appears to check for group membership. ... object and use the Parent method to retrieve the ADsPath of the parent ...
    (microsoft.public.scripting.vbscript)
  • Re: AD group logon script question
    ... The OU is the parent container of the user object, ... It is straightforward to test for group membership. ... the logon script should check group membership to decide ... > objUser.Put "primaryGroupID", intPrimaryGroupToken ...
    (microsoft.public.scripting.vbscript)