Windows Domain Logon Script
At one point or another every IT professional has battled with mapped drives and logon scripts.
Logon scripts typically start out as a small batch file and grow into something
totally different. If you’re creating a new login script or considering changing
what you have now, the attached login script might fit the bill or at least give
you a foundation to build upon.
Overview
The following Windows domain login script requires 3 files to be placed on your domain
controller. If replication is working correctly, once the files are copied to your
domain controller they will replicate to the other domain controllers in the forest.
Login Script Files
Logon.bat is a simple batch file with the sole purpose of calling the vbs login
script (logon.vbs). It may be possible to eliminate logon.bat all together but in
my experience it’s easier to keep it in place.
Logon.vbs is basically the engine for the login script. It reads the values in the
XML file and executes commands accordingly.
Logon.xml holds the information about your environment. This is where you would list your user groups, departments, and global drive mappings.
Logon.xml holds the information about your environment. This is where you would list your user groups, departments, and global drive mappings.
Directions for modifying the login script for your environment.
Download the zip file containing the login script. Unpack the
files into a folder on your computer. Right click and Edit the file called Logon.bat.
Change the domain name value so it matches your internal domain name. Make sure to leave “\netlogon\Logon.vbs”
intact.
Once you’re done with the edits, save the changes and exit out of Logon.bat.
Open Logon.xml with your favorite editor.
Logon.xml has multiple sections, each pertaining to a different group type. Please note, it works best to add
the name of the Windows Security Group to the XML file in all CAPS.
Enterprise Section
The Enterprise section pertains to everyone in the company assigned to the logon script. Mapping a drive
letter in the Enterprise section will give everyone assigned to logon.bat the same mapped drive.
Branch Section
The Branch section is intended for different physical locations within your company. For example, offices
in New York, Chicago and Miami might need different drive letters mapped to their own local file servers.
This section utilizes Active Directory Security Groups and in order for the user to get the drive mappings,
their security group must be listed in the logon.xml file. The user must also be a member of the security
group in active directory. Please note, it works best to add the name of the Windows Security Group to the
XML file in all CAPS.
Machine Group
Machine Groups can be used for departments or other groupings. This section utilizes Active Directory
Security Groups so in order for the user to get the drive mappings, their security group must be listed
in the logon.xml file and the user must be a member of the security group.
Remove Drive Mapping
Sometimes end users may have another program or previous script that mapped a drive letter on their
machine. If you would like to ensure the previous mapping are removed before remapping the drive to
another location, use the following syntax in the xml document. The remove option will unmap any
matching drives on the destination computer.
<Drive letter="I:" action="remove" />
Adding a Drive Mapping
To add a new drive mapping, simply use the following syntax. You may want to first run the command
above to remove any previous mappings for that particular drive letter. Removing previous mapping first will ensure your new mappings apply correctly.
<Drive letter="P:" action="add" unc="\\server\share1" />
Optional syntax: This syntax allows you to add a label to the mapped drive. The label will show up in Windows explorer with the name you enter.
<Drive letter="P:" action="add" unc="\\server\share1" title="Public Folder" />
Option variables: Some variables can be used when mapping drives. This is especially valuable when mapping drives based on a user name or computer name. If the folder exists and the permissions are correct, the script will map the drive.
<Drive letter="P:" action="add" unc="\\server\share1\%username%" title="Personal Folder" />
<Drive letter="P:" action="add" unc="\\server\share1" />
Optional syntax: This syntax allows you to add a label to the mapped drive. The label will show up in Windows explorer with the name you enter.
<Drive letter="P:" action="add" unc="\\server\share1" title="Public Folder" />
Option variables: Some variables can be used when mapping drives. This is especially valuable when mapping drives based on a user name or computer name. If the folder exists and the permissions are correct, the script will map the drive.
<Drive letter="P:" action="add" unc="\\server\share1\%username%" title="Personal Folder" />
Deploying the logon scripts
Copy all 3 files (Logon.bat, Logon.vbs and Logon.xml) to your domain controller’s netlogon folder.
Log into Active Directory and assign the logon script to a user using Active Directory User
and Computer snap in.
If all went well, you should be able to map some drives on
your next reboot. Feel free to share this or post comments.
Getting assistance
If you need help setting up your logon script, please
contact us at https://jbtechconsulting.com
No comments:
Post a Comment