|
|
|||||||
Hello, I have a Problem with this script only without User Authentifikation it works correctly under administrator account. I mean there is somewhere a syntax error but where? Code:
|
||||||||
|
|
|||||||
Where does the account live that you are using? Is it local to the workstation or a domain account? You might want to try including the domain. Big security risk though to include your password in the script. Your use of INSTR() in your IF condition is not a good way to go as you could have false positives. |
||||||||
|
|
|||||||
See the TCP/IP Primer in the FAQ Forum on how to parse different subnets. Where does the script run? You cannot authenticate against the same computer with two different accounts unless one cnnection is made to the computername and the second connections is made to the IP address of the computer. |
||||||||
|
|
|||||||
Quote: Why I should go to read FAQ abozut Subnet Masks? I have only one Subnet Mask in my LAN? The script runs local on clients and are password protected. Because I haven*t got any server which is still working... The Client IPs are static addresses too. The Adresses are get from one DHCP Server. The release time are endless... The Script shows what IP I get and if the conditions are true. The Client are in my home network. If not the script must not mapping anything of my network drive. Why I should need subnet about this situation? The Clients are have the same workgroup, no domain.... |
||||||||
|
|
|||||||
If you have a workgroup then the user/password must exist on the local computer and you need to prefix the username with the computername. The TCP/IP Primer shows preferred methods to evaluate whether a specific IPO address is part of a subnet. However, as you have only one subnet, why check this at all? |
||||||||
|
|
|||||||
Quote: The user accounts with the password are exist at all workstations exactly. I check the IP Adress because if I connect to another network at business network for example I don't need this network ressources and need another proxy settings. That is the reason why I need this condition. Have I got any errors in my syntax? Should I take the name of the workgroup anstead the workstation name???? Plz help me thx |
||||||||
|
|
|||||||
Why do 3 differnt InStr's? Why not just... Code: IF instr(@IPADDRESS0,"192.168. 5") Instead of... Code: IF instr(@IPADDRESS0,"192") and instr(@IPADDRESS0,"168") and instr(@IPADDRESS0,"5") Or like Jens said...Why check subnet at all if there is only one? Is it possible for someone to run your login script if they are not on your subnet? |
||||||||
|
|
|||||||
If the adm-jack user is set up locally on all machines then maybe change it from... Code: USE E: "\\workstat\c$$" /user:adm-Jack /password:something To... Code: USE E: "\\workstat\c$$" /user:@WkSta\adm-Jack /password:something As Jens tried pointing out above... |
||||||||
|
|
|||||||
Maybe something like this... Code: IF instr(@IPADDRESS0,"192.168. 5") |
||||||||
|
|
|||||||
Quote: Using INSTR() on the IP address without breaking it into octets is not very accurate. The occurance of "5" could happen 48 times (0-254) in any octet and since you preclude only two others, it's more like 96 times! Also the "192" and "168" could occur in any of the four octets! With that sort of inaccuracy, what is the point of even checking? If this is a workgroup and the scripts are local to every machine, what is the point of checking at all? It certainly is not any kind of security except perhaps security by ignorance. |
||||||||
|
|
|||||||
Which i already pointed out, too: Quote: However, silver-platter-code might illustrate it as well. |
||||||||
|
|
|||||||
Hey the boards been slow...I was bored. Besides...If he realizes all of this information can be found in the FAQs and Manuals then he may never post again...And then what would we do around here... |
||||||||
|
|
|||||||
Really that this resolution works? Quote: Unknown username or wrong password have I recieved........ |
||||||||
|
|
|||||||
Have not tried but this looks better to me since the workstaion is not an NT domain name. USE E: "\\workstat\c$$" /user:\\@WkSta\adm-Jack /password:something |
||||||||
|
|
|||||||
THis all seems odd to me... logon scripts without a domain. I think the computer name of the computer where the resource is should be on the line, not @WKSTA. Also, if these are admin shares, don't they need to be local admins to use them? |
||||||||
|
|
|||||||
Also, there is a hyphen in the username. I bet KiX is trying to do math on it. Who in their right mind would put hyphens in a username? |
||||||||
|
|
|||||||
Perhaps try something like this Code: USE E: "\\workstat\c$$" /user:@WkSta+"\adm-Jack" /password:something |
||||||||
|
|
|||||||
Could also possibly use something like this if you use the NoVarInStrings option.
