Re: Windows Logon Scripts

Matthew <> wrote:
> Hi,
>
> On my fileserver I have shares based on usernames of the Active
> Directory.. so I got:
>
> userx001
> userx002
> usery001
> userz001
>
> How can i do a logon script that maps P:\ according to the username
> please?
>
> Basically I want that:
> userx001 gets mapped \\fileserver\userx001
> userx002 gets mapped \\fileserver\userx002 ... etc

Well, you could use net use p: \\fileserver\%username% /persistent:no
>
> Is this possible? Or I should manually change the logon.bat for each
> please? (I got more than 50 users)

Eeeek - don't use individually assigned login scripts in ADUC, let alone
different ones per user.
>
> Also to map another folder depending on the group I am going to follow
> this tutorial: Login script with drive mappings based on .. Any other
> info you might suggest please?
>
> Am preparing for tomorrow's long day at work so doing some home work
> to be ready to get the migration as fast as possible
>
> Thanks for your help!

Hmmm. I would consider changing the requirements. This could be a bit of a
mess. Why do you need it to be set up this way? Home directories are a bit
archaic as a concept - and even if you wanted to use them, you shouldn't set
up a share for each user. You can map to a subfolder, you know - even using
net use commands. If you set up a folder on the server (d:\data\home) and
shared it as HOME$ (the $ makes it hidden) you could use

net use p: \\fileserver\home$\%username% /persistent:no

(not getting into the permissions issues, which are separate).

But instead of this, I'd use folder redirection via Group Policy so each
user's My Documents folder pointed at \\server\user_share\%username%\My
Documents. You don't need drive mappings that way (although you could use
them if you wanted.... net use p: "\\server\user_share\%username%\My
Documents" /persistent:no ). Your permissions could be dynamically and
properly created.

Some links to info on folder redirection:

How to dynamically create security-enhanced redirected folders by using
folder redirection in Windows 2000 and in Windows Server 2003 -
http://support.microsoft.com/kb/274443

Roaming profile & folder redirection article -
http://www.windowsnetworking.com/art...rver-2003.html

Ace Fekay's article on folder redirection -
http://msmvps.com/blogs/acefekay/arc...direction.aspx

Instead of ADUC to assign login scripts, use group policy to assigned login
scripts. This is much more flexible and easier to manage. If you want to
test this out w/o removing the login.bat (or whatever it's called) from each
user's ADUC properties you could edit the existing batch file in your
NETLOGON share so the beginning of it says
----------------------
GOTO END

<old login script stuff>

:END
exit

Matthew <> wrote:
> Thanks alot Lanwech. The problem is that the user shares are already
> there filled in with files.

Yeah, but you can fix that easily.

> The previous admin used to give a folder
> each to the users

A folder per user is fine. A *share* per user is *not*.

> and some are really filled up. Yesterday we renamed
> each folder to the new username. The previous admin used to manually
> map all the drives - I am trying to make it a bit more easier for
> myself.

Yes, agreed. Plan carefully and do this right now, and you won't have such
trouble in the future...
>
>
> So if I do: net use p: \\fileserver\home$\%username% /persistent:no
> in each of the batching (.bat) files will it work? Or the username has
> to be hard coded in each batch file?

%username% will work. Share the parent folder ... the HOME$ one, as hidden,
with everyone = full control. Leave the NTFS alone. Leave the subfolder
shares alone. See whether this works.... if it does, you can unshare the
subfolders.
>
> I cannot map the My Documents folder. Its quite sensitive data and all
> users want their My Documents to reside on their own box. Its a
> business rule we have here.

This should not be up to the users. Your business rule is dumb, honestly. If
it's sensitive, it doesn't belong on a cheap desktop hard drive on a
workstation where it isn't part of a central backup (if it's indeed backed
up at all) and where absolutely anyone can walk up to it and access it
(don't tell me they can't - it's a trivial thing to do). If this is
business data, it belongs on the corporate server, locked down so only the
user & the admin have any access - and the company should hire only admins
they can trust.
>
>
> Thanks for your help
>
>
> On Dec 8, 12:29 am, "Lanwench [MVP - Exchange]"
> <lanwe...@heybuddy.donotsendme.unsolicitedmailatya hoo.com> wrote:
>> Matthew <mpu...@gmail.com> wrote:
>>> Hi,
>>
>>> On my fileserver I have shares based on usernames of the Active
>>> Directory.. so I got:
>>
>>> userx001
>>> userx002
>>> usery001
>>> userz001
>>
>>> How can i do a logon script that maps P:\ according to the username
>>> please?
>>
>>> Basically I want that:
>>> userx001 gets mapped \\fileserver\userx001
>>> userx002 gets mapped \\fileserver\userx002 ... etc
>>
>> Well, you could use net use p: \\fileserver\%username% /persistent:no
>>
>>
>>
>>> Is this possible? Or I should manually change the logon.bat for each
>>> please? (I got more than 50 users)
>>
>> Eeeek - don't use individually assigned login scripts in ADUC, let
>> alone
>> different ones per user.
>>
>>
>>
>>> Also to map another folder depending on the group I am going to
>>> follow this tutorial: Login script with drive mappings based on ..
>>> Any other info you might suggest please?
>>
>>> Am preparing for tomorrow's long day at work so doing some home work
>>> to be ready to get the migration as fast as possible
>>
>>> Thanks for your help!
>>
>> Hmmm. I would consider changing the requirements. This could be a
>> bit of a
>> mess. Why do you need it to be set up this way? Home directories are
>> a bit
>> archaic as a concept - and even if you wanted to use them, you
>> shouldn't set
>> up a share for each user. You can map to a subfolder, you know -
>> even using
>> net use commands. If you set up a folder on the server
>> (d:\data\home) and
>> shared it as HOME$ (the $ makes it hidden) you could use
>>
>> net use p: \\fileserver\home$\%username% /persistent:no
>>
>> (not getting into the permissions issues, which are separate).
>>
>> But instead of this, I'd use folder redirection via Group Policy so
>> each
>> user's My Documents folder pointed at
>> \\server\user_share\%username%\My
>> Documents. You don't need drive mappings that way (although you
>> could use
>> them if you wanted.... net use p: "\\server\user_share\%username%\My
>> Documents" /persistent:no ). Your permissions could be dynamically
>> and
>> properly created.
>>
>> Some links to info on folder redirection:
>>
>> How to dynamically create security-enhanced redirected folders by
>> using
>> folder redirection in Windows 2000 and in Windows Server 2003
>> -http://support.microsoft.com/kb/274443
>>
>> Roaming profile & folder redirection article
>> -http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Re...
>>
>> Ace Fekay's article on folder redirection
>> -http://msmvps.com/blogs/acefekay/archive/2009/09/08/folder-redirectio...
>>
>> Instead of ADUC to assign login scripts, use group policy to
>> assigned login
>> scripts. This is much more flexible and easier to manage. If you
>> want to
>> test this out w/o removing the login.bat (or whatever it's called)
>> from each
>> user's ADUC properties you could edit the existing batch file in your
>> NETLOGON share so the beginning of it says
>> ----------------------
>> GOTO END
>>
>> <old login script stuff>
>>
>>> END
>> exit