|
|
I am trying to write a logon script to map network drives according to group
membership. The script sees the global mappings, but doesn't continue to map
the shares afterward according to that I have defined. Also, would this be
better off as a vbs script rather than a batch file?
Here's the script. Thanks in advance:
Echo ***Global drive mappings***
ifmember "groupname"
net use K: "\\servername\groups"
net use N: "\\servername\Transfer Only"
net use P: "\\servername\Apps"
net use U: "\\servername\new Share\"
if errorlevel 1 set LS_Error=%LS_Error% I (IT)
goto IT
:IT
ifmember "group name"
net use I: "\\servername\it
net use R: "\\servername\vphome"
if errorlevel 1 set LS_Error=%LS_Error% I (HR)
goto HR
:HR
ifmember "group name"
if not errorlevel 1 goto Client Shared Group
net use I: "\\servername\Financial HR"
if errorlevel 1 set LS_Error=%LS_Error% I (Client Shared Group)
goto Client Shared Group
|
|
"Calvin" <Calvin[ at ]discussions.microsoft.com> wrote in message
news:FA12FCDE-143E-4150-8800-2A0AEC91471A[ at ]microsoft.com...
[Quoted Text] >I am trying to write a logon script to map network drives according to
>group
> membership. The script sees the global mappings, but doesn't continue to
> map
> the shares afterward according to that I have defined. Also, would this
> be
> better off as a vbs script rather than a batch file?
>
> Here's the script. Thanks in advance:
You seem to test for two groups, one called "groupname", the other called
"group name", which you test twice.
The first ifmember will return an error code indicating whether or not the
user is a member, but then your script ignores this and maps four drives
unconditionally. It then sets an error code based on whether or not the
mapping of drive U: failed. The "goto IT" statement then causes the
following blank line to be skipped, which seems to do nothing particularly
useful. Much
The next block does much the same.
The final block avoids mapping I: if the user is not a member of "group
name" by going to the next label starting with ":client", whether or not it
contains the words "shared group".
> Echo ***Global drive mappings***
>
> ifmember "groupname"
> net use K: "\\servername\groups"
> net use N: "\\servername\Transfer Only"
> net use P: "\\servername\Apps"
> net use U: "\\servername\new Share\"
> if errorlevel 1 set LS_Error=%LS_Error% I (IT)
> goto IT
>
> :IT
> ifmember "group name"
> net use I: "\\servername\it
> net use R: "\\servername\vphome"
> if errorlevel 1 set LS_Error=%LS_Error% I (HR)
> goto HR
>
> :HR
> ifmember "group name"
> if not errorlevel 1 goto Client Shared Group
> net use I: "\\servername\Financial HR"
> if errorlevel 1 set LS_Error=%LS_Error% I (Client Shared Group)
> goto Client Shared Group
I'd suggest something along these lines:
ifmember "domain\firstgroup"
if errorlevel 1 (
net use K: "\\servername\groups"
net use N: "\\servername\Transfer Only"
net use P: "\\servername\Apps"
net use U: "\\servername\new Share\"
)
ifmember "domain\secondgroup"
if errorlevel 1 (
net use I: "\\servername\it
net use R: "\\servername\vphome"
)
If you want your script to report an error mapping any drive, you will need
to test after each net use command.
/Al
|
|
Thanks Al,
Would I need to throw in a if, then, else statement if the user is a member
of two or more groups? Sorry if that's the wrong terminology; I'm a DBA now
Network Admin.
"Al Dunbar" wrote:
[Quoted Text] >
> "Calvin" <Calvin[ at ]discussions.microsoft.com> wrote in message
> news:FA12FCDE-143E-4150-8800-2A0AEC91471A[ at ]microsoft.com...
> >I am trying to write a logon script to map network drives according to
> >group
> > membership. The script sees the global mappings, but doesn't continue to
> > map
> > the shares afterward according to that I have defined. Also, would this
> > be
> > better off as a vbs script rather than a batch file?
