#176464 - 2007-05-25 08:47 AM
Re: How to create user home drive - script
[Re: NTDOC]
|
FullBoost
Fresh Scripter
Registered: 2007-05-04
Posts: 13
|
Here is what I am looking for:
Server 2003
Clients: XP, win2k
During logon I want the script to check \\servername\users\ for user ID if not found create share with that UID with read/write permissions for the user and local admin with full control.
If the share is found (\\servername\users\UID$) then map drive H: to that share.
At another one of our facilities a guy set this up that no longer works there, I have been trough all the code and changed what I need to but I can’t get it to work on my script at my faculty.
On their system in the users share there is usershares of course and two other folders, 1 DELETED USERS and 2 UTILITIES I am not numbering g them that’s how they are named. Deleted users contains you guessed it deleted users, now the utilities dir is interesting inside is:
KIX32.exe
KX16.dll
KX32.dll
KX95.dll
RMTSHARE.EXE
xcacls.exe
Readme_1st.doc that contains
-------------------------------------------------
Before using UserShare.bat for the first time, you must change the default scripting engine from Wscript to Cscript. To do this, type the following at a command prompt, and then press ENTER:
cscript.exe /h:cscript
-------------------------------------------------
I did this and it was successful
usershare.bat that contains
::
:: User Share
::
:: This script creates a shared user directory and assigns the correct
:: Permissions
::
:: The command syntax is: usershare {UID} {UserName}
::
:: NOTE: Server ID is hardcoded in three lines
:: Global Administrator's Group is hardcoded in one line
:: Drive letter to the Users folder is hardcoded in one line
@echo off
if not "%2" == "" goto continue
echo.
echo.
echo Command syntax is: usershare {3-4 UID} {6-1-1 UserName}
echo.
echo.
pause
goto end
:continue
@echo on
:: Open a Mapped Drive to the USERS root folder
net use r: \\twhtshr04\users
:: Create the User's Folder
mkdir r:\%2.%1
:: Set Share Permissions on the User’s Folder
rmtshare \\twhtshr04\%1$=D:\users\%2.%1 /g %1:f
:: Set NTFS Permissions on the User’s Folder
xcacls.vbs r:\%2.%1 /g “HCA\%1:f” /I copy /Q
:: Close the Mapped Drive to the USERS root folder
net use r: /delete
pause
:end
XCACLS.vbs
Edited by FullBoost (2007-05-25 05:58 PM)
|
|
Top
|
|
|
|
|
#176466 - 2007-05-25 08:52 AM
Re: How to create user home drive - script
[Re: FullBoost]
|
FullBoost
Fresh Scripter
Registered: 2007-05-04
Posts: 13
|
cleared to much info from vbs above
Edited by FullBoost (2007-05-25 05:01 PM)
Edit Reason: cleared
|
|
Top
|
|
|
|
|
#176467 - 2007-05-25 08:53 AM
Re: How to create user home drive - script
[Re: FullBoost]
|
FullBoost
Fresh Scripter
Registered: 2007-05-04
Posts: 13
|
cleared to much info from vbs above
Edited by FullBoost (2007-05-25 05:01 PM)
Edit Reason: cleared
|
|
Top
|
|
|
|
|
#176468 - 2007-05-25 08:54 AM
Re: How to create user home drive - script
[Re: FullBoost]
|
FullBoost
Fresh Scripter
Registered: 2007-05-04
Posts: 13
|
cleared
Edited by FullBoost (2007-05-25 05:02 PM)
Edit Reason: cleared
|
|
Top
|
|
|
|
|
#176469 - 2007-05-25 08:54 AM
Re: How to create user home drive - script
[Re: FullBoost]
|
FullBoost
Fresh Scripter
Registered: 2007-05-04
Posts: 13
|
cleared
Edited by FullBoost (2007-05-25 05:02 PM)
Edit Reason: cleared
|
|
Top
|
|
|
|
|
#176470 - 2007-05-25 08:55 AM
Re: How to create user home drive - script
[Re: FullBoost]
|
FullBoost
Fresh Scripter
Registered: 2007-05-04
Posts: 13
|
cleared
Edited by FullBoost (2007-05-25 05:03 PM)
Edit Reason: cleared
|
|
Top
|
|
|
|
|
#176471 - 2007-05-25 08:56 AM
Re: How to create user home drive - script
[Re: FullBoost]
|
FullBoost
Fresh Scripter
Registered: 2007-05-04
Posts: 13
|
cleared
Edited by FullBoost (2007-05-25 05:03 PM)
Edit Reason: cleared
|
|
Top
|
|
|
|
|
#176472 - 2007-05-25 08:57 AM
Re: How to create user home drive - script
[Re: FullBoost]
|
FullBoost
Fresh Scripter
Registered: 2007-05-04
Posts: 13
|
And on the kix side here is what I have in a drive mapping .kix called by the main kix script
;
; Uses GLOBAL Variables: $PCDomain
DIM $TWHT, $CLRH, $GenShare, $UserShellFolders, $x, $IsFacServ, $Serv, $TWHT2
$TWHT = "\\twhtshr04"
$TWHT2 = "\\twhtshr02"
$CLRH = "\\CLRHSVR03"
$GenShare = SUBSTR(@userid,1,9)
$UserShellFolders = "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders"
; ************************************************
; Home-drive mapping
IF EXIST ("$TWHT\"+@userid+"$")
MapDrive("H:","$TWHT\"+@userid+"$")
IF NOT ReadValue($UserShellFolders, "Personal") = "H:\"
$x = WriteValue($UserShellFolders, "Personal", "H:\", "REG_SZ" )
ENDIF
IF NOT EXIST ("H:\Favorites")
MD "H:\Favorites"
ENDIF
IF NOT EXIST ("H:\Outlook")
MD "H:\Outlook"
ENDIF
; IF NOT EXIST ("C:\Documents and Settings\@userid\Favorites.txt")
; COPY "C:\Documents and Settings\@userid\Favorites\" "H:\Favorites\" /s
; ENDIF
IF NOT ReadValue($UserShellFolders, "Favorites") = "H:\Favorites"
$x = WriteValue($UserShellFolders, "Favorites", "H:\Favorites", "REG_SZ" )
ENDIF
ENDIF
? " "
RETURN
; *************************
; * MAPDRIVE *
; *************************
Function MapDrive($Drive, $Path)
Use $Drive /del
Use $Drive $Path
if @ERROR = 0
? " Drive " + $Drive + " mapped to " + $Path
else
Color r+/n
? " Error Mapping Drive " + $Drive + " to " + $Path + " !!"
