Logon Script to Map or Move specific network shares based on Active Directory Group Memberships
In this guide, you will learn how to create a Login Script that will:
A) Create A Network Share/Mapping a Network Drive (or even move a share from an old server to a new server location);
B) Add only certain Network Shares based on the login user's Group Memberships (e.g. Accounts/Sales etc.);
C) Add a shared printer;
D) Copy files to your User Profile during login;
E) Exceptions to NOT add drives/printers/files if you log on a certain computer (e.g. A Terminal Server)
Imagine
a scenario where you moved file servers, so all of a sudden
your shares from \\OLDSERVER\SHARE are now relocated to
\\NEWSERVER\SHARE. Then, imagine the complication that your network
users have different shares, based on whether they are in Accounts,
Sales, Technical etc. So, now you have to either create specific login
scripts for each user group to remap those shares, or you give everyone
the same shares.
Guru Guy thinks, as he is sure you will agree, that neither options are acceptable.
Luckily, he has developed a Visual Basic script that will solve this problem by mapping shares based on your Active Directory Group Memberships (of which you can have multiple members) and ensure everyone has the correct printers!
Guru Guy thinks, as he is sure you will agree, that neither options are acceptable.
Luckily, he has developed a Visual Basic script that will solve this problem by mapping shares based on your Active Directory Group Memberships (of which you can have multiple members) and ensure everyone has the correct printers!
Finally, do you want to copy certain files from a file share into your workstation's directories? e.g. Copy a shortcut to remote assistance onto the Desktop? Read on to learn more...!
Mapping A Drive Letter
Firstly, to map a network share in Visual Basic Scripting, the command WshNetwork.MapNetworkDrive achieves this. Guru Guy uses a custom function (I've called it MapDrive) in Visual Basic where you can, essentially in English, ask the script to map a drive letter X to your server share. It works as follows:
Dim WshNetwork, WshShell
Set WshNetwork = WScript.CreateObject("WScript.Network")
Sub MapDrive(Drive, Share)
For i = 0 to oDrives.Count -1 Step 2
if LCase(Drive) = LCase(oDrives.Item(i)) then
'the drive letter already exists, so do nothing
End if
Next
on error resume next
WshNetwork.MapNetworkDrive Drive, Share
on error goto 0
End Sub
MapDrive "P:", "\\SERVER\Public"
So, using the command MapDrive (which calls upon the sub-routine specified above) you can easily set in your login script to map a drive letter (in this example P) to the server share you specify.
Lookup Active Directory Group memberships using isMember
What if you'd like to get fancy? Why not set a rule, to only map drives based on Group Membership. Now, we introduce another function and variables to lookup the login user's memberships to then map drives specified:
Dim WshNetwork, WshShell
Set objNetwork = CreateObject("WScript.Network")
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set WshShell = WScript.CreateObject("WScript.Shell")
fUser = WshNetwork.UserName
fDomain = WshNetwork.UserDomain
Function IsMember(sGroup)
Dim sAdsPath, oUser, oGroup
If IsEmpty(oGroupDict) Then
Set oGroupDict = CreateObject("Scripting.Dictionary")
oGroupDict.CompareMode = vbTextCompare
sAdsPath = WshNetwork.UserDomain & "/" & WshNetwork.UserName
Set oUser = GetObject("WinNT://" & sAdsPath & ",user")
For Each oGroup In oUser.Groups
oGroupDict.Add oGroup.Name, "-"
Next
Set oUser = Nothing
End If
IsMember = CBool(oGroupDict.Exists(sGroup))
if (IsMember) then
'User is a member of the group specified.
end if
End Function
if isMember("Accounts") then
MapDrive "P:", "\\SERVER\Public"
MapDrive "T:", "\\SERVER\Templates"
MapDrive "V:", "\\SERVER\Accounts"
End If
In this scenario, using the Function isMember, you can ask the system to lookup the Active Directory Group Membership of the logged-in user. In the example above, I queried if the user was a member of the security group "Accounts". If so, the action was to map 3 drives.
Say you are moving servers, so you need to re-map drives P, T and V. Well, using the example above, again based on the user's membership you can call the VBScript command to remove the existing drive letters before you re-map the new drives.
Dim objNetwork
Set objNetwork = CreateObject("WScript.Network")
if isMember("Accounts") then
objNetwork.RemoveNetworkDrive "P:", true, true
objNetwork.RemoveNetworkDrive "T:", true, true
objNetwork.RemoveNetworkDrive "V:", true, true
MapDrive "P:", "\\SERVER\Public"
MapDrive "T:", "\\SERVER\Templates"
MapDrive "V:", "\\SERVER\Accounts"
End If
Now, using objNetwork variable we've made, calling the command "RemoveNetworkDrive" then specifying the drive letter, it then removes the said drive. This is really cool if the old letters were mapped in either the wrong place or on an old server.