> >
> > Here's the script. Thanks in advance:
>
> You seem to test for two groups, one called "groupname", the other called
> "group name", which you test twice.
>
> The first ifmember will return an error code indicating whether or not the
> user is a member, but then your script ignores this and maps four drives
> unconditionally. It then sets an error code based on whether or not the
> mapping of drive U: failed. The "goto IT" statement then causes the
> following blank line to be skipped, which seems to do nothing particularly
> useful. Much
>
> The next block does much the same.
>
> The final block avoids mapping I: if the user is not a member of "group
> name" by going to the next label starting with ":client", whether or not it
> contains the words "shared group".
>
> > Echo ***Global drive mappings***
> >
> > ifmember "groupname"
> > net use K: "\\servername\groups"
> > net use N: "\\servername\Transfer Only"
> > net use P: "\\servername\Apps"
> > net use U: "\\servername\new Share\"
> > if errorlevel 1 set LS_Error=%LS_Error% I (IT)
> > goto IT
> >
> > :IT
> > ifmember "group name"
> > net use I: "\\servername\it
> > net use R: "\\servername\vphome"
> > if errorlevel 1 set LS_Error=%LS_Error% I (HR)
> > goto HR
> >
> > :HR
> > ifmember "group name"
> > if not errorlevel 1 goto Client Shared Group
> > net use I: "\\servername\Financial HR"
> > if errorlevel 1 set LS_Error=%LS_Error% I (Client Shared Group)
> > goto Client Shared Group
>
> I'd suggest something along these lines:
>
> ifmember "domain\firstgroup"
> if errorlevel 1 (
> net use K: "\\servername\groups"
> net use N: "\\servername\Transfer Only"
> net use P: "\\servername\Apps"
> net use U: "\\servername\new Share\"
> )
>
> ifmember "domain\secondgroup"
> if errorlevel 1 (
> net use I: "\\servername\it
> net use R: "\\servername\vphome"
> )
>
> If you want your script to report an error mapping any drive, you will need
> to test after each net use command.
>
> /Al
>
>
>
>
>
|
|
This link explains how to use IfMember:
http://www.microsoft.com/technet/archive/winntas/tips/winntmag/grlogon.mspx?mfr=true
The utility returns errorlevel 1 if the user is a member of the group (or
groups, you can list several). You need to use GoTo statements. For example:
IfMember TestGroup1
if not errorlevel 1 goto step2
rem following 2 mappings done only if user member of TestGroup1.
net use K: "\\servername\groups"
net use P: "\\servername\Apps"
step2:
IfMember "domain admins"
if not errorlevel 1 goto step3
rem drive I: is mapped only if member of "Domain Admins".
net use I: "\\servername\it
step3:
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
"Calvin" <Calvin[ at ]discussions.microsoft.com> wrote in message
news:475531EB-6DC7-438B-BE42-694FD3CDDC6A[ at ]microsoft.com...
[Quoted Text] > Thanks Al,
>
> Would I need to throw in a if, then, else statement if the user is a
> member
> of two or more groups? Sorry if that's the wrong terminology; I'm a DBA
> now
> Network Admin.
>
> "Al Dunbar" wrote:
>
>>
>> "Calvin" <Calvin[ at ]discussions.microsoft.com> wrote in message
>> news:FA12FCDE-143E-4150-8800-2A0AEC91471A[ at ]microsoft.com...
>> >I am trying to write a logon script to map network drives according to
>> >group
>> > membership. The script sees the global mappings, but doesn't continue
>> > to
>> > map
>> > the shares afterward according to that I have defined. Also, would
>> > this
>> > be
>> > better off as a vbs script rather than a batch file?
>> >
>> > Here's the script. Thanks in advance:
>>
>> You seem to test for two groups, one called "groupname", the other called
>> "group name", which you test twice.
