Re: Logon script problems for non-admins

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: neo [mvp outlook] (neo_at_online.mvps.org)
Date: 02/21/05 

Date: Mon, 21 Feb 2005 08:56:57 -0800

No, they don't need to be local administrators on the SBS server offering
the share.

Yes, make a new share and setup rights accordingly. (If you currently gave
them full access, then that is what they get on the new share.) Once that
is done, make the changes to the VBS file (e.g. swap out the d$ for the new
share name so users see the same mappings).

In thinking about this so you don't piss off 25 users and do this in a
controlled fashion, make a copy of your existing VBS file and edit that.
Assign this new VBS file to a "test" account that mirrors one of your
existing users. This way you can create the new share, get the rights
correct, and edit the VBS file w/out worrying about knocking the other 25
out. Once you have it working perfectly, you can switch users over to the
new logon vbs file.

Better?

"Ascnet" <Ascnet@discussions.microsoft.com> wrote in message
news:5B138366-6EA5-434B-87BA-F8CA418B0BA6@microsoft.com...
> Neo- thanks for the quick reply.
>
> 1) So all my users must be local admins on the SBS server? Do I
> understand
> you correctly that I need to pick a folder, make it a share, and give all
> users full access to that folder? Then make sure that folder is in the
> vbs
> file so it gets mapped?
>
> Thank you for the Win 9x note. Shouldn't be a problem for us but good to
> know.
>
>
>
> "neo [mvp outlook]" wrote:
>
>> You have a couple of problems as to what is going on.
>>
>> 1) When mapping to a remote administrative shares (e.g. c$, d$, admin$),
>> the
>> person needs to have local administrative rights on the computer offering
>> the share. So to solve this, you need to create a new share (don't use
>> d$)
>> and grant the correct rights. This will of course require you to change
>> the
>> logon.vbs file.
>>
>> 2) The "user name" doesn't exist right away when logging into a network.
>> You need to setup a delay and wait for the "user name" value to get
>> populated. Here is an example:
>>
>> Option Explicit
>> On Error Resume Next
>>
>> Dim oNet, sUser, cInitial, startTime
>>
>> ' Helper object
>> Set oNet = CreateObject("WScript.Network")
>>
>> ' Get the user name. On Windows 9x, the use may not be logged
>> ' on when the script starts running; keep checking every 1/2 a
>> ' second until they are logged on.
>>
>> sUser = oNet.UserName
>> startTime = Now
>>
>> Do While sUser = ""
>> If DateDiff("s", startTime, Now) > 30 Then Wscript.Quit
>> Wscript.Sleep 500
>> sUser = oNet.UserName
>> Loop
>>
>> ' Add a share for the "h" drive
>>
>> if sUser <> "" Then
>> oNet.MapNetworkDrive "h:", "\\servername\users$\" & sUser
>> end if
>> oNet.MapNetworkDrive "g:", "\\servname\group_share"
>>
>> /neo
>>
>> ps - please keep in mind that only win2k and newer can use a "logon" vbs
>> file. If you need to support earlier clients, use a batch (*.bat) file
>> that
>> calls the vbs file.
>>
>> "Ascnet" <Ascnet@discussions.microsoft.com> wrote in message
>> news:C5C13A13-078B-400D-9E5D-50A583B9065D@microsoft.com...
>> > First forgive me for I have sinned. Back in November when I first
>> > installed
>> > my company's SBS I had this problem and rather than fix it I band-aided
>> > it.
>> > It was a long weedend ok :)
>> >
>> > Currently all of my 25 users are Administrators. When I change their
>> > permissions to "User" they can't run the logon script. The script
>> > fails
>> > when
>> > it tries to map the first network drive. I am looking to make a number
>> > of
>> > changes to our security policies (with GPMC) but I need to start with
>> > this
>> > problem. I feel I'm not giving you nearly enough information but I
>> > don't
>> > know what else to provide. Please advise.
>> >
>> > This is the script in question (Logon.vbs)
>> > Dim objNet, strUserName
>> > Set objNet = CreateObject("Wscript.Network")
>> > objNet.MapNetworkDrive "G:", "\\inssbs\d$"
>> > objNet.MapNetworkDrive "I:", "\\inssbs\d$\eim\unrouted"
>> > strUserName = objNet.UserName
>> > objNet.MapNetworkDrive "U:", "\\inssbs\Users\" & strUserName
>>
>>
>>

Relevant Pages

  • Re: October security patches...install failure
    ... I've verified that the account I'm using is in the local administrators ... I am able to install the MS04-030,036,037 and 038 ... > user rights that have been modified from default levels. ... > auditing and security log. ...
    (microsoft.public.win2000.security)
  • Re: Certificate Services Error
    ... LogLevel for that key ... >> Right now the local administrators and system groups ... >> confers no rights. ...
    (microsoft.public.win2000.security)
  • Re: Printer Management Console - requires Administrator membership..
    ... The PrinterManagementconsole (PMC) - is the MMC snapin forWindows2003R2 ... for managing printers on scatteredprintservers in the enterprise. ... 'blanket' add to local administrators group? ... and that Domain Admin rights were required for this to ...
    (microsoft.public.security)
  • Re: Local Admin vs Domain Admin problems
    ... local administrators account on their machine. ... on to a machine as a domain member and has local administrative rights on ... > rights on his local machine but when I go into his network properties it ...
    (microsoft.public.win2000.security)