|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
08-16-2009
| #1 (permalink) |
| | Attempting to write my logon scripts - I want to do an IF / ElseIfstatement and match to what security group the user is in Hey everybody: Quick question for everyone out there. I'm currently trying to write my logon scripts for my users. I want to write only one / two vbscripts and do an IF / ElseIF statement (or a case statement) and match the user who is logging in up to a security group and that's how they will get their network drives mapped to them. I've been able to find examples on how to write these scripts based on the OU the user is in but I havent found one on how to do it based on a security group. If anyone has an example could you pass it over. Thanks - much appriciated in advance. Boyle |
My System Specs |
|
08-16-2009
| #2 (permalink) |
| | Re: Attempting to write my logon scripts - I want to do an IF / ElseIf statement and match to what security group the user is in "RBoyle" <ryan.j.boyle.cpg@xxxxxx> wrote in message news:5329a57e-7da5-452b-a98e-6555d3380fdc@xxxxxx Quote: > Hey everybody: > > Quick question for everyone out there. I'm currently trying to write > my logon scripts for my users. I want to write only one / two > vbscripts and do an IF / ElseIF statement (or a case statement) and > match the user who is logging in up to a security group and that's how > they will get their network drives mapped to them. > > I've been able to find examples on how to write these scripts based on > the OU the user is in but I havent found one on how to do it based on > a security group. > > If anyone has an example could you pass it over. > > Thanks - much appriciated in advance. > > Boyle (and printers) according to group membership: http://www.rlmueller.net/freecode2.htm The examples Logon3.vbs and Logon4.vbs are the most relevant. The method you use depends on the OS's supported, the number of groups to check, whether you want to recognize membership in nested groups, and whether you want to recognize membership in the "primary" group (not likely). Also I have this link for example VBScript functions to check membership: http://www.rlmueller.net/freecode1.htm The last link on this page discusses various other methods seen in the newsgroups (some recommended by Microsoft) and the flaws or limitations in these methods (and ways to avoid them). -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- |
| My System Specs |
|
08-16-2009
| #3 (permalink) |
| | Re: Attempting to write my logon scripts - I want to do an IF /ElseIf statement and match to what security group the user is in On Aug 16, 1:07*pm, "Richard Mueller [MVP]" <rlmueller- nos...@xxxxxx> wrote: Quote: > "RBoyle" <ryan.j.boyle....@xxxxxx> wrote in message > > news:5329a57e-7da5-452b-a98e-6555d3380fdc@xxxxxx > > > > > Quote: > > Hey everybody: Quote: > > Quick question for everyone out there. *I'm currently trying to write > > my logon scripts for my users. *I want to write only one / two > > vbscripts and do an IF / ElseIF statement (or a case statement) and > > match the user who is logging in up to a security group and that's how > > they will get their network drives mapped to them. Quote: > > I've been able to find examples on how to write these scripts based on > > the OU the user is in but I havent found one on how to do it based on > > a security group. Quote: > > If anyone has an example could you pass it over. Quote: > > Thanks - much appriciated in advance. Quote: > > Boyle > First a link for example VBScript logon scripts, most of which map drives > (and printers) according to group membership: > > http://www.rlmueller.net/freecode2.htm > > The examples Logon3.vbs and Logon4.vbs are the most relevant. The method you > use depends on the OS's supported, the number of groups to check, whether > you want to recognize membership in nested groups, and whether you want to > recognize membership in the "primary" group (not likely). Also I have this > link for example VBScript functions