>>
>> The first ifmember will return an error code indicating whether or not
>> the
>> user is a member, but then your script ignores this and maps four drives
>> unconditionally. It then sets an error code based on whether or not the
>> mapping of drive U: failed. The "goto IT" statement then causes the
>> following blank line to be skipped, which seems to do nothing
>> particularly
>> useful. Much
>>
>> The next block does much the same.
>>
>> The final block avoids mapping I: if the user is not a member of "group
>> name" by going to the next label starting with ":client", whether or not
>> it
>> contains the words "shared group".
>>
>> > Echo ***Global drive mappings***
>> >
>> > ifmember "groupname"
>> > net use K: "\\servername\groups"
>> > net use N: "\\servername\Transfer Only"
>> > net use P: "\\servername\Apps"
>> > net use U: "\\servername\new Share\"
>> > if errorlevel 1 set LS_Error=%LS_Error% I (IT)
>> > goto IT
>> >
>> > :IT
>> > ifmember "group name"
>> > net use I: "\\servername\it
>> > net use R: "\\servername\vphome"
>> > if errorlevel 1 set LS_Error=%LS_Error% I (HR)
>> > goto HR
>> >
>> > :HR
>> > ifmember "group name"
>> > if not errorlevel 1 goto Client Shared Group
>> > net use I: "\\servername\Financial HR"
>> > if errorlevel 1 set LS_Error=%LS_Error% I (Client Shared Group)
>> > goto Client Shared Group
>>
>> I'd suggest something along these lines:
>>
>> ifmember "domain\firstgroup"
>> if errorlevel 1 (
>> net use K: "\\servername\groups"
>> net use N: "\\servername\Transfer Only"
>> net use P: "\\servername\Apps"
>> net use U: "\\servername\new Share\"
>> )
>>
>> ifmember "domain\secondgroup"
>> if errorlevel 1 (
>> net use I: "\\servername\it
>> net use R: "\\servername\vphome"
>> )
>>
>> If you want your script to report an error mapping any drive, you will
>> need
>> to test after each net use command.
>>
>> /Al
>>
>>
>>
>>
>>
|
|
"Calvin" <Calvin[ at ]discussions.microsoft.com> wrote in message
news:475531EB-6DC7-438B-BE42-694FD3CDDC6A[ at ]microsoft.com...
[Quoted Text] > Thanks Al,
>
> Would I need to throw in a if, then, else statement if the user is a
> member
> of two or more groups? Sorry if that's the wrong terminology; I'm a DBA
> now
> Network Admin.
No problem.
As for the if-then-else business, this depends on what you actually want to
have happen. In the general case a user can be a member of any number of
groups. If the various groups use different drive letters, then avoid the
if-then-else, and simply provide the user with all the mappings appropriate
to his group memberships.
If two groups use the same drive letter (like, say, if there were more than
about 23 such groups), then you would have to decide which mapping takes
precedence, and code it to suit.
/Al
> "Al Dunbar" wrote:
>
>>
>> "Calvin" <Calvin[ at ]discussions.microsoft.com> wrote in message
>> news:FA12FCDE-143E-4150-8800-2A0AEC91471A[ at ]microsoft.com...
>> >I am trying to write a logon script to map network drives according to
>> >group
>> > membership. The script sees the global mappings, but doesn't continue
>> > to
>> > map
>> > the shares afterward according to that I have defined. Also, would
>> > this
>> > be
>> > better off as a vbs script rather than a batch file?
>> >
>> > Here's the script. Thanks in advance:
>>
>> You seem to test for two groups, one called "groupname", the other called
>> "group name", which you test twice.
>>
>> The first ifmember will return an error code indicating whether or not
>> the
>> user is a member, but then your script ignores this and maps four drives
>> unconditionally. It then sets an error code based on whether or not the
>> mapping of drive U: failed. The "goto IT" statement then causes the
>> following blank line to be skipped, which seems to do nothing
>> particularly
>> useful. Much
>>
>> The next block does much the same.
