| 2Cs |
| (Just in Town) |
| 2010-01-29 03:32 PM |
Back to basics
|
Hi all,
I have no previous experience of creating Kixtart login scripts.
Can someone post me a sample login script so I can see what it is I need to do?
Thanks,
Al
| Mart |
| (KiX Supporter) |
| 2010-01-29 03:53 PM |
|
|
Re: Back to basics
|
It all depends on what you would like the logon script to do.
- Map drives
- Map printers
- Set some configuration settings.
- Etc.....
You must have some idea what you would like the script to do for you right? Can you let us know your requirements for the script?
Kix is very powerful and can make your job as an admin a lot easier.
| 2Cs |
| (Just in Town) |
| 2010-01-29 03:58 PM |
|
Re: Back to basics
|
I would like the script to do the following:
-Detect site & then map the required drives for that site
-Install printers shared on Print Server
-Deploy VNC, writting password and other settings
-Update local admin password
-Update system time
Once I get a feel for this I could then add any additional requirements after, just need some help getting started.
Thanks Mart,
Al
| Mart |
| (KiX Supporter) |
| 2010-01-29 04:23 PM |
|
|
|
Re: Back to basics
|
A small example:
Code:
Break on
Select
;Map drive x for Site1
Case @SITE = "Site1"
Use x: "\\server1\share"
;Map drive x for Site2
Case @SITE = "Site2"
Use x: "\\server2\share"
;Map drive x for Site3
Case @SITE = "Site3"
Use x: "\\Server3\Share"
EndSelect
;Add the printer.
$rc = AddPrinterConnection("\\server\printer")
;Set the printer as default.
$rc = SetDefaultPrinter("\\server\printer")
;Set disconenct action to Lock.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "DisconnectAction", "Lock", "REG_SZ")
;Set remove wallpaper on connect to true.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "RemoveWallpaper", "1", "REG_DWORD")
;Set remove pattern on connect to true.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "RemovePattern", "1", "REG_DWORD")
;Set remove disable effects on connect to true.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "DisableEffects", "1", "REG_DWORD")
;Set VNC password for server or workstations used as servers.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "Password", "Binary password goes here", "REG_BINARY")
;Disable ask user to accept connections.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "QueryConnect", "0", "REG_DWORD")
;Disable only connect if user is logged on.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "QueryOnlyIfLoggedOn", "0", "REG_DWORD")
;Set local admin password.
Shell '%comspec% /c "net user administrator Password">Nul'
Setting the time should be done using AD if you have AD. If not then SetTime command can help you. All commands and functions are listed in the manual that comes with the KiXtart package you can download.
If you have any question then please post them.
| eriqjaffe |
| (Hey THIS is FUN) |
| 2010-01-29 04:38 PM |
|
|
Re: Back to basics
|
Here's what I use to set the local admin password:
Code:
$sNewPassword = "YourSuperSecretPasswordGoesHere!"
$sAdminName = GetAdministratorName
$oUser = GetObject("WinNT://" + @WKSTA + "/" + $sAdminName + ",user")
$oUser.SetPassword($sNewPassword)
$oUser.SetInfo
Function GetAdministratorName()
Dim $sUserSID, $oWshNetwork, $oUserAccount
$oWshNetwork = CreateObject("WScript.Network")
$oUserAccounts = GetObject("winmgmts://" + $oWshNetwork.ComputerName + "/root/cimv2").ExecQuery("Select Name, SID from Win32_UserAccount" + " WHERE Domain = '" + $oWshNetwork.ComputerName + "'")
For Each $oUserAccount In $oUserAccounts
If Left($oUserAccount.SID, 9) = "S-1-5-21-" And Right($oUserAccount.SID, 4) = "-500"
$GetAdministratorName = $oUserAccount.Name
EndIf
Next
EndFunctionI tokenize the script (read the manual about that) and call it from the main login script so the admin password isn't hanging around in plain text.
It can also be set via GPO, which is probably a better way to go.
| Mart |
| (KiX Supporter) |
| 2010-02-01 09:19 AM |
|
|
|
Re: Back to basics
|
Nice.
Never even thought about doing it this way. We have some French XP's here and I had a separate part of the script setting the admin password for the local Administarteur instead of the Administrator with a shell command.
| 2Cs |
| (Just in Town) |
| 2010-02-02 12:45 PM |
|
Re: Back to basics
|
Hi Mart,
Thanks for that, how do I specify what site is 1/2/3/etc?
Does that script run as the user?
If so how will they have permissions for change the local admin password?
If not does it run as domain admin/administrator account, will this not cause problems with multiple users mapping the drive with the same credentials?
Thanks,
Al
Glenn Barnas
|
| (KiX Supporter) |
| 2010-02-02 01:00 PM |
|
|
Re: Back to basics
|
Sites can be identified in AD (see the @SITE macro) or via subnet.
Login scripts run in the User context.
Changing the admin password is not a login process - it is an admin process and you can find many examples of how to accomplish this right from your desk, run as a domain admin.
I don't really understand your last concern. We have clients who have hundreds of sites with thousands of users and have no problem mapping to resources without any level of admin access.
Maybe you should look at the pre-made login script on my web site. The manual PDF is linked to the main login-script page. It should provide you with many ideas of what can be done via login script. Look in Products / Admin Toolchest / Universal Login Script to find the link to the user guide.
Glenn
| Mart |
| (KiX Supporter) |
| 2010-02-02 01:34 PM |
|
|
|
Re: Back to basics
|
2Cs,
Glenn is right.
