There are two ways of assigning your group policies, either via Group Policy (best) or via the user's individual property sheet. The crucial advantage of employing the Group Policy method is when
you have to change the script name or add a new logon script. It's much easier to change one setting than hunting through Active Directory Users and Computers to find all the affected users Logon
Script dialog box.
Topics for Assigning Logon Script via Group Policy
I assume that you have created the logon script and tested that it meets your goals of Mapping Network Drives or Printers.
My tip is to copy the VBScript (file name) into memory, I will explain how to paste it into the appropriate box. This method also assumes you have an Active Directory domain. As a matter of tactics,
will this be a logon script for all users, or for just one OU?
Open the appropriate Group Policy (domain or OU), I use GPMC (Group Policy Management Console).
Always check that you are starting from the correct place in Active Directory Users and Computers. Only you know if you should be at the Domain level, or the OU level. Once you
have navigated to the appropriate part of Active Directory then either use an existing Group Policy, or create a new Group Policy from scratch.
Alternatively, if you
are still using Windows 2000
seek out the Group Policy tab.
To find the logon script settings start by clicking Edit, then navigate to the User Configuration, expand the Windows Settings folder, Scripts and Logon. Now for
my secret ingredient; my top tip is to copy your logon script into memory, so that it is ready to paste.
From the Logon Scripts window, click Add, in the Script Name dialog box, click Browse.
Now for the crucial part, right click and Paste. If this does not work, then double click in the big white box under, Look in: Logon
Your script should now appear in the window. My point is that by assigning the script using this technique the VBScript ends up in the correct
folder. If you examine that long path seen from the Look in: dialog box you should see your VBScript.
What this Paste method does is make sure that domain controllers can replicate the logon
script because it's in the correct folder. If you simply add a script using a local path, I doubt that your VBScript will be replicated to other domain controllers.
Observe the Polices folder structure on the domain controller.
The screen shot was taken from under the %windir%\sysvol\ folder. Sometimes you see two sysvol folders. Under the second sysvol you will see your domain name, and further down the actual
group policies. Each policy has sub menus with its templates and scripts.
Concentrate on the folders called Scripts. Do not worry about the {E26D... } hex names. Check that your VBScripts are in the respective Logon or Startup folders.
Earlier I said
observe because I do not want you to rename the group policies with Windows Explorer. If you change those strange hex names, the policies will not work and the new names will give you nothing but
grief.
Guy
Recommends: Permissions Analyzer - Free Active Directory Tool
I like the
Permissions Monitor because it enables me to see quickly WHO has permissions
to do WHAT. When you launch this tool it analyzes a users effective NTFS
permissions for a specific file or folder, takes into account network share
access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free utility saves when you are
troubleshooting authorization problems for users access to a resource.
While 'Drive Maps' are the modern way of mapping a network drive,
configuring the Policy Preferences does not rely on scripting. Part
of me is sad that there is no real coding, part of me accepts that this an
easier way of assigning mapped network drives.
Logon to a domain controller and launch the Group Policy Management
Console. Select the appropriate Policy; expand the User Configuration
and then Preferences [Key point].
Now you should see 'Drive Maps' under the Windows Settings; here is the
menu to configure:
Import users from a spreadsheet. Just provide a list of the
users with their fields in the
top row, and save as .csv file. Then launch this FREE utility and match
your fields with AD's
attributes, click and import the users. Optionally, you can
provide the name of the OU where the new accounts will be born.
There are also two bonus tools in the free download, and all 3 have been approved by Microsoft:
To short circuit
Active Directory Group Policy, assign the logon through the user's properties sheet, Profile tab. I don't like this old NT 4.0 method as the final solution, but it narrows down the problem when you are troubleshooting logon scripts.
Incidentally, Profiles tab method is the only way to get logons scripts to work for Windows 9x clients.
Logon Scripts really belong with the other Group Policy settings. While it is possible to assign Logon Scripts via the User's Profile tab, this Active Directory Users and Computers method is only
for backwards compatibility.
The extra features you get in your eBook
include, more pages full of detailed examples. Also, ten 'how to...'
sections, with screen shots showing which menus to use. Go for Guy's
eBook - and get a printable version with copy enabled and no expiry date.
Windows Management Instrumentation (WMI) is one of the hidden
treasures of Microsoft operating systems.
Fortunately, Solarwinds
have created the
Free WMI Monitor so that you can actually see and understand these gems of
performance information. Take the guess work out of which
WMI counters to use for applications like Microsoft Active Directory,
SQL or Exchange Server.