to check membership: > > http://www.rlmueller.net/freecode1.htm > > The last link on this page discusses various other methods seen in the > newsgroups (some recommended by Microsoft) and the flaws or limitations in > these methods (and ways to avoid them). > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab -http://www.rlmueller.net > --- Hide quoted text - > > - Show quoted text - Thanks for your quick response: I'm going to take a look at your site right now -- just to add on to my previous post: My Clients are Windows XP clients. They are on a Windows Server 2003 Domain environment -- most of my servers are Windows Server 2003 boxes (I have a few outstanding Windows 2000 Server boxes in my environment -- they are on the 03 domain.) Thanks again. Ryan |
| My System Specs |
|
08-16-2009
| #4 (permalink) |
| | Re: Attempting to write my logon scripts - I want to do an IF /ElseIf statement and match to what security group the user is in On Aug 16, 1:35*pm, RBoyle <ryan.j.boyle....@xxxxxx> wrote: Quote: > On Aug 16, 1:07*pm, "Richard Mueller [MVP]" <rlmueller- > > > > > > nos...@xxxxxx> wrote: Quote: > > "RBoyle" <ryan.j.boyle....@xxxxxx> wrote in message Quote: > >news:5329a57e-7da5-452b-a98e-6555d3380fdc@xxxxxx Quote: Quote: > > > Hey everybody: Quote: Quote: > > > Quick question for everyone out there. *I'm currently trying to write > > > my logon scripts for my users. *I want to write only one / two > > > vbscripts and do an IF / ElseIF statement (or a case statement) and > > > match the user who is logging in up to a security group and that's how > > > they will get their network drives mapped to them. Quote: Quote: > > > I've been able to find examples on how to write these scripts based on > > > the OU the user is in but I havent found one on how to do it based on > > > a security group. Quote: Quote: > > > If anyone has an example could you pass it over. Quote: Quote: > > > Thanks - much appriciated in advance. Quote: Quote: > > > Boyle Quote: > > First a link for example VBScript logon scripts, most of which map drives > > (and printers) according to group membership: Quote: Quote: > > The examples Logon3.vbs and Logon4.vbs are the most relevant. The method you > > use depends on the OS's supported, the number of groups to check, whether > > you want to recognize membership in nested groups, and whether you wantto > > recognize membership in the "primary" group (not likely). Also I have this > > link for example VBScript functions to check membership: Quote: Quote: > > The last link on this page discusses various other methods seen in the > > newsgroups (some recommended by Microsoft) and the flaws or limitationsin > > these methods (and ways to avoid them). Quote: > > -- > > Richard Mueller > > MVP Directory Services > > Hilltop Lab -http://www.rlmueller.net > > --- Hide quoted text - Quote: > > - Show quoted text - > Richard, > > Thanks for your quick response: > > I'm going to take a look at your site right now -- just to add on to > my previous post: > > My Clients are Windows XP clients. *They are on a Windows Server 2003 > Domain environment -- most of my servers are Windows Server 2003 boxes > (I have a few outstanding Windows 2000 Server boxes in my environment > -- they are on the 03 domain.) > > Thanks again. > > Ryan- Hide quoted text - > > - Show quoted text - To add on to my first reply. My domain name is cph.local I'm Trying to pull my security groups out of the following OU (we'll name the first one testGroup) - Security Groups \ File Access Groups What would the query would look like (just so I can get my variable assigned similar to how you have the following set up in your logon4.txt file) -- Set objGroup1 = GetObject("LDAP:// cn=TestGroup,ou=Sales,dc=MyDomain,dc=com") Thanks - again the help is much appriciated in advance. Boyle |
| My System Specs |
|
08-16-2009
| #5 (permalink) |