>>
>> The final block avoids mapping I: if the user is not a member of "group
>> name" by going to the next label starting with ":client", whether or not
>> it
>> contains the words "shared group".
>>
>> > Echo ***Global drive mappings***
>> >
>> > ifmember "groupname"
>> > net use K: "\\servername\groups"
>> > net use N: "\\servername\Transfer Only"
>> > net use P: "\\servername\Apps"
>> > net use U: "\\servername\new Share\"
>> > if errorlevel 1 set LS_Error=%LS_Error% I (IT)
>> > goto IT
>> >
>> > :IT
>> > ifmember "group name"
>> > net use I: "\\servername\it
>> > net use R: "\\servername\vphome"
>> > if errorlevel 1 set LS_Error=%LS_Error% I (HR)
>> > goto HR
>> >
>> > :HR
>> > ifmember "group name"
>> > if not errorlevel 1 goto Client Shared Group
>> > net use I: "\\servername\Financial HR"
>> > if errorlevel 1 set LS_Error=%LS_Error% I (Client Shared Group)
>> > goto Client Shared Group
>>
>> I'd suggest something along these lines:
>>
>> ifmember "domain\firstgroup"
>> if errorlevel 1 (
>> net use K: "\\servername\groups"
>> net use N: "\\servername\Transfer Only"
>> net use P: "\\servername\Apps"
>> net use U: "\\servername\new Share\"
>> )
>>
>> ifmember "domain\secondgroup"
>> if errorlevel 1 (
>> net use I: "\\servername\it
>> net use R: "\\servername\vphome"
>> )
>>
>> If you want your script to report an error mapping any drive, you will
>> need
>> to test after each net use command.
>>
>> /Al
>>
>>
>>
>>
>>
|
|
It works. Thanks gents.
Would it be more managable to write this as a vbs instead of a batch file?
Why don't you guys just use call statements like normal people?
"Al Dunbar" wrote:
[Quoted Text] >
> "Calvin" <Calvin[ at ]discussions.microsoft.com> wrote in message
> news:475531EB-6DC7-438B-BE42-694FD3CDDC6A[ at ]microsoft.com...
> > Thanks Al,
> >
> > Would I need to throw in a if, then, else statement if the user is a
> > member
> > of two or more groups? Sorry if that's the wrong terminology; I'm a DBA
> > now
> > Network Admin.
>
> No problem.
>
> As for the if-then-else business, this depends on what you actually want to
> have happen. In the general case a user can be a member of any number of
> groups. If the various groups use different drive letters, then avoid the
> if-then-else, and simply provide the user with all the mappings appropriate
> to his group memberships.
>
> If two groups use the same drive letter (like, say, if there were more than
> about 23 such groups), then you would have to decide which mapping takes
> precedence, and code it to suit.
>
> /Al
>
> > "Al Dunbar" wrote:
> >
> >>
> >> "Calvin" <Calvin[ at ]discussions.microsoft.com> wrote in message
> >> news:FA12FCDE-143E-4150-8800-2A0AEC91471A[ at ]microsoft.com...
> >> >I am trying to write a logon script to map network drives according to
> >> >group
> >> > membership. The script sees the global mappings, but doesn't continue
> >> > to
> >> > map
> >> > the shares afterward according to that I have defined. Also, would
> >> > this
> >> > be
> >> > better off as a vbs script rather than a batch file?
> >> >
> >> > Here's the script. Thanks in advance:
> >>
> >> You seem to test for two groups, one called "groupname", the other called
> >> "group name", which you test twice.
> >>
> >> The first ifmember will return an error code indicating whether or not
> >> the
> >> user is a member, but then your script ignores this and maps four drives
> >> unconditionally. It then sets an error code based on whether or not the
> >> mapping of drive U: failed. The "goto IT" statement then causes the
> >> following blank line to be skipped, which seems to do nothing
> >> particularly
> >> useful. Much
> >>
> >> The next block does much the same.