|
||||||||
|
|
|||||||
HEHEE DOC and I were chatting about this on MSN, while DOC was testing some code against one of his servers. A server, I might add that has hyphens in the name. The test code kept returning syntax errors until he wrapped the server name it in quotes. KiX has historically had problems parsing some parms with hyphens and the like so one needs to consider this both when naming objects and later when coding around these objects. |
||||||||
|
|
|||||||
Also, you need to supply the username/password of the account that is on the same computer as the share, thus Code:
|
||||||||
|
|
|||||||
So that means I couldn't take some admin ressources or what if I login as admin I don't understand this contribution any more, what shall I do now in the end? |
||||||||
|
|
|||||||
Blut, Why don't you explain a little more in detail exactly what it is you're attempting to do and maybe we can help you better. 1. Does this script run for all users as part of a normal logon script? 2. Do you run this script from your own computer against other computers (ie. a remote Admin Script)? 3. Is this an NT 4.0 Domain, 2000 Active Directory, or a Workgroup? 4. Where are the accounts located? On a Domain or on the local workstation? 5. Do your users have local admin rights on their own systems? 6. Are these NT Admin shares on local computer or are they hidden shares on a resource volume? 7. What version of KiXtart are you using? 8. Do you have Domain Admin rights yourself? 9. Are the systems involved NT 4, 2000, or XP or a mixture? Please supply this information and we can make a better educated suggestion for you to accomplish the task you want to complete. |
||||||||
|
|
|||||||
Quote: Because English isn't my mother tongue I do relative heavily complex context to explain. So you understand it. But I try my best one. 1.) The scripts run for all users if they logged in. 2.) The script is currently at all workstations password protected. 3.)This is only a workgroup 4.) The user accounts are at all workstation with the exactly password and username combination. 5.) I have different usergroups with special userrights, but the script must work if a user with admin right logg in or if not an admin. Local Admins have admin rights. 6.) These admin shares are at one of my workstation. c$ mean that is an admin share... 7.) My kixstart version is 2001_422 8.) I haven't got a domain only workgroup 9.) The Operating Systems at all workstations is XP Professional with SP1 I hope this information could help you. Thank you helping..... |
||||||||
|
|
|||||||
Hi, As a User you can not connect to a "Admin-Share", like "C$". I think the best Way is to put the "Everyone" group to the "Administrator" Group of the Ressource you want to connect. Publishing an "Administrator" Password is not the right way. Greetings... |
||||||||
|
|
|||||||
But if I put the everyone group to the admin group that'S impossible because everyone is a guest, too. Another way is to create any user group who only can connect at the admin share. Administrators and speciel Users can use this admin shares that's the better way. But at first I need the correct login syntax as user xy with pass xyz then I can create one group with especially users that allowed to use the admin shares. |
||||||||
|
|
|||||||
A) The EVERYONE group should NEVEr be a local adminsitartor. B) Admin shares require local admin privileges. C) If a non-admin needs to connect to an admin share then a local admin account MUST be used to map that share. D) A user cannot authenticate as two different users againstt he same computer unless one used the IP address for the second authntication E) The answer ahs already been provided to you and is well documented in the KiXtart Manual under USE Code:
will map the admin share C$ as drive letter U: using the credentials 'username' with password 'password' of the computer 'workstation'. F) Having identical admin usernames/passowrds on all computers is a BIG security risk. You might be better off implementing a domain model and assigning proper rights to users. Why do users need to connect to admin shares? Admin shares are for admin purposes and should not be misused for other things. You might want to read up on basic computer/network security if you want to implement a safe computing environment. |
||||||||
|
|
|||||||
I have just create any account by the workstation which are my shares. The drives get new share setting who the new user account can use. So I use your script and nothing happens..... At all time if I use the use command with user and password parameters the [censored] does not work. And with this script works are settings without user and password not..... I have no idea...damn |
||||||||
|
|
|||||||
Enable eventlog logging and check the eventlogs on the local machines. I can assure youthat USE does work with alternative credentials in both a WORKGROUP and a DOMAIN settings as I am using both. Please show the latest script you've used. |