| | Re: Attempting to write my logon scripts - I want to do an IF / ElseIf statement and match to what security group the user is in Richard, To add on to my first reply. My domain name is cph.local I'm Trying to pull my security groups out of the following OU (we'll name the first one testGroup) - Security Groups \ File Access Groups What would the query would look like (just so I can get my variable assigned similar to how you have the following set up in your logon4.txt file) -- Set objGroup1 = GetObject("LDAP:// cn=TestGroup,ou=Sales,dc=MyDomain,dc=com") Thanks - again the help is much appriciated in advance. Boyle -------------- If your domain is cph.local, and the Common Name of the group is "TestGroup", and it resides in an ou called "ou=File Access Groups", which in turn resides in "ou=Security Groups" (which is at the root of the domain), then you would bind with: Set objGroup1 = GetObject("LDAP://cn=TestGroup,ou=File Access groups,ou=Security Groups,dc=cph,dc=local") The binding string (the string in quotes above) can be difficult to determine if you are not used to the syntax. It reflects the hierarchy of your AD domain. You can use ADSI Edit to browse objects in AD and view the value of the distinguishedName attribute. Or, in ADUC, look at the "Fully qualified domain name of the object" on the "Object" tab. This lists the components in reverse order. For example, if the "Fully qualified domain name" is: cph.local/Security Groups/File Access Groups/TestGroup then your binding string will match my example above. The only thing is you cannot tell if the components are ou, dc, or cn from the fully qualified name. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- |
| My System Specs |
|
08-16-2009
| #6 (permalink) |
| | Re: Attempting to write my logon scripts - I want to do an IF /ElseIf statement and match to what security group the user is in On Aug 16, 3:18*pm, "Richard Mueller [MVP]" <rlmueller- nos...@xxxxxx> wrote: Quote: > Richard, > > To add on to my first reply. > > My domain name is cph.local > > I'm Trying to pull my security groups out of the following OU (we'll > name the first one testGroup) - Security Groups \ File Access Groups > > What would the query would look like (just so I can get my variable > assigned similar to how you have the following set up in your > logon4.txt file) *-- Set objGroup1 = GetObject("LDAP:// > cn=TestGroup,ou=Sales,dc=MyDomain,dc=com") > > Thanks - again the help is much appriciated in advance. > > Boyle > -------------- > If your domain is cph.local, and the Common Name of the group is > "TestGroup", and it resides in an ou called "ou=File Access Groups", which > in turn resides in "ou=Security Groups" (which is at the root of the > domain), then you would bind with: > > Set objGroup1 = GetObject("LDAP://cn=TestGroup,ou=File Access > groups,ou=Security Groups,dc=cph,dc=local") > > The binding string (the string in quotes above) can be difficult to > determine if you are not used to the syntax. It reflects the hierarchy of > your AD domain. You can use ADSI Edit to browse objects in AD and view the > value of the distinguishedName attribute. Or, in ADUC, look at the "Fully > qualified domain name of the object" on the "Object" tab. This lists the > components in reverse order. For example, if the "Fully qualified domain > name" is: > > cph.local/Security Groups/File Access Groups/TestGroup > > then your binding string will match my example above. The only thing is you > cannot tell if the components are ou, dc, or cn from the fully qualified > name. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab -http://www.rlmueller.net > -- Thanks again for the quick response --- Here is what my logon script currently looks like: Const ENGINEERING_GROUP = "cn=engineering" Const FINANCE_GROUP = "cn=finance" Const HUMAN_RESOURCES_GROUP = "cn=human resources" Const IT_GROUP = "cn=IT$ DEPARTMENT (R & W)" Set wshNetwork = CreateObject("WScript.Network") Set ADSysInfo = CreateObject("ADSystemInfo") Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName) Set objGroup1 = GetObject("LDAP://cn=IT$ DEPARTMENT (R & W),ou=File Access Groups,ou=Security Groups,dc=cph,dc=local") strGroups = LCase(Join(CurrentUser.MemberOf)) If InStr(objGroup1) Then wshNetwork.RemoveNetworkDrive "I:" wshNetwork.RemoveNetworkDrive "Z:" wshNetwork.RemoveNetworkDrive "K:" wshNetwork.MapNetworkDrive "I:", "\\netwincp\it$\" wshNetwork.MapNetworkDrive "Z:", "\\netwincp\accounting\" wshNetwork.MapNetworkDrive "K:", "\\netwincp\kdrive\" End If ---------------- When I go to login into a box on my cph.local domain I'm getting the following error message: Line 16 / Char 1 Error - Wrong number of arguments or invalid property assignment: 'InStr' Code - 800A01C2 MS VBScript error. ---- Any ideas on what this error message is comming from and how to fix it. Thanks again Richard, the help is much appriciated. Ryan |
| My System Specs |
|
08-16-2009
| #7 (permalink) |
| | Re: Attempting to write my logon scripts - I want to do an IF / ElseIf statement and match to what security group the user is in "RBoyle" <ryan.j.boyle.cpg@xxxxxx> wrote in message news:1a553212-5780-4c56-91f4-6e88fc6fd4e2@xxxxxx Quote: > On Aug 16, 3:18 pm, "Richard Mueller [MVP]" <rlmueller- > nos...@xxxxxx> wrote: Quote: >> Richard, >> >> To add on to my first reply. >> >> My domain name is cph.local >> >> I'm Trying to pull my security groups out of the following OU (we'll >> name the first one testGroup) - Security Groups \ File Access Groups >> >> What would the query would look like (just so I can get my variable >> assigned similar to how you have the following set up in your >> logon4.txt file) -- Set objGroup1 = GetObject("LDAP:// >> cn=TestGroup,ou=Sales,dc=MyDomain,dc=com") >> >> Thanks - again the help is much appriciated in advance. >> >> Boyle >> -------------- >> If your domain is cph.local, and the Common Name of the group is >> "TestGroup", and it resides in an ou called "ou=File Access Groups", >> which >> in turn resides in "ou=Security Groups" (which is at the root of the >> domain), then you would bind with: >> >> Set objGroup1 = GetObject("LDAP://cn=TestGroup,ou=File Access >> groups,ou=Security Groups,dc=cph,dc=local") >> >> The binding string (the string in quotes above) can be difficult to >> determine if you are not used to the syntax. It reflects the hierarchy of >> your AD domain. You can use ADSI Edit to browse objects in AD and view >> the >> value of the distinguishedName attribute. Or, in ADUC, look at the "Fully >> qualified domain name of the object" on the "Object" tab. This lists the >> components in reverse order. For example, if the "Fully qualified domain >> name" is: >> >> cph.local/Security Groups/File Access Groups/TestGroup >> >> then your binding string will match my example above. The only thing is >> you >> cannot tell if the components are ou, dc, or cn from the fully qualified >> name. >> >> -- >> Richard Mueller >> MVP Directory Services >> Hilltop Lab -http://www.rlmueller.net >> -- > Richard, > > Thanks again for the quick response --- > > Here is what my logon script currently looks like: > > Const ENGINEERING_GROUP = "cn=engineering" > Const FINANCE_GROUP = "cn=finance" > Const HUMAN_RESOURCES_GROUP = "cn=human resources" > Const IT_GROUP = "cn=IT$ DEPARTMENT (R & W)" > > > Set wshNetwork = CreateObject("WScript.Network") > Set ADSysInfo = CreateObject("ADSystemInfo") > Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName) > > Set objGroup1 = GetObject("LDAP://cn=IT$ DEPARTMENT (R & W),ou=File > Access Groups,ou=Security Groups,dc=cph,dc=local") > > > strGroups = LCase(Join(CurrentUser.MemberOf)) > > If InStr(objGroup1) Then > > wshNetwork.RemoveNetworkDrive "I:" > wshNetwork.RemoveNetworkDrive "Z:" > wshNetwork.RemoveNetworkDrive "K:" > > wshNetwork.MapNetworkDrive "I:", "\\netwincp\it$\" > wshNetwork.MapNetworkDrive "Z:", "\\netwincp\accounting\" > wshNetwork.MapNetworkDrive "K:", "\\netwincp\kdrive\" > > End If > > ---------------- > > When I go to login into a box on my cph.local domain I'm getting the > following error message: > > Line 16 / Char 1 > Error - Wrong number of arguments or invalid property assignment: > 'InStr' > Code - 800A01C2 > MS VBScript error. > > ---- > > Any ideas on what this error message is comming from and how to fix > it. created your other post on this subject "Creating logon scripts - the script will map different sets of drives..." /Al Quote: > Thanks again Richard, the help is much appriciated. > > Ryan > |