? "Error: " + @Error + " - " + @SError
Color w/n
endif
EndFunction
RETURN
And you can see the $x up there and that is defined on my main .kix
; *************************
; * ISFACSERV *
; *************************
Function IsFacServ($Serv)
Dim $x
$x = GetObject("LDAP://CN=" + $Serv + ", OU=s*****, OU=*****, DC=*****, DC=*****, DC=*****")
If @Error = 0
$IsFacServ = 1
Else
$IsFacServ = 0
Endif
EndFunction
RETURN
Yes I put the ******** there 
I have matched the DIR security permissions but I have been unable to replicate the security permission on the 2 utilities dir called
S-1-5-21-2142779916-377378312-1295600288-512
Ok on the server this script works on the 2 utilities DIR says access denied but I coped the DIR to get all the contents but now I can’t get it to go back to access is denied as I think that could be a reason this is not working.
If there is an easier way to do this I am all ears, I just need a way to map user home shares on the fly and connect/reconnect on logon.
Thank You
Edited by FullBoost (2007-05-25 05:59 PM)
|
|
Top
|
|
|
|
|
#176502 - 2007-05-25 05:09 PM
Re: How to create user home drive - script
[Re: Les]
|
FullBoost
Fresh Scripter
Registered: 2007-05-04
Posts: 13
|
A mod should just delete this whole thread and start over. Stupid is what stupid does.
Ok I fixed it sorry just was not thinking when I posted that, Thanks for the constructive criticism LES.
|
|
Top
|
|
|
|
|
#176504 - 2007-05-25 05:25 PM
Re: How to create user home drive - script
[Re: FullBoost]
|
Arend_
MM club member
Registered: 2005-01-17
Posts: 1896
Loc: Hilversum, The Netherlands
|
[ code ] without the spaces
|
|
Top
|
|
|
|
|
#176507 - 2007-05-25 05:57 PM
Re: How to create user home drive - script
[Re: Arend_]
|
FullBoost
Fresh Scripter
Registered: 2007-05-04
Posts: 13
|
Sorry I am super new to coding if you cant tell, we had a network guy who did all our logon stuff in kix and lost him so now I am just trying to make it work best I can and learn at the same time.
|
|
Top
|
|
|
|
|
#176516 - 2007-05-25 07:33 PM
Re: How to create user home drive - script
[Re: NTDOC]
|
FullBoost
Fresh Scripter
Registered: 2007-05-04
Posts: 13
|
I'll try to take a look at it further and offer advice when I have more time.
Basically though you have a security issue as I view it. You should NOT allow the system to be in a non secure state that would allow a normal user to login and create and set his/her own shares and ACL (Access Control List)
To me this is just wrong and begs for someone to come along and abuse it and or really cause problems either on purpose or accidentally. You or someone else as an Admin should be the one creating this and setting security appropriately.
Now you can write code to help you as an Admin automate it but I would never allow a user to login and create.
Yea it looked to me like XCACLS.vbs was creating the share with FULL user and FULL Admin rights, I would much rather prefer it to just create the share based off the domain/UID and assign R/W to the user share on their share and FULL to admin. I was looking at the other location where this script is working and I noticed a few things, there NETLOGON in based in the C:\WINNT\System32\Repl\Scripts\Import on a W2K Server box, we are Win 2003 so our NETLOGON is based in system32\GroupPolicy\Machine\Scripts so I am not sure if that is an issue as I remember scripts had to be run from the Repl Dir on win NT. Also when a user at the other location with win2k or xp logs on if kix is not found locally it installs in and at our location that does not happen so I am wondering if that might cause this to not work as well.
Thanks for your help
|
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 476 anonymous users online.
|
|
|
