Re: Torgeir Bakken
From: Al Dunbar [MS-MVP] (alan-no-drub-spam_at_hotmail.com)
Date: 01/15/05
- Next message: tlviewer: "Re: Current URL for Mark Pryor's site"
- Previous message: Michael Harris \(MVP\): "Current URL for Mark Pryor's site"
- In reply to: Leon Cripps: "RE: Torgeir Bakken"
- Next in thread: Al Dunbar [MS-MVP]: "Re: Torgeir Bakken"
- Reply: Al Dunbar [MS-MVP]: "Re: Torgeir Bakken"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 15 Jan 2005 11:59:13 -0700
"Leon Cripps" <LeonCripps@discussions.microsoft.com> wrote in message
news:B5B8BE63-610D-4E82-AFAA-661C6C79B8B4@microsoft.com...
> I recieved your comment on another forum to look at some other login
scripts,
> none of the links you gave me seem to do the trick. Maybe Im being really
> stupid ( wouldnt surprise me) but I can map easily using groups that USERS
> are members of its just mapping by groups that COMPUTERS are members of.
Ive
> even seen somewhere that this may not even be possible. Like I said I
would
> like to do it even if its by what OU the computer is in.
Although computer accounts can be members of security groups, they do not
fully participate in security-related operations. For example, create a
security group, permit a resource to it and add a workstation to it. Then
logon at that workstation with an account that DOES NOT have access to the
resource. Then try to map to the resource - this will fail. What is
happening is that the user account does not inherit permissions allocated to
the workstation on which he is logged in.
That said, workstation groups can be used for the type of thing you are
trying to do. We have a number of small locations where it is desired that
any and all users of the workstations should have ready access to a folder
shared on a location basis.
We could have given them folders on a common share, however, we could not
restrict access, as the individuals rotate through the various locations so
frequently that we would not be able to keep up with group membership
changes, so the folders themselves are permitted for everyone.
We could just say: "OK, when you are in unit seven, just remember that the
files you are to update are in the unit seven folder". We know our users,
and we know that, once a person got used to going to folder seven, he would
use that folder regardless of where he went, hence chaos.
So we created a vbscript and placed a shortcut to it in the all user
desktop. The script then determines which share to map to based on which
group the workstation belongs to, maps to it (if it hasn't already been
mapped in the current section), and then opens it in explorer.
The only related admin task we have is to manage the group membership when
new computers are setup in one of these areas, or existing computers are
relocated.
I don't have access to our domain from here, but if you would like, I could
get a copy of the code (probably slightly edited) to share with you next
week.
/Al
- Next message: tlviewer: "Re: Current URL for Mark Pryor's site"
- Previous message: Michael Harris \(MVP\): "Current URL for Mark Pryor's site"
- In reply to: Leon Cripps: "RE: Torgeir Bakken"
- Next in thread: Al Dunbar [MS-MVP]: "Re: Torgeir Bakken"
- Reply: Al Dunbar [MS-MVP]: "Re: Torgeir Bakken"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