| My System Specs |
|
08-16-2009
| #8 (permalink) |
| | Re: Attempting to write my logon scripts - I want to do an IF / ElseIf statement and match to what security group the user is in "RBoyle" <ryan.j.boyle.cpg@xxxxxx> wrote in message news:1a553212-5780-4c56-91f4-6e88fc6fd4e2@xxxxxx On Aug 16, 3:18 pm, "Richard Mueller [MVP]" <rlmueller- nos...@xxxxxx> wrote: Quote: > Richard, > > To add on to my first reply. > > My domain name is cph.local > > I'm Trying to pull my security groups out of the following OU (we'll > name the first one testGroup) - Security Groups \ File Access Groups > > What would the query would look like (just so I can get my variable > assigned similar to how you have the following set up in your > logon4.txt file) -- Set objGroup1 = GetObject("LDAP:// > cn=TestGroup,ou=Sales,dc=MyDomain,dc=com") > > Thanks - again the help is much appriciated in advance. > > Boyle > -------------- > If your domain is cph.local, and the Common Name of the group is > "TestGroup", and it resides in an ou called "ou=File Access Groups", which > in turn resides in "ou=Security Groups" (which is at the root of the > domain), then you would bind with: > > Set objGroup1 = GetObject("LDAP://cn=TestGroup,ou=File Access > groups,ou=Security Groups,dc=cph,dc=local") > > The binding string (the string in quotes above) can be difficult to > determine if you are not used to the syntax. It reflects the hierarchy of > your AD domain. You can use ADSI Edit to browse objects in AD and view the > value of the distinguishedName attribute. Or, in ADUC, look at the "Fully > qualified domain name of the object" on the "Object" tab. This lists the > components in reverse order. For example, if the "Fully qualified domain > name" is: > > cph.local/Security Groups/File Access Groups/TestGroup > > then your binding string will match my example above. The only thing is > you > cannot tell if the components are ou, dc, or cn from the fully qualified > name. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab -http://www.rlmueller.net > -- Thanks again for the quick response --- Here is what my logon script currently looks like: Const ENGINEERING_GROUP = "cn=engineering" Const FINANCE_GROUP = "cn=finance" Const HUMAN_RESOURCES_GROUP = "cn=human resources" Const IT_GROUP = "cn=IT$ DEPARTMENT (R & W)" Set wshNetwork = CreateObject("WScript.Network") Set ADSysInfo = CreateObject("ADSystemInfo") Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName) Set objGroup1 = GetObject("LDAP://cn=IT$ DEPARTMENT (R & W),ou=File Access Groups,ou=Security Groups,dc=cph,dc=local") strGroups = LCase(Join(CurrentUser.MemberOf)) If InStr(objGroup1) Then wshNetwork.RemoveNetworkDrive "I:" wshNetwork.RemoveNetworkDrive "Z:" wshNetwork.RemoveNetworkDrive "K:" wshNetwork.MapNetworkDrive "I:", "\\netwincp\it$\" wshNetwork.MapNetworkDrive "Z:", "\\netwincp\accounting\" wshNetwork.MapNetworkDrive "K:", "\\netwincp\kdrive\" End If ---------------- When I go to login into a box on my cph.local domain I'm getting the following error message: Line 16 / Char 1 Error - Wrong number of arguments or invalid property assignment: 'InStr' Code - 800A01C2 MS VBScript error. ---- Any ideas on what this error message is comming from and how to fix it. Thanks again Richard, the help is much appriciated. Ryan ----------------------------------------------- I'm just guessing (and I hate counting lines), but I think this is the line in question: If InStr(objGroup1) Then My reading of the scripting help file script56.chm shows this as the syntax for the InStr function: InStr([start, ]string1, string2[, compare]) Maybe you are not providing enough arguments to the function. It is often useful to paste the exact contents of the error message into your post. It is easy to copy. Just make the error message window the active window, press Control-C, and then paste the result into Notepad. Select the meaningful part from Notepad and copy it to your post. And then copy the line mentioned in the error message too. Then it is very easy for the volunteers in the newsgroup to understand exactly where and what the error is. -Paul Randall |