Sites are defined in AD and should be changed in the script so that the site names in the script match the site names in AD. You need to be at least a local admin to change the PW for the local administrator account. If you need to specify user credentials for mapping your drives then I would suggest setting up your network in a way that the users who need the drive can access it with their credentials.
| Arend_ |
| (MM club member) |
| 2010-02-02 01:37 PM |
|
|
Re: Back to basics
|
and before you ask. This is "Active Directory - Sites and Services" in your start menu under "Administrative Tools" on your server (or your workstation if you installed the admin tools. You can also reach it by typing "dssite.msc" in a Command Prompt.
| Kdyer |
| (KiX Supporter) |
| 2010-02-02 06:41 PM |
|
|
Re: Back to basics
|
One thing guys.. The one thing you all are forgetting are the samples that Ruud so graciously provides in the initial archive that we download and use.
Thanks!
Kent
| 2Cs |
| (Just in Town) |
| 2010-02-11 12:51 PM |
|
Re: Back to basics
|
Hi guys,
Below I have my login script that calls the kix script and runs, the admin password change isn't working (assuming I've done something wrong) can someone point me in the right direction?
Code:
====================== Logon Batch File ====================== @Echo Off Cls ECHO Verifying / Updating / Copying Script Software Installation, Please Wait... Del c:\windows\system32\logon.kix Del c:\windows\system32\kix32.exe Net use m: \\2csdc01\netlogon xcopy m:\kix32.exe c:\windows\system32 /D /H /I /R /V xcopy m:\logon.kix c:\windows\system32 /D /H /I /R /V Net use m: /delete ECHO Loading Logon Script, Please Wait... c:\windows\SYSTEM32\KIX32.EXE c:\windows\system32\logon.KIX
Code:
===================================
Kix logon script
===================================
; ===========================================================================================
;
; Script Information
;
; Title: Map Drives
; Author: Alex Wilden
; Description: Map login drives depending on group membership
;
;
; ===========================================================================================
;=============================================
;Map Network Drives
;=============================================
If InGroup("kixtart_test")
Use Z: "\\2CSDC01\Netlogon"
;=============================================
;Set Local Admin Password
;=============================================
$sNewPassword = "password123!"
$sAdminName = GetAdministratorName
$oUser = GetObject("WinNT://" + @WKSTA + "/" + $sAdminName + ",user")
$oUser.SetPassword($sNewPassword)
$oUser.SetInfo
Function GetAdministratorName()
Dim $sUserSID, $oWshNetwork, $oUserAccount
$oWshNetwork = CreateObject("WScript.Network")
$oUserAccounts = GetObject("winmgmts://" + $oWshNetwork.ComputerName + "/root/cimv2").ExecQuery("Select Name, SID from Win32_UserAccount" + " WHERE Domain = '" + $oWshNetwork.ComputerName + "'")
For Each $oUserAccount in $oUserAccounts
If Left($oUserAccount.SID, 9) = "S-1-5-21-" And Right($oUserAccount.SID, 4) = "-500"
$GetAdministratorName = $oUserAccount.Name
EndIf
Next
EndFunction
ption explicit
Dim objNetwork, strComputer
Dim strPassword, strAdminUserName, strNewAdminUserName
Set objNetwork = CreateObject("Wscript.Network")
strComputer = UCase(objNetwork.ComputerName)
' The old name of the administrator user account (normally administrator)
strAdminUserName = "Administrator"
' The new name of the administrator user account
strNewAdminUserName = "NormalUser"
' Password includes computername to have a unique password on all computers.
strPassword = "PrefixSTDP@$$w0rd" & strComputer
' Rename admin user account
renameUser strComputer, strAdminUserName, strNewAdminUserName
' Set password of admin user account
setPWD strComputer, strNewAdminUserName, strPassword
' Reset password for a local user account on a given computer
sub setPWD(strComputer, strUser, strPassword)
Dim objUser
' Ignore error if user account isn' t found Or error changing Password
on error resume Next
Set objUser = GetObject("WinNT://" & strComputer & "/" & strUser & ",user")
If err.number = 0 then
objUser.SetPassword strPassword
objUser.SetInfo
end If
on error Goto 0
end sub|
Glenn Barnas
|
| (KiX Supporter) |
| 2010-02-11 02:25 PM |
|
|
|
Re: Back to basics
|
First off, placing Kix on every workstation just for login script processing is a major maintenance issue, and placing it into the Windows folder structure can be considered a security issue, even resulting in Kix being removed by some AV software. Put Kix32.exe and your login script in the NETLOGON share of one of your DCs and let it replicate. Simply specify "Kix32 login.kix" in the login script field of your user's profile. Your method also significantly impacts the performance of the login script!
Second issue - you are mixing VBScript with Kix. I imagine you're getting all kinds of errors posted. Use one or the other and remove anything that isn't appropriate for the script type.
Third issue - you have open clauses - If without EndIf, for example.
Finally, you are complicating this unnecessarily by attempting this via a login process. This is an administrative task, and should be performed BY an administrator. User's in a well managed organization generally don't have the access rights necessary to perform tasks like this. There are several ways you can accomplish this right from your desk, logged in as ad admin (or even simply running a command prompt as an admin and running the command from there.)
Method 1 - Use a remote execute method to call the NET command to manipulate the local accounts using tools available on every version of windows. There are Kix UDFs available to accomplish this, or even PSExec.exe, which can be used with a batch script. Type "NET HELP USER" at a command prompt for more info.
Method 2 - Use the task scheduler to run a task with network administrator rights. You can schedule this to run on all systems at a preset time (download tsAdm from my web site to accomplish this) or use a script to define and immediately execute the task (tcLib provides all the UDFs needed to do this). If you download and install the tsAdm package on your workstation and create a list of computer names to update (notepad, one computer name per line) you can use the Task Blast to push the update task to all computers with one procedure, and it would be done with proper admin rights.
Glenn