|
|
|||||||
Edit: This is a rewrite since long ago, Free to use and modify. REASON OF POSTING: This community has given me so much since I started sniffing this place for usefull information - time to give something back. Code and instructions as follows; BUILD NOTES: This build was working correctly with a 2003 AD, kix 4.5x and XP clients. Create a GPO with user-logon-script pointing toward wkix32.exe in same catalouge create following files: kixtart.kix Code: ;Main file. if NOT @LOGONMODE Break On EndIf $silent=SetOption('Explicit','ON') $silent=SetOption('CaseSensitivity','OFF') $silent=SetOption('NoMacrosInStrings','OFF') Dim $func_dir,$file_dir,$FileName ;Define values $func_dir = @scriptdir $file_dir = @scriptdir ;call functions $FileName = Dir($func_dir+"\fn*.kix") While $FileName <> "" and @ERROR = 0 call $func_dir+"\$FileName" $FileName = Dir() ; retrieve next file Loop ;Call each *.udf file until an error occurs or there are no more files to call. ;next two lines enabled at testphase. ;MessageBox ("Logon-Script started","Enable and change this text to enable messagebox with info regarding script running",64,) ;fnWriteLog("Script started at: " + @TIME+" "+ @DATE+" "+@LServer+" "+@USERID) fnRemdrive("1.0") fnNetmap($func_dir+"\network.ref") ;fnWriteLog("Script ended at: " + @TIME+" "+ @DATE+" "+@LServer+" "+@USERID) exit network.ref Code: ; Rev 1.0.0 ; Created: ; $Revision: $ $Date: 200y/mm/dd $ ; ; Layout file for logon script ; [NetworkResources] SetTime = SetTime.NetworkResources Group = Group.NetworkResources Domain = Domain.NetworkResources ;Domain.GroupX = Controlgroups to sort by. /* [Controlgroup1] Home.1 = h:,@homeShr,some group SetTime.1 = ,@lserver,some group NetShr.2 = i:,\\netshr\path,some group fnnetmap.kix Code: ; Function for DriveMapping using a standard ini-shaped file (ie - network.ref). function fnnetmap($path) Dim $i,$domaingrp,$valuename,$value,$donotmap,$group $i = 0 for each $domaingrp in split(left(readprofilestring($path,"",""), -1),chr(10)) if $i = 0 and ingroup($domaingrp) $i = $i + 1 for each $valueName in split(left(readprofilestring($path,$domaingrp,""),-1),chr(10)) $value = split(readprofilestring($path,$domaingrp,$valueName),",") $doNotMap = 0 for each $group in split($value[2],"|") if left($group,1) = "!" and ingroup(substr($group,2)) $doNotMap = 1 endif next for each $group in split($value[2],"|") if ingroup($group) - $doNotMap select case left($valueName,7) = "NetShr." use $value[0] $value[1] if @error fnwritelog("Error occured in fnnetmap.kix."+ $value[0] +"|"+ $value[1]+"| "+ @error+" , "+ @serror) endif ;case left($valueName,8) = "SetTime." ;SETTIME "$value[1]" ;if @error fnwritelog("Error occured in fnnetmap.kix."+ $value[0] +"|"+ $value[1]+"| "+ @error+" , "+ @serror) endif case left($valueName,5) = "Home." use $value[0] @HomeShr if @error fnwritelog("Error occured in fnnetmap.kix."+ $value[0] +"|"+ $value[1]+"| "+ @error+" , "+ @serror) endif endselect endif next next endif next endfunction fnwritelog.kix Code: ;fnWriteLog. Function fnWriteLog($text) Dim $rc, $loglile, $filehandle $filehandle = "7" $logfile = ExpandEnvironmentVars(%temp%) + "\logon.log" $rc = WriteLine ($filehandle, @Date + " " + @Time " - " + $text + @CRLF) If $rc < 0 $rc = Close ($filehandle) $rc = Open ($filehandle, $logfile, 5) Select Case $rc = -1 $rc = MessageBox ("Invalid file name (" + $logfile + ") specified for log file.","Logon Script Error",48) Case $rc = 0 fnWriteLog ($text) Case $rc => 0 $rc = MessageBox ("Error(" + $rc + ") while attempting to open log file (" + $logfile + ").","Logon Script Error",48) EndSelect EndIf EndFunction fnRemDrive.kix Code: ;fnRemDrive. Function fnremdrive($checkvalue) dim $checkval,$check,$wrcheck $checkval="HKEY_CURRENT_USER\Software\ACME" $check=readvalue($checkval,"script") if @error = 0 if NOT $check = $checkvalue USE * /DELETE /PERSISTENT $wrcheck=writevalue($checkval,"script",$checkvalue,"REG_SZ") endif endif endfunction Last function was in use due to some error in removing mappings/errors with mapping thanks to faulty handeling of mappings with kix 4.50 and/or a bad damn network. NOTE: Most of this code exists thanks to this community - this is the reason I give it 'back'. Many hours of consulting-time was spent on this - but only to put it into production - NOT development - and the hours that was - code was provided to me by the inhabitants of kixtart.org. Help or code