| My System Specs |
|
08-16-2009
| #9 (permalink) |
| | Re: Attempting to write my logon scripts - I want to do an IF / ElseIf statement and match to what security group the user is in "RBoyle" <ryan.j.boyle.cpg@xxxxxx> wrote in message news:1a553212-5780-4c56-91f4-6e88fc6fd4e2@xxxxxx On Aug 16, 3:18 pm, "Richard Mueller [MVP]" <rlmueller- nos...@xxxxxx> wrote: Quote: > Richard, > > To add on to my first reply. > > My domain name is cph.local > > I'm Trying to pull my security groups out of the following OU (we'll > name the first one testGroup) - Security Groups \ File Access Groups > > What would the query would look like (just so I can get my variable > assigned similar to how you have the following set up in your > logon4.txt file) -- Set objGroup1 = GetObject("LDAP:// > cn=TestGroup,ou=Sales,dc=MyDomain,dc=com") > > Thanks - again the help is much appriciated in advance. > > Boyle > -------------- > If your domain is cph.local, and the Common Name of the group is > "TestGroup", and it resides in an ou called "ou=File Access Groups", which > in turn resides in "ou=Security Groups" (which is at the root of the > domain), then you would bind with: > > Set objGroup1 = GetObject("LDAP://cn=TestGroup,ou=File Access > groups,ou=Security Groups,dc=cph,dc=local") > > The binding string (the string in quotes above) can be difficult to > determine if you are not used to the syntax. It reflects the hierarchy of > your AD domain. You can use ADSI Edit to browse objects in AD and view the > value of the distinguishedName attribute. Or, in ADUC, look at the "Fully > qualified domain name of the object" on the "Object" tab. This lists the > components in reverse order. For example, if the "Fully qualified domain > name" is: > > cph.local/Security Groups/File Access Groups/TestGroup > > then your binding string will match my example above. The only thing is > you > cannot tell if the components are ou, dc, or cn from the fully qualified > name. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab -http://www.rlmueller.net > -- Thanks again for the quick response --- Here is what my logon script currently looks like: Const ENGINEERING_GROUP = "cn=engineering" Const FINANCE_GROUP = "cn=finance" Const HUMAN_RESOURCES_GROUP = "cn=human resources" Const IT_GROUP = "cn=IT$ DEPARTMENT (R & W)" Set wshNetwork = CreateObject("WScript.Network") Set ADSysInfo = CreateObject("ADSystemInfo") Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName) Set objGroup1 = GetObject("LDAP://cn=IT$ DEPARTMENT (R & W),ou=File Access Groups,ou=Security Groups,dc=cph,dc=local") strGroups = LCase(Join(CurrentUser.MemberOf)) If InStr(objGroup1) Then wshNetwork.RemoveNetworkDrive "I:" wshNetwork.RemoveNetworkDrive "Z:" wshNetwork.RemoveNetworkDrive "K:" wshNetwork.MapNetworkDrive "I:", "\\netwincp\it$\" wshNetwork.MapNetworkDrive "Z:", "\\netwincp\accounting\" wshNetwork.MapNetworkDrive "K:", "\\netwincp\kdrive\" End If ---------------- When I go to login into a box on my cph.local domain I'm getting the following error message: Line 16 / Char 1 Error - Wrong number of arguments or invalid property assignment: 'InStr' Code - 800A01C2 MS VBScript error. ---- Any ideas on what this error message is comming from and how to fix it. Thanks again Richard, the help is much appriciated. Ryan ----------- You pass the object reference objGroup1 to the InStr function, which will raise an error. You probably need something like: If (InStr(strGroups, ENGINEERING_GROUP) > 0) Then Using this technique, there is no need to bind to