Windows Server 2003 Logon Scripts Paul Flynn



Similar documents
Create, Link, or Edit a GPO with Active Directory Users and Computers

Setting Up Database Security with Access 97

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Module 4: Implementing User, Group, and Computer Accounts

CONFIGURING TARGET ACTIVE DIRECTORY DOMAIN FOR AUDIT BY NETWRIX AUDITOR

Active Directory Authentication Integration

Objectives. At the end of this chapter students should be able to:

How to monitor AD security with MOM

NT Authentication Configuration Guide

Using Logon Agent for Transparent User Identification

Video Administration Backup and Restore Procedures

ibaan ERP 5.2a Configuration Guide for ibaan ERP Windows Client

Changing Passwords in Cisco Unity 8.x

Windows Clients and GoPrint Print Queues

Joining. Domain. Windows XP Pro

ContentWatch Auto Deployment Tool

econtrol 3.5 for Active Directory & Exchange Administrator Guide

Spambrella SaaS Encryption Enablement for Customers, Domains and Users Quick Start Guide

There are only a couple of things that need to happen once you've ordered the product from our Service Manager.

Integration with Active Directory

Moving the TRITON Reporting Databases

Specops Command. Installation Guide

Integrating LANGuardian with Active Directory

DeviceLock Management via Group Policy

How To Install Ctera Agent On A Pc Or Macbook With Acedo (Windows) On A Macbook Or Macintosh (Windows Xp) On An Ubuntu (Windows 7) On Pc Or Ipad

How To - Implement Single Sign On Authentication with Active Directory

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Active Directory integration with CloudByte ElastiStor

Module 3: Implementing an Organizational Unit Structure

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

File and Printer Sharing with Microsoft Windows

Installation and Configuration Guide

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

DeviceLock Management via Group Policy

Password Policy Enforcer

LDAP Server Configuration Example

Windows 2008 Server DIRECTIVAS DE GRUPO. Administración SSII

Microsoft Virtual Labs. Active Directory New User Interface

Module 1: Introduction to Active Directory Infrastructure

Restructuring Active Directory Domains Within a Forest

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

NSi Mobile Installation Guide. Version 6.2

Module 2: Managing User and Computer Accounts

StarTeam/CaliberRM LDAP QuickStart Manager Administration Guide

Entrust Certificate Services for Adobe CDS

CentreWare for Microsoft Operations Manager. User Guide

Forms Printer User Guide

Configuring User Identification via Active Directory

Installing Samsung SDS CellWe EMM cloud connectors and administrator consoles

ECAT SWE Exchange Customer Administration Tool Web Interface User Guide Version 6.7

Active Directory Software Deployment

Active Directory Integration Guide

Using LDAP Authentication in a PowerCenter Domain

ECA IIS Instructions. January 2005

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Group Policy 21/05/2013

Creating, Running, and Scheduling Scripts

LAB 1: Installing Active Directory Federation Services

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

TestElite - Troubleshooting

Sample Configuration: Cisco UCS, LDAP and Active Directory

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

ThinManager and Active Directory

NETWRIX CHANGE NOTIFIER

EventTracker: Support to Non English Systems

FTP Server Configuration

Modular Messaging. Release 3.0 / 3.1. Diminished Permissions for Exchange.

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Networking Lab - Vista Public Network Sharing

SECURE MOBILE ACCESS MODULE USER GUIDE EFT 2013

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

Installation Logon Recording Basis. By AD Logon Name AD Logon Name(recommended) By Windows Logon Name IP Address

Technical Bulletin. SQL Express Backup Utility

Comodo MyDLP Software Version 2.0. Endpoint Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

9 Administering Shared Folders

Pcounter CGI Utilities Installation and Configuration For Pcounter for Windows version 2.55 and above

Netop Remote Control User's Guide. Version 12.20

Avatier Identity Management Suite

Setting Up, Managing, and Troubleshooting Security Accounts and Policies

Lepide Software. LepideAuditor for File Server [CONFIGURATION GUIDE] This guide informs How to configure settings for first time usage of the software

Sophos Anti-Virus for NetApp Storage Systems startup guide

PageScope Router. Version 1.5. Configuration Guide

Installation Instruction STATISTICA Enterprise Server

User Profile Manager 2.6

Introduction. Configurations. Installation. Vault Manufacturing Server

NETWRIX WINDOWS SERVER CHANGE REPORTER

Managing an Active Directory Infrastructure O BJECTIVES

Exclaimer Signature Manager 2.0 User Manual

User Management Guide

Autograph 3.3 Network Installation

Sage 200 Web Time & Expenses Guide

SSL Installing your new Certificate

4cast Client Specification and Installation

3 Setting up Databases on a Microsoft SQL 7.0 Server

Integrating Webalo with LDAP or Active Directory

Deploying BitDefender Client Security and BitDefender Windows Server Solutions

How to configure MAC authentication on a ProCurve switch

Migration Strategies and Tools for the HP Print Server Appliance

Transcription:

