IPAM will assist
you in managing IP addresses.
To let you into a secret, this utilities is fun to use, even if you
don't have a pressing need to calculate your IP address space.
Get a free evaluation copy of
Orion IPAM
Is your server running slowly? Check with SolarWinds ipMonitor
Get a free evaluation copy of ipMonitor
Contents for Guy's Scripting Ezine 24 - Scripting GroupsNote: This page has been
superseded by this Group Membership VBScript.
See Also Creating Groups: Ezine 38 and 37
Readers email me with their problems and I do my best to solve them.
If I can answer the
question
quickly then I do it for free, if the requestor needs an hour of my time then
I charge $25.
As you can imagine I get a wide variety of scripts, from all sorts of people. You may be interested to know that my score to date is: 'Mr Sensible' 250, 'Nutters' 3.
Friends who run similar services say they
get a higher proportion of nutty letters. So well done you Mr Sensible!
Can you help? This week I had a thorny problem from a reader who wants to limit users to
one workstation. What they want for that user to be denied logon at the
second workstation.
So far I have come up with a third party program called UserLock, but that
costs an arm and a leg. We are also experimenting with a Resource Kit
program called Cconnect.exe. (Any experience of CConnect?)
I have been experimenting with a cunning strategy to exploit the
share connection limit. The idea is that the user logs on and connects
to a special network share, special because it restricts a user to one share
user. So when they logon as the second workstation, the operating system
kicks them off because their logon script tries to map a second share to the
same drive. The trouble with this solution is that it does not scale.
For the connection limit to work,
you have to create a separate share for each user.
If you have an idea then do email me.
Scripting for Groups
This is my week for thorny problems. Scripting for groups is one of my bugbears. With most attributes there is only one value, for example givenName = Guy. However groups support multiple
values. When dealing with groups, the key LDAP attribute is MemberOf.
The scenario: You want to map network drives based on group membership. Let us imagine that Managers have their data stored on a different server from Dentists.
Instructions
- Pre-requisites. You need either a Windows 2000 or Server 2003 domain controller for this script to work.
- Important: Make sure that the person testing the script is in a group called Managers, or Dentists. Alternatively alter dentists on line 10, to a group that you ARE a member of.
- Optional: Edit the ' commented out lines. Remember in the scenario, you want the script to map the network drive. So edit that line to reflect a UNC share on your network. See more here
how to map a network drive. MapNetworkDrive
- Copy and paste the script below into notepad.
- Save the file with .vbs extension e.g. GroupMap.vbs
- Double click and observe the message box
' GroupMap.vbs
' VBScript to map different groups to different shares.
' Author Guy Thomas http://computerperformance.co.uk/
' Version 3.2 - March 28th 2004
' -----------------------------------------------------------------'
Option Explicit
Dim objNetwork, objUser, CurrentUser
Dim strGroup
Const Dentists_Group = "cn=dentists"
Const Managers_Group = "cn=managers"
Const What_ever_you_Like = "cn=any_lower_case_group"
Const Users_Group = "cn=users"
Const Administrators_Group = "cn=administrators"
Set objNetwork = CreateObject("WScript.Network")
Set objUser = CreateObject("ADSystemInfo")
Set CurrentUser = GetObject("LDAP://" & objUser.UserName)
strGroup = LCase(Join(CurrentUser.MemberOf))
If InStr(strGroup, Dentists_Group) Then
WScript.Echo "Dentists "
' objNetwork.MapNetworkDrive "h:", "\\Server\Users\" _
' & objNetwork.UserName
ElseIf InStr(strGroup, Managers_Group) Then
WScript.Echo " Manager "
' objNetwork.MapNetworkDrive "h:", "\\YourServer\Users\"_
' & objNetwork.UserName
ElseIf InStr(strGroup, Users_Group) Then
WScript.Echo " Only a User... "
' objNetwork.MapNetworkDrive "y:", "\\alan\home\" _
' & objNetwork.UserName
ElseIf InStr(strGroup, Administrators_Group) Then
WScript.Echo "Administrator " & strGroup
' objNetwork.MapNetworkDrive "h:", "\\Another Server\Users\" _
' & objNetwork.UserName
End If
Wscript.Echo "Finished Testing for Groups "
WScript.Quit
' End of example VBScript
.
Learning Points
Note 1: Constants. This week I have introduced CONST to hold the group information. Did you edit Dentists, or to be precise dentists?
Note 2: AdSystemInfo. Here is a new method of extracting the information from Active Directory.
Note 3: InStr. This means: in the string value.
Note 4: If.... ElseIf. I have always liked the 'If' statement, so versatile, so easy, 'If' never lets me down.
Note 5: If you are happy with .Echo message, why not remove the comment ' objNetwork and get the MapNetworkDrive method working. Remember to uncomment the ' & objNetwork like as well. Here is
more help on
MapNetworkDrive.
Note 6: I concatenated '& strGroup' to the Administrators group, you may like to add & strGroup to the other groups. As ever what I want to do is get you started and give you the confidence to
experiment for yourself. Note 7: See more on MemberOf here
Guy's Out Takes
While this script will run after a fashion, my challenges are:
1) Why doesn't the script echo the USERS message box? Surely who ever is running this script is member of the Users group?
2) Why isn't my second message box working? Wscript.Echo "Finished Testing for Groups ", has no effect. Why not?
' GroupMap.vbs
' VBScript to map different groups to different shares.
' Author Guy Thomas http://computerperformance.co.uk/
' Version 2.5 - March 27th 2004
' -----------------------------------------------------------------'
Option Explicit
Dim objNetwork, objUser, CurrentUser
Dim strGroup
Const Dentists_Group = "cn=Dentists"
Const Managers_Group = "cn=Managers"
Const What_ever_you_Like = "cn=any_lower_case_group"
Const Users_Group = "cn=Users"
Const Administrators_Group = "cn=administrators"
Set objNetwork = CreateObject("WScript.Network")
Set objUser = CreateObject("AdSystemInfo")
Set CurrentUser = GetObject("LDAP://" & objUser.UserName)
strGroup = LCase(Join(CurrentUser.MemberOf))
If InStr(strGroup, Dentists_Group) Then
WScript.Echo "Dentists "
' objNetwork.MapNetworkDrive "h:", "\\Server\Users\" _
' & objNetwork.UserName
ElseIf InStr(strGroup, Managers_Group) Then
WScript.Echo " Manager "
' objNetwork.MapNetworkDrive "h:", "\\YourServer\Users\"_
' & objNetwork.UserName
ElseIf InStr(strGroup, Users_Group) Then
WScript.Echo " Only a User... "
' objNetwork.MapNetworkDrive "y:", "\\alan\home\" _
' & objNetwork.UserName
ElseIf InStr(strGroup, Administrators_Group) Then
WScript.Echo "Administrator " & strGroup
' objNetwork.MapNetworkDrive "h:", "\\AnotherServer\Users\" _
' & objNetwork.UserName
End If
WScript.Quit
Wscript.Echo "Finished Testing for Groups "
' End of example VBScript
.
Out Takes - Answers
- LCase(Join(CurrentUser.MemberOf) means lower case. So Users
Administrators and Dentists are wrong. Should be
users, administrators, and dentists.
- Silly Guy putting the WScript.Echo AFTER the WSCript.Quit. Who
is going to see that message box. Mr Nobody!
Their topics and material are ideal for getting you started with VBScript. The
videos are easy to follow and you can control the pace. Try their free demo material and then see if you want to buy the full package.
See more about VB Script Training CD.
|