the group objects, since you are comparing to the Common Names of the groups, using the constants you defined. Unless you use the group object reference, don't bind since it slows down the script. There is one gotcha you need to look out for. The Join function will raise an error unless the memberOf attribute of the user has at least two values. It may have one or even no values. In place of: strGroups = LCase(Join(CurrentUser.MemberOf)) I would use ======= On Error Resume Next arrGroups = CurrentUser.GetEx("memberOf") If (Err.Number <> 0) Then On Error GoTo 0 strGroups = "" Else On Error GoTo 0 strGroups = LCase(Join(arrGroups) End If ======= This is one of those commonly used methods (I think even suggested by Microsoft), which is flawed. The GetEx method improves on the situation, because it only raises an error if there are no groups. If there is one group, it retrieves the attribute as an array with one value. You still must trap the error if there are no groups. I explain this, and other issues, in this link: http://www.rlmueller.net/MemberOf.htm -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- |
| My System Specs |
|
08-16-2009
| #10 (permalink) |
| | Re: Attempting to write my logon scripts - I want to do an IF /ElseIf statement and match to what security group the user is in On Aug 16, 4:35*pm, "Richard Mueller [MVP]" <rlmueller- nos...@xxxxxx> wrote: Quote: > "RBoyle" <ryan.j.boyle....@xxxxxx> wrote in message > > news:1a553212-5780-4c56-91f4-6e88fc6fd4e2@xxxxxx > On Aug 16, 3:18 pm, "Richard Mueller [MVP]" <rlmueller- > > > > > > nos...@xxxxxx> wrote: Quote: > > Richard, Quote: > > To add on to my first reply. Quote: > > My domain name is cph.local Quote: > > I'm Trying to pull my security groups out of the following OU (we'll > > name the first one testGroup) - Security Groups \ File Access Groups Quote: > > What would the query would look like (just so I can get my variable > > assigned similar to how you have the following set up in your > > logon4.txt file) -- Set objGroup1 = GetObject("LDAP:// > > cn=TestGroup,ou=Sales,dc=MyDomain,dc=com") Quote: > > Thanks - again the help is much appriciated in advance. Quote: > > Boyle > > -------------- > > If your domain is cph.local, and the Common Name of the group is > > "TestGroup", and it resides in an ou called "ou=File Access Groups", which > > in turn resides in "ou=Security Groups" (which is at the root of the > > domain), then you would bind with: Quote: > > Set objGroup1 = GetObject("LDAP://cn=TestGroup,ou=File Access > > groups,ou=Security Groups,dc=cph,dc=local") Quote: > > The binding string (the string in quotes above) can be difficult to > > determine if you are not used to the syntax. It reflects the hierarchy of > > your AD domain. You can use ADSI Edit to browse objects in AD and view the > > value of the distinguishedName attribute. Or, in ADUC, look at the "Fully > > qualified domain name of the object" on the "Object" tab. This lists the > > components in reverse order. For example, if the "Fully qualified domain > > name" is: Quote: > > cph.local/Security Groups/File Access Groups/TestGroup Quote: > > then your binding string will match my example above. The only thing is > > you > > cannot tell if the components are ou, dc, or cn from the fully qualified > > name. Quote: > > -- > > Richard Mueller > > MVP Directory Services > > Hilltop Lab -http://www.rlmueller.net > > -- > Richard, > > Thanks again for the quick response --- > > Here is what my logon script currently looks like: > > Const ENGINEERING_GROUP * * = "cn=engineering" > Const FINANCE_GROUP * * * * = "cn=finance" > Const HUMAN_RESOURCES_GROUP = "cn=human resources" > Const IT_GROUP = "cn=IT$ DEPARTMENT (R & W)" > > Set wshNetwork = CreateObject("WScript.Network") > Set ADSysInfo = CreateObject("ADSystemInfo") > Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName) > > Set objGroup1 = GetObject("LDAP://cn=IT$ DEPARTMENT (R & W),ou=File > Access Groups,ou=Security Groups,dc=cph,dc=local") > > strGroups = LCase(Join(CurrentUser.MemberOf)) > > If InStr(objGroup1) Then > > * * wshNetwork.RemoveNetworkDrive "I:" > * * wshNetwork.RemoveNetworkDrive "Z:" > * * wshNetwork.RemoveNetworkDrive "K:" > > * * wshNetwork.MapNetworkDrive "I:", "\\netwincp\it$\" > * * wshNetwork.MapNetworkDrive "Z:", "\\netwincp\accounting\" > * * wshNetwork.MapNetworkDrive "K:", "\\netwincp\kdrive\" > > End If > > ---------------- > > When I go to login into a box on my cph.local domain I'm getting the > following error message: > > Line 16 / Char 1 > Error - Wrong number of arguments or invalid property assignment: > 'InStr' > Code - 800A01C2 > MS VBScript error. > > ---- > > Any ideas on what this error message is comming from and how to fix > it. > > Thanks again Richard, the help is much appriciated. > > Ryan > ----------- > You pass the object reference objGroup1 to the InStr function, which will > raise an error. You probably need something like: > > If (InStr(strGroups, ENGINEERING_GROUP) > 0) Then > > Using this technique, there is no need to bind to the group objects, since > you are comparing to the Common Names of the groups, using the constants you > defined. Unless you use the group object reference, don't bind since it > slows down the script. > > There is one gotcha you need to look out for. The Join function will raise > an error unless the memberOf attribute of the user has at least two values. > It may have one or even no values. In place of: > > strGroups = LCase(Join(CurrentUser.MemberOf)) > > I would use > ======= > On Error Resume Next > arrGroups = CurrentUser.GetEx("memberOf") > If (Err.Number <> 0) Then > * * On Error GoTo 0 > * * strGroups = "" > Else > * * On Error GoTo 0 > * * strGroups = LCase(Join(arrGroups) > End If > ======= > This is one of those commonly used methods (I think even suggested by > Microsoft), which is flawed. The GetEx method improves on the situation, > because it only raises an error if there are no groups. If there is one > group, it retrieves the attribute as an array with one value. You still must > trap the error if there are no groups. I explain this, and other issues, in > this link: > > http://www.rlmueller.net/MemberOf.htm > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab -http://www.rlmueller.net > --- Hide quoted text - > > - Show quoted text - Just so i make sure I'm understanding you clearly -- below is what I just changed my script to -- please verify if this is the correct: Const ENGINEERING_GROUP = "cn=engineering" Const FINANCE_GROUP = "cn=finance" Const HUMAN_RESOURCES_GROUP = "cn=human resources" Const IT_GROUP = "cn=IT$ DEPARTMENT (R & W)" Set wshNetwork = CreateObject("WScript.Network") Set ADSysInfo = CreateObject("ADSystemInfo") Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName) Set objGroup1 = GetObject("LDAP://cn=IT$ DEPARTMENT (R & W),ou=File Access Groups,ou=Security Groups,dc=cph,dc=local") ' Replace the following statement -- strGroups = LCase(Join (CurrentUser.MemberOf)) arrGroups = CurrentUser.GetEx("memberOf") If (Err.Number <> 0) Then On Error GoTo 0 strGroups = "" Else On Error GoTo 0 strGroups = LCase(Join(arrGroups) End If If InStr(strGroups, objGroup1) Then wshNetwork.RemoveNetworkDrive "I:" wshNetwork.RemoveNetworkDrive "Z:" wshNetwork.RemoveNetworkDrive "K:" wshNetwork.MapNetworkDrive "I:", "\\netwincp\it$\" wshNetwork.MapNetworkDrive "Z:", "\\netwincp\accounting\" wshNetwork.MapNetworkDrive "K:", "\\netwincp\kdrive\" End If ---- Thanks again - much appriciated. Ryan |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Creating logon scripts - the script will map different sets of drivesdepending on the security grp the user is in. | VB Script | |||
| Create user group in vista basic without the user and group manager window | Vista security | |||
| add user to group /group scope - Global /Group type - Security | PowerShell | |||
| Group and user security policies in Vista Home Premium | Vista security | |||
| Group Policy Logon scripts | Vista networking & sharing | |||
