To manage who gets what and how on the workstations we use login scritps. In our Windows 2003 AD environment you can use group policy but we have been using kixtart and login.bat ever since NT4.0. It works that damn good. In my example my users are in group ABC & XYZ and will get mapped drives from certain files servers and printers from certain print servers.
Install the kixtart files to your sysvol direcory of your domain controller. By now they should have a template for you to follow (not sure I've haven't upgrade it in years). Anyway in AD under the user account profile tab in the section for login script put login.bat
In the sysvol folder of you domain controller create a text file add this entry to it
@echo off
%0\..\Kix32.exe kick.scr
then save it as login.bat When the user logs in they will be calling this file. This file will then execute Kixtart and call kick.scr
Kick.scr is the srcipt that does all the mapping based on where the user lies in AD. Here is an simple versio of the Kick.scr sript that I use. I have most things (; commented out ; = comment in the begining of each line)
;*****ABC Group*********************************************
If Ingroup ("ABC")
;Deploy intranet page to IE This will make their IE default to the company intranet page all the time.
writevalue("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main","Start Page","http://intranet_address_here","REG_SZ")
;Map Network Drives
;Example this will give all users in group ABC a network map for ABCresources on 'fileserver01' as a (Z) drive
use z: "\\fileserver01\ABCresources"
; use i: "\\servername\share"
; use j: "\\servername\share"
; use k: "\\servername\share"
; use l: "\\servername\share"
; use m: "\\servername\share"
; use n: "\\servername\share"
; use o: "\\servername\share"
; use p: "\\servername\share"
; use p: "\\servername\share"
; use r: "\\servername\share"
;Map to Network Printers
;Example this will give all users in group ABC a network printer called ABCgroup_color_printer from printserver1
addprinterconnection ("\\printserver1\ABCgroup_color_printer")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
;to delete a printer connection
;Example to delete the ABCgroup_color_printer from the group
delkey ("HKEY_CURRENT_USER\Printers\Connections\,,printserver1,ABCgroup_color_printer")
; delkey ("HKEY_CURRENT_USER\Printers\Connections\,,print_server_name,printer_name")
; delkey ("HKEY_CURRENT_USER\Printers\Connections\,,print_server_name,printer_name")
EndIf
;*******************************************************************
;*************XYZ Group*********************************************
If Ingroup ("XYZ")
;Deploy intranet page to IE
writevalue("HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main","Start Page","http://intranet_address_here","REG_SZ")
;Map Network Drives
; use i: "\\servername\share"
; use j: "\\servername\share"
; use k: "\\servername\share"
; use l: "\\servername\share"
; use m: "\\servername\share"
; use n: "\\servername\share"
; use o: "\\servername\share"
; use p: "\\servername\share"
; use p: "\\servername\share"
; use r: "\\servername\share"
;Map to Network Printers
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
; addprinterconnection ("\\print_server_name\printer_name")
;to delete a printer connection
; delkey ("HKEY_CURRENT_USER\Printers\Connections\,,print_server_name,printer_name")
; delkey ("HKEY_CURRENT_USER\Printers\Connections\,,print_server_name,printer_name")
; delkey ("HKEY_CURRENT_USER\Printers\Connections\,,print_server_name,printer_name")
EndIf
;*******************************************************************
So in this sample script I have two groups ABC & XYZ this represents the different groups in AD. This is one way of using the script. There are many ways to get the job done.
2 comments:
Thanks for the recommendation I'll check them out and see if my team likes it.
Noc
I know this post is old, but I wanted to point out a free open source gui based script generation based on kixstart.
Check out Script Start Community (It's FREE):
http://www.scriptstart.com/content.php?s=products
It creates an apache web server with Postgres on the box of your choice. You secure it to Administrators or any group in AD that you wish. You can then sign on and generate your scripts. Download the compiled simple ini file to your \\domainname\netlogon
Works pretty great.
Post a Comment