> >>
> >> The final block avoids mapping I: if the user is not a member of "group
> >> name" by going to the next label starting with ":client", whether or not
> >> it
> >> contains the words "shared group".
> >>
> >> > Echo ***Global drive mappings***
> >> >
> >> > ifmember "groupname"
> >> > net use K: "\\servername\groups"
> >> > net use N: "\\servername\Transfer Only"
> >> > net use P: "\\servername\Apps"
> >> > net use U: "\\servername\new Share\"
> >> > if errorlevel 1 set LS_Error=%LS_Error% I (IT)
> >> > goto IT
> >> >
> >> > :IT
> >> > ifmember "group name"
> >> > net use I: "\\servername\it
> >> > net use R: "\\servername\vphome"
> >> > if errorlevel 1 set LS_Error=%LS_Error% I (HR)
> >> > goto HR
> >> >
> >> > :HR
> >> > ifmember "group name"
> >> > if not errorlevel 1 goto Client Shared Group
> >> > net use I: "\\servername\Financial HR"
> >> > if errorlevel 1 set LS_Error=%LS_Error% I (Client Shared Group)
> >> > goto Client Shared Group
> >>
> >> I'd suggest something along these lines:
> >>
> >> ifmember "domain\firstgroup"
> >> if errorlevel 1 (
> >> net use K: "\\servername\groups"
> >> net use N: "\\servername\Transfer Only"
> >> net use P: "\\servername\Apps"
> >> net use U: "\\servername\new Share\"
> >> )
> >>
> >> ifmember "domain\secondgroup"
> >> if errorlevel 1 (
> >> net use I: "\\servername\it
> >> net use R: "\\servername\vphome"
> >> )
> >>
> >> If you want your script to report an error mapping any drive, you will
> >> need
> >> to test after each net use command.
> >>
> >> /Al
> >>
> >>
> >>
> >>
> >>
>
>
>
|
|
"Calvin" <Calvin[ at ]discussions.microsoft.com> wrote in message
news:1187D885-32A5-4EB1-B59E-8ADC95A07606[ at ]microsoft.com...
[Quoted Text] > It works. Thanks gents.
> Would it be more managable to write this as a vbs instead of a batch file?
Depends on who would be managing it, what their skill levels are between
batch and vbscript, and possibly how complex the logic is going to have to
get to do what you want. That said, there are issues going to vbscript:
- Depending on the o/s's used, you might still need to have a batch logon
script, as not all o/s's can run a .vbs file directly as a logon script.
- you'd need to write a wrapper function to invoke ifmember and return the
result.
- if your script does other things as well, that code would have to be
converted.
- if your batch script calls separate batch files, and there were some
reason that you had to do the same in vbscript, you might need to do
something to avoid multiple windows popping up.
Having developed a vbscript logon script that maps drives based on group
membership, I have come to the conclusion that that may not be the most
effective way to use groups. I am in the process of lobbying to have the
logic changed to avoid using my ifmember wrapper because of performance
issues at VPN sites and for remote users. In your case, if all the shares
are on the same server, I would share out their common parent directory, and
manage access through NTFS security based on group membership.
> Why don't you guys just use call statements like normal people?
I do use call statements, but please don't confuse me with someone who wants
to be considered as "normal".
/Al
> "Al Dunbar" wrote:
>
>>
>> "Calvin" <Calvin[ at ]discussions.microsoft.com> wrote in message
>> news:475531EB-6DC7-438B-BE42-694FD3CDDC6A[ at ]microsoft.com...
>> > Thanks Al,
>> >
>> > Would I need to throw in a if, then, else statement if the user is a
>> > member
>> > of two or more groups? Sorry if that's the wrong terminology; I'm a
>> > DBA
>> > now
>> > Network Admin.
