Re: Login Script group membership
- From: "Al Dunbar" <AlanDrub@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 2 Jul 2007 17:35:52 -0600
"Calvin" <Calvin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1187D885-32A5-4EB1-B59E-8ADC95A07606@xxxxxxxxxxxxxxxx
It works. Thanks gents.
Would it be more managable to write this as a vbs instead of a batch file?
Depends on who would be managing it, what their skill levels are between
batch and vbscript, and possibly how complex the logic is going to have to
get to do what you want. That said, there are issues going to vbscript:
- Depending on the o/s's used, you might still need to have a batch logon
script, as not all o/s's can run a .vbs file directly as a logon script.
- you'd need to write a wrapper function to invoke ifmember and return the
result.
- if your script does other things as well, that code would have to be
converted.
- if your batch script calls separate batch files, and there were some
reason that you had to do the same in vbscript, you might need to do
something to avoid multiple windows popping up.
Having developed a vbscript logon script that maps drives based on group
membership, I have come to the conclusion that that may not be the most
effective way to use groups. I am in the process of lobbying to have the
logic changed to avoid using my ifmember wrapper because of performance
issues at VPN sites and for remote users. In your case, if all the shares
are on the same server, I would share out their common parent directory, and
manage access through NTFS security based on group membership.
Why don't you guys just use call statements like normal people?
I do use call statements, but please don't confuse me with someone who wants
to be considered as "normal".
/Al
"Al Dunbar" wrote:
"Calvin" <Calvin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:475531EB-6DC7-438B-BE42-694FD3CDDC6A@xxxxxxxxxxxxxxxx
Thanks Al,
Would I need to throw in a if, then, else statement if the user is a
member
of two or more groups? Sorry if that's the wrong terminology; I'm a
DBA
now
Network Admin.
No problem.
As for the if-then-else business, this depends on what you actually want
to
have happen. In the general case a user can be a member of any number of
groups. If the various groups use different drive letters, then avoid the
if-then-else, and simply provide the user with all the mappings
appropriate
to his group memberships.
If two groups use the same drive letter (like, say, if there were more
than
about 23 such groups), then you would have to decide which mapping takes
precedence, and code it to suit.
/Al
"Al Dunbar" wrote:
"Calvin" <Calvin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FA12FCDE-143E-4150-8800-2A0AEC91471A@xxxxxxxxxxxxxxxx
I am trying to write a logon script to map network drives according
to
group
membership. The script sees the global mappings, but doesn't
continue
to
map
the shares afterward according to that I have defined. Also, would
this
be
better off as a vbs script rather than a batch file?
Here's the script. Thanks in advance:
You seem to test for two groups, one called "groupname", the other
called
"group name", which you test twice.
The first ifmember will return an error code indicating whether or not
the
user is a member, but then your script ignores this and maps four
drives
unconditionally. It then sets an error code based on whether or not
the
mapping of drive U: failed. The "goto IT" statement then causes the
following blank line to be skipped, which seems to do nothing
particularly
useful. Much
The next block does much the same.
The final block avoids mapping I: if the user is not a member of
"group
name" by going to the next label starting with ":client", whether or
not
it
contains the words "shared group".
Echo ***Global drive mappings***
ifmember "groupname"
net use K: "\\servername\groups"
net use N: "\\servername\Transfer Only"
net use P: "\\servername\Apps"
net use U: "\\servername\new Share\"
if errorlevel 1 set LS_Error=%LS_Error% I (IT)
goto IT
:IT
ifmember "group name"
net use I: "\\servername\it
net use R: "\\servername\vphome"
if errorlevel 1 set LS_Error=%LS_Error% I (HR)
goto HR
:HR
ifmember "group name"
if not errorlevel 1 goto Client Shared Group
net use I: "\\servername\Financial HR"
if errorlevel 1 set LS_Error=%LS_Error% I (Client Shared Group)
goto Client Shared Group
I'd suggest something along these lines:
ifmember "domain\firstgroup"
if errorlevel 1 (
net use K: "\\servername\groups"
net use N: "\\servername\Transfer Only"
net use P: "\\servername\Apps"
net use U: "\\servername\new Share\"
)
ifmember "domain\secondgroup"
if errorlevel 1 (
net use I: "\\servername\it
net use R: "\\servername\vphome"
)
If you want your script to report an error mapping any drive, you will
need
to test after each net use command.
/Al
.
- Prev by Date: Re: Robocopy and Share Permssions
- Next by Date: Re: YES NO Logon Script
- Previous by thread: Re: Robocopy and Share Permssions
- Next by thread: Re: Mailbox access permission report
- Index(es):
Relevant Pages
|