Adding and Removing Printers
Now imagine you need to make available new printers. If your organisation is anything like i've seen, printers come and go over time and old ones still get left shared even if they no longer exist, so removing them might also be a nice feature.
Using the two sub-routines, we can then carry out these requests in the login script:
Dim WshNetwork, WshShell
Dim fComputername
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set WshShell = WScript.CreateObject("WScript.Shell")
Set WshSysEnv = WshShell.Environment("PROCESS")
fComputername = WshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
sub RemovePrinter(printerUNC)
Set oPrinters = WshNetwork.EnumPrinterConnections
For i = 0 to oPrinters.Count - 1 Step 2
if uCase(oPrinters.Item(i+1)) = uCase(printerUNC) then
on error resume next
WshNetwork.RemovePrinterConnection printerUNC, true, true
on error goto 0
exit sub
end if
Next
'If the program exits here, it means the Printer does not exist. In that case, do nothing
end sub
sub AddPrinter(printerUNC)
on error resume next
if (fComputername = "TERMINAL_SERVER") then
'Do Nothing on Terminal Server
else
WshNetwork.AddWindowsPrinterConnection printerUNC
end if
on error goto 0
end sub
RemovePrinter "\\SERVER\OldPrinter"
AddPrinter "\\SERVER\Printer"
A couple of things are happening here. Firstly we have set up two routines, one for adding a printer, the other for removing one.
However, in the adding a printer routine, we've added a rather cool clause - to only add a printer if the computer is NOT called "TERMINAL_SERVER". Many System Admins make login scripts to add printers for their users. Problems then occur when you give them remote access through Terminal Services or Member Servers, for example. So, in the routine above, note the IF statement which queries the name "Terminal_Server", and if the %COMPUTERNAME% Variable matches, it does nothing. Else, it will then run the WshNetwork.AddWindowsPrinterConnection command! Cool hey?!
Copy a File in Visual Basic Scripts
Finally, let's say you want to add a File Copy operation in the login script. Maybe through Group Policy you've enabled Remote Assistance? Or you just installed some fancy software over Group Policy but the shortcut only appears on the start menu, and you'd like to place it on the desktop? Well, read how to do this:
Dim objFSO, objFileCopy
Dim strFilePath, strDestination
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objNetwork = CreateObject("WScript.Network")
Set WshShell = CreateObject("WScript.Shell")
Set WshSysEnv = WshShell.Environment("PROCESS")
fComputername = WshShell.ExpandEnvironmentStrings("%COMPUTERNAME%")
sub FileCopy
on error resume next
if (fComputername = "TERMINAL_SERVER") then
'Do Nothing on Terminal Server
else
objFSO.CopyFile strFilePath, strDestination
end if
on error goto 0
end sub
strFilePath = "\\SERVER\SHARE\Shortcut.lnk"
strDestination = WshSysEnv("USERPROFILE") & "\Desktop\"
FileCopy
Again, quite a bit is happening here. Firstly, we've created a sub-routine called "FileCopy" in which similarly to the Printer routine, it checks the name of the computer encase you wish to avoid copying a file to the location if it is on a certain computer. (System Admins, think about your Terminal Servers where there is either no point copying a Remote Assistance shortcut (for example) or you may not have permission on that computer). In this scenario, it will copy the shortcut.lnk from \\SERVER\SHARE to the USER PROFILE\DESKTOP\.
You can of course change the command WshSysEnv("USERPROFILE") bit to just a location like in the strFilePath. However, if you are a user logging in, you probably want to copy a file to their user profile which is referenced as WshSysEnv("USERPROFILE"). Anything following the & command will append a file location, as above, it will copy it to the %USERPROFILE%\Desktop\
A complete script
Now let's put this all together. Guru Guy has a finished VB Script file which does all of the above with rules to do certain file share commands to different Active Directory Groups. Note, in this example, all the groups have the same printers and the same file copied to their desktop.
You can easily modify this behaviour to make the script suit your needs, so take a peak and change to your hearts desire! Good luck and enjoy the power of Visual Basic!
Related Guides:
- Customise Windows 7 Setup Installer and Create a Custom Windows 7 DVD;
- Install software via Group Policy Objects (GPOs);
- Configure Remote Assistance & Remote Desktop via Group Policy;
- Provide Windows XP Clients 32bit Fax Drivers from Windows Server 2008 x64
- Provide User-mode 3 x86 drivers on a 64-bit Server 2008 Share
Like what you've read? Was this of help? Contact Guru Guy to let him have your feedback!
Now why not visit Guru Guy's Vintage Computer Webshop to grab classic Vintage Computer Server Software!