Creating logon scripts You can use logon scripts to assign tasks that will be performed when a user logs on to a particular computer. The scripts can carry out operating system commands, set system environment variables, and call other scripts or executable programs. The Windows Server 2003 family supports two scripting environments: the command processor runs files containing batch language commands, and Windows Script Host (WSH) runs files containing Microsoft Visual Basic Scripting Edition (VBScript) or Jscript commands. You can use a text editor to create logon scripts. Some tasks commonly performed by logon scripts include: Mapping network drives. Installing and setting a user's default printer. Collecting computer system information. Updating virus signatures. Updating software. The following example logon script contains VBScript commands that use Active Directory Service Interfaces (ADSI) to perform three common tasks based on a user's group membership: 1. It maps the H: drive to the home directory of the user by calling the WSH Network object's MapNetworkDrive method in combination with the WSH Network object's UserName property. 2. It uses the ADSI IADsADSystemInfo object to obtain the current user's distinguished name, which in turn is used to connect to the corresponding user object in Active Directory. Once the connection is established, the list of groups the user is a member of is retrieved by using the user's memberof attribute. The multivalued list of group names is joined into a single string by using VBScript's Join function to make it easier to search for target group names. 3. If the current user is a member of one of the three groups defined at the top of the script, then the script maps the user's G: drive to the group shared drive, and sets the user's default printer to be the group printer. To create an example logon script 1. Open Notepad. 2. Copy and paste, or type, the following: Copy Code Const ENGINEERING_GROUP = "cn=engineering" Const FINANCE_GROUP = "cn=finance" Const HUMAN_RESOURCES_GROUP = "cn=human resources" Set wshnetwork = CreateObject("WScript.Network") wshnetwork.mapnetworkdrive "h:", "\\FileServer\Users\" & wshnetwork.username Set ADSysInfo = CreateObject("ADSystemInfo") Set CurrentUser = GetObject("LDAP://" & ADSysInfo.UserName) strgroups = LCase(Join(CurrentUser.MemberOf)) 1

If InStr(strGroups, ENGINEERING_GROUP) Then wshnetwork.mapnetworkdrive "g:", "\\FileServer\Engineering\" "\\PrintServer\EngLaser" "\\PrintServer\Plotter" wshnetwork.setdefaultprinter "\\PrintServer\EngLaser" ElseIf InStr(strGroups, FINANCE_GROUP) Then wshnetwork.mapnetworkdrive "g:", "\\FileServer\Finance\" "\\PrintServer\FinLaser" wshnetwork.setdefaultprinter "\\PrintServer\FinLaser" ElseIf InStr(strGroups, HUMAN_RESOURCES_GROUP) Then wshnetwork.mapnetworkdrive "g:", "\\FileServer\Human Resources\" "\\PrintServer\HrLaser" wshnetwork.setdefaultprinter "\\PrintServer\HrLaser" End If 3. On the File menu, click Save As. 4. In Save in, click the directory that corresponds to the domain controller's Netlogon shared folder (usually SystemRoot\SYSVOL\Sysvol\DomainName\Scripts where DomainName is the domain's fully qualified domain name). 5. In Save as type, click All Files. 6. In File name, type a file name, followed by.vbs, and then click Save. WSH uses the.vbs extension to identify files that contain VBScript commands. To open Notepad, click Start, point to All programs, point to Accessories, and then click Notepad. To use the example logon script, you need to change the group names, network drive letters, and Universal Naming Convention (UNC) paths to match your system environment. To run a logon script, you need to assign the script to a user or a group. For more information, see Assign a logon script to a user or group. 2

For more information about creating and using logon scripts, see Logon Scripts, Windows Script at the Microsoft Web site, and the Microsoft Windows Resource Kits Web site. Information about functional differences Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web. Creating user and group accounts User accounts are used to authenticate, authorize or deny access to resources for, and audit the activity of individual users on your network. A group account is a collection of user accounts that you can use to assign a set of permissions and rights to multiple users simultaneously. A group can also contain contacts, computers, and other groups. You can create user accounts and group accounts in Active Directory to manage domain users. You can also create user accounts and group accounts on a local computer to manage users specific to that computer. Some of the most common tasks are creating user accounts in Active Directory, creating group accounts in Active Directory, creating user accounts on a local computer, and creating groups on a local computer. You can also use the command line to create user and group accounts in Managing Active Directory from the command line or on a Managing local groups from the command line. For more information about other tasks for managing Active Directory user accounts and groups, see Manage Users, Groups, and Computers. For information about other tasks for managing user accounts and groups on a local computer, see Local Users and Groups How To... To create a user account in Active Directory 1. Open Active Directory Users and Computers. 2. In the console tree, right-click the folder in which you want to add a user account. Active Directory Users and Computers/domain node/folder 3. Point to New, and then click User. 4. In First name, type the user's first name. 5. In Initials, type the user's initials. 6. In Last name, type the user's last name. 7. Modify Full name to add initials or reverse order of first and last names. 8. In User logon name, type the user logon name, click the UPN suffix in the drop-down list, and then click Next. If the user will use a different name to log on to computers running Windows 95, Windows 98, or Windows NT, then you can change the user logon name as it appears in User logon name (pre- Windows 2000) to the different name. 9. In Password and Confirm password, type the user's password, and then select the appropriate password options. To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the 3

appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as. To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers. To add a user, you can also click on the toolbar. To add a user, you can also copy any previously created user account. A new user account with the same name as a previously deleted user account does not automatically assume the permissions and group memberships of the previously deleted account because the security ID (SID) for each account is unique. To duplicate a deleted user account, all permissions and memberships must be manually recreated. When a user account is created with the new user wizard from within the details pane, you can quickly edit the user properties by closing the wizard, clicking the new account, and then pressing ENTER. To open the new user wizard from within the details pane, right-click in the details pane, click New, and then click User. For interoperability with other directory services, you can create an InetOrgPerson user object. To create a new inetorgperson, in step three, click InetOrgPerson instead of User. When creating a new user, the full name attribute is created in the FirstNameLastName format by default. The full name attribute also governs the display name format is shown in the global address list. You can change the display name format by using ADSI Edit. If you do so, this will also change the full name format. For more information, see article Q250455, "How to Change Display Names of Active Directory Users" in the Microsoft Knowledge Base. To create a group account in Active Directory 1. Open Active Directory Users and Computers. 2. In the console tree, right-click the folder in which you want to add a new group. Active Directory Users and Computers/domain node/folder 3. Point to New, and then click Group. 4. Type the name of the new group. By default, the name you type is also entered as the pre-windows 2000 name of the new group. 5. In Group scope, click one of the options. 6. In Group type, click one of the options. To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as. To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers. To add a group, you can also click the folder in which you want to add the group, and then click on the toolbar. If the domain in which you are creating the group is set to the domain functional level of Windows 2000 mixed, you can select only security groups with Domain local or Global scopes. For more information, see Group scope. 4

When a group account is created with the new group wizard from within the details pane, you can quickly edit the group account properties by closing the wizard, clicking the new account, and then pressing ENTER. To open the new group wizard from within the details pane, right-click in the details pane, click New, and then click Group. To create a user account on a local computer 1. Open Computer Management. 2. In the console tree, click Users. Computer Management/System Tools/Local Users and Groups/Users 3. On the Action menu, click New User. 4. Type the appropriate information in the dialog box. 5. Select or clear the check boxes for: User must change password at next logon User cannot change password Password never expires Account is disabled 6. Click Create, and then click Close. To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure. To open Computer Management, click Start, click Control Panel, double-click Administrative Tools, and then double-click Computer Management. A user name cannot be identical to any other user or group name on the computer being administered. It can contain up to 20 uppercase or lowercase characters, except for the following: " / \ [ ] : ; =, + *? < > A user name cannot consist solely of periods (.) or spaces. In Password and Confirm password, you can type a password containing up to 127 characters. However, if the network consists of computers running Windows 95 or Windows 98, consider using passwords no longer than 14 characters. If your password is longer, you may not be able to log on to the network from those computers. You should not add a new local user to the local Administrators group unless the user will perform only administrative tasks. For more information, see Why you should not run your computer as an administrator. To create a group on a local computer 1. Open Computer Management. 2. In the console tree, click Groups. Computer Management/System Tools/Local Users and Groups/Groups 3. On the Action menu, click New Group. 4. In Group name, type a name for the new group. 5

5. In Description, type a description of the new group. 6. To add one or more users to a new group, click Add. 7. In the Select Users, Computers, or Groups dialog box, do the following: To add a user or group account to this group, under Enter the object names to select, type the name of the user account or group account that you want to add, and then click OK. To add a computer account to this group, click Object Types, select the Computers check box, and then click OK. Under Enter the object names to select, type the name of the computer account that you want to add, and then click OK. 8. In the New Group dialog box, click Create, and then click Close. To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure. To open Computer Management, click Start, click Control Panel, double-click Administrative Tools, and then double-click Computer Management. A local group name cannot be identical to any other group or user name on the local computer being administered. It can contain up to 256 uppercase or lowercase characters, except for the following: " / \ [ ] : ; =, + *? < > A group name cannot consist solely of periods (.) or spaces 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information