Re: Script help
From: Al Dunbar [MS-MVP] (alan-no-drub-spam_at_hotmail.com)
Date: 02/09/05
- Next message: Al Dunbar [MS-MVP]: "Re: Create User Script that sets temp password that expires in 14 days"
- Previous message: Rob: "Re: XML Load Problem"
- In reply to: Scott Fenstermacher: "Re: Script help"
- Next in thread: Scott Fenstermacher: "Re: Script help"
- Reply: Scott Fenstermacher: "Re: Script help"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 8 Feb 2005 20:55:32 -0700
"Scott Fenstermacher" <Scott.Fenstermacher@lrs.com> wrote in message
news:O$%23%23mmhDFHA.2568@TK2MSFTNGP10.phx.gbl...
> I can see Al's point, to a point... Network administration is always a
> balancing act of how much access do you want to grant users of these
> computers and how much routine maintenence you want to perform on them, as
> well as how much emergency surgery you are prepared to perform on the
> computers when someone gets into something they shouldn't or loads
something
> they shouldn't, can't find something, can't do something, etc...
>
> I was under the assumption (probably from a previous post reply) that
these
> computers would be for looking up books or something using one
application.
> If these are, in fact, writing lab computers, and students have their
files
> shared on a server somewhere on campus, then yes, individual accounts are
> one possible way to go. Another alternative is a VPN(ish) connection,
> initiated by the student to the "student domain" and entering their
> credentials at logon. Regardless, I would still lock down the computer
> itself as much as possible.
There is one area where we definitely agree.
> I would not have them saving files on the
> workstation, from what I remember of my college days that is begging for
> trouble (and USB keys are cheap).
Ditto.
> For a corporate environment, I'd be inclined toward using individual
> accounts. In a college environment (underfunded, understaffed), where you
> have people coming in and out of the computer area constantly, people who
> may or may not have computer accounts (or that have accounts and have no
> idea how to log in, what their password is, etc..), I would avoid the
> headache of individual accounts.
Hopefully such decisions are not left up to those administering the
infrastructure, but made by those who own it.
> If you want to spend your time tracking
> who was using what computer, that's up to you.
I don't *want* to do this, but when I am *asked* to, I don't want to have to
say that I can't do that.
> Frankly I think auditing a
> "commons area" computer is time that could be better spent elsewhere. If
> the computer gives you trouble, dump a new image on it and be done with
it.
We have dabbled with a product called "deep freeze" for such applications.
When you reboot, the original image is automagically re-applied.
/Al
>
> --
> Scott Fenstermacher
> Network Engineer
> Levi, Ray and Shoup, INC
>
> "Al Dunbar [MS-MVP]" <alan-no-drub-spam@hotmail.com> wrote in message
> news:OHRdp80CFHA.2620@tk2msftngp13.phx.gbl...
> >
> > "Scott Fenstermacher" <Scott.Fenstermacher@lrs.com> wrote in message
> > news:OwIaJOjCFHA.4072@TK2MSFTNGP10.phx.gbl...
> >> I'm not sure I'd like the potential of 2000 profiles on a single
machine.
> >> If these are shared machines, which it sounds like they are, then I
would
> >> create 1 LOCKED DOWN account on the network with a strong password, and
> >> configure the machines to auto-logon to that account. You then would
not
> >> need the script, just log on the account and add the printer, followed
by
> >> making the account profile Mandatory so no one can mess with it. It
> >> would
> >> be a good idea as well to restrict that account to only logging on to
> > those
> >> machines.
> >
> > I'm not so sure I like the potential of not knowing who is using these
> > workstations, and the users themselves might need NTFS authentication in
> > order to access personal or shared storage on a server. There are tools
to
> > trim the profiles when they get old, or you could make the users all
> > guests.
> > This would not only prevent profile buildup, but would seriously impact
on
> > those trying to save files on workstations.
> >
> > /Al
> >
> >> Back to the original question: A few details about the network you are
> >> running on would be helpful. For example, what kind of network is it?
> > Are
> >> the computers part of a domain? If so, do you have rights to
administer
> >> group policy?
> >>
> >> In lieu of that information, you could create your script on the C:\
> >> drive
> >> and add a shortcut (cscript //nologo c:\loginscript.vbs) to the script
in
> >> the Startup group for All Users. This should execute the script for
all
> >> users that log on to the machine.
> >>
> >> Dim oNetwork : Set oNetwork = WScript.CreateObject("Wscript.Network")
> >> oNetwork.AddWindowsPrinterConnection \\PrintServer\PrintDevice
> >>
> >> --
> >> Scott Fenstermacher
> >> Network Engineer
> >> Levi, Ray and Shoup, INC
> >>
> >> "shane200_" <shane200_@discussions.microsoft.com> wrote in message
> >> news:4193F68E-B5D6-468A-A97F-1C4D90341664@microsoft.com...
> >> >I am new to Scripts and I would like to know where do I put or type
the
> >> > Scripts? You see I have 7 XPs on a network for some students who use
> >> > the
> >> > college library. Each students use a logon name and password I would
> > like
> >> > when they logon The printer will add to the profile of the user, so I
> >> > don't
> >> > have to go and add the printer to 2000 student. Can you help me
out????
> >>
> >>
> >
> >
>
>
- Next message: Al Dunbar [MS-MVP]: "Re: Create User Script that sets temp password that expires in 14 days"
- Previous message: Rob: "Re: XML Load Problem"
- In reply to: Scott Fenstermacher: "Re: Script help"
- Next in thread: Scott Fenstermacher: "Re: Script help"
- Reply: Scott Fenstermacher: "Re: Script help"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