>>
>> No problem.
>>
>> As for the if-then-else business, this depends on what you actually want
>> to
>> have happen. In the general case a user can be a member of any number of
>> groups. If the various groups use different drive letters, then avoid the
>> if-then-else, and simply provide the user with all the mappings
>> appropriate
>> to his group memberships.
>>
>> If two groups use the same drive letter (like, say, if there were more
>> than
>> about 23 such groups), then you would have to decide which mapping takes
>> precedence, and code it to suit.
>>
>> /Al
>>
>> > "Al Dunbar" wrote:
>> >
>> >>
>> >> "Calvin" <Calvin[ at ]discussions.microsoft.com> wrote in message
>> >> news:FA12FCDE-143E-4150-8800-2A0AEC91471A[ at ]microsoft.com...
>> >> >I am trying to write a logon script to map network drives according
>> >> >to
>> >> >group
>> >> > membership. The script sees the global mappings, but doesn't
>> >> > continue
>> >> > to
>> >> > map
>> >> > the shares afterward according to that I have defined. Also, would
>> >> > this
>> >> > be
>> >> > better off as a vbs script rather than a batch file?
>> >> >
>> >> > Here's the script. Thanks in advance:
>> >>
>> >> You seem to test for two groups, one called "groupname", the other
>> >> called
>> >> "group name", which you test twice.
>> >>
>> >> The first ifmember will return an error code indicating whether or not
>> >> the
>> >> user is a member, but then your script ignores this and maps four
>> >> drives
>> >> unconditionally. It then sets an error code based on whether or not
>> >> the
>> >> mapping of drive U: failed. The "goto IT" statement then causes the
>> >> following blank line to be skipped, which seems to do nothing
>> >> particularly
>> >> useful. Much
>> >>
>> >> The next block does much the same.
>> >>
>> >> The final block avoids mapping I: if the user is not a member of
>> >> "group
>> >> name" by going to the next label starting with ":client", whether or
>> >> not
>> >> it
>> >> contains the words "shared group".
>> >>
>> >> > Echo ***Global drive mappings***
>> >> >
>> >> > ifmember "groupname"
>> >> > net use K: "\\servername\groups"
>> >> > net use N: "\\servername\Transfer Only"
>> >> > net use P: "\\servername\Apps"
>> >> > net use U: "\\servername\new Share\"
>> >> > if errorlevel 1 set LS_Error=%LS_Error% I (IT)
>> >> > goto IT
>> >> >
>> >> > :IT
>> >> > ifmember "group name"
>> >> > net use I: "\\servername\it
>> >> > net use R: "\\servername\vphome"
>> >> > if errorlevel 1 set LS_Error=%LS_Error% I (HR)
>> >> > goto HR
>> >> >
>> >> > :HR
>> >> > ifmember "group name"
>> >> > if not errorlevel 1 goto Client Shared Group
>> >> > net use I: "\\servername\Financial HR"
>> >> > if errorlevel 1 set LS_Error=%LS_Error% I (Client Shared Group)
>> >> > goto Client Shared Group
>> >>
>> >> I'd suggest something along these lines:
>> >>
>> >> ifmember "domain\firstgroup"
>> >> if errorlevel 1 (
>> >> net use K: "\\servername\groups"
>> >> net use N: "\\servername\Transfer Only"
>> >> net use P: "\\servername\Apps"
>> >> net use U: "\\servername\new Share\"
>> >> )
>> >>
>> >> ifmember "domain\secondgroup"
>> >> if errorlevel 1 (
>> >> net use I: "\\servername\it
>> >> net use R: "\\servername\vphome"
>> >> )
>> >>
>> >> If you want your script to report an error mapping any drive, you will
>> >> need
>> >> to test after each net use command.
>> >>
>> >> /Al
>> >>
>> >>
>> >>
>> >>
>> >>
>>
>>
>>
|
|
|