optimation is always welcome. Better commenting as well. Go with the flow. ! Explanation : running wkix32.exe / kix32.exe only will make the script look in @scriptdir for @userid.kix - next in line is kixtart.kix - this exists - and if you ever need a specific login for a user - simply create a main file with the username. The main - kixtart.kix will enumerate (perhaps in a faulty manner) all fn*.kix files in @scriptdir - thus adding your own function will not require that much energy - and logging can always be added or edited due to the use of the function provided (fnwritelog.kix). The structure of the "ini" file containing the mappings should be self-explained. If errors found - please report it. This is a base to be handled. Several functions has been removed due to customer-specific-builds, built during work-hours and thus not mine to use anymore. NOTE REGARDING fnRemDrive: This function uses a reg key to be used as a version-handler - each time you update things you use a new version, if the new version is not equal to the version in the reg-key - remdrive will be used - this was used due to to much troubleshooting faulty drives when servers was changed - new mappings added / removed. NOTE REGARDING PATH TO SCRIPT! : When I wrote and created this in 2006, I used the full scriptpath of\\domain\sysvol\fqdn.topdomain\{id}\[user(think it was)\scripts\ . A bit messy - but safer than placing it in \\domain\netlogon\ due to 1. harder to find - security can be added within the applied logic - you apply this only to a specific WMI-filter/group-access via the GPO. ISSUES: Fast logon opt. may scr*w things up as usual. Nonworking script - disable it. This is as always - WORK IN PROGRESS. Questions/etc - provide it in the thread. EDIT: just realized that the function for removing drives needs to check over - this due to a pre-relase/tested verions was posted. will be fixed. EDIT: Added Mart's rewritten log-function :). EDIT: Added break on/off in kixtart.kix EDIT: Fixed subject spelling.. EDIT: Small revision |
||||||||
|
|
|||||||
Björn, Nice work. Lots of legal mumbo-jumbo but I guess you work at some kind of security or government organisation I especially like the way you call all functions. Just DIR() the functions folder and call whatever is in there. I'll be I inherited a huge pile of rubble as a network from my predecessors It worked but it squeaked and cried with every change we made. Slowly but surely we are getting stuff back on track so we have a clear idea of what we have and what we need before switching from Win2K to Win2K3. We are about 75% done with that and some of your tips and tricks did help in the past and will help with the last few hurdles we need to take in the first half of next year. |
||||||||
|
|
|||||||
Björn, Quote from the shoutbox: Quote: [Les] LOL... I didn't want to pee in your Cornflakes but you have vars in strings... tsk, tsk Just to be sure Les stops peeing in your cornflakes I changed the fnWriteLog function a bit. All vars and macro's are no longer in between quotes. I also added the ExpandEnvironmentVars to the path for the log file. Code: Function fnWriteLog($text) Dim $rc, $loglile, $filehandle $filehandle = "7" $logfile = ExpandEnvironmentVars(%temp%) + "\logon.log" $rc = WriteLine ($filehandle, @Date + " " + @Time " - " + $text + @CRLF) If $rc < 0 $rc = Close ($filehandle) $rc = Open ($filehandle, $logfile, 5) Select Case $rc = -1 $rc = MessageBox ("Invalid file name (" + $fogfile + ") specified for log file.","Logon Script Error",48) Case $rc = 0 fnWriteLog ($text) Case $rc => 0 $rc = MessageBox ("Error(" + $rc + ") while attempting to open log file (" + $logfile + ").","Logon Script Error",48) EndSelect EndIf EndFunction If I'm going to use it in my production environment I would add some lines that would mail the log to the admin(s) if there were more then 0 errors. On every logon I'd check for the existence of the log file and delete it if it exists. |
||||||||
|
|
|||||||
ROFL... I posted that to the shoutbox cuz I didn't want to set the tone here... so much for that. It was just a first observation... I just found it odd. NoMacrosInStrings was explicity set to off despite off being implicit yet in the code, macros were concatenated properly. NoVarsInStrings on the other hand was left implicitly off and vars were imbedded. My other pet peeve is where there are one-liner IF constructs. When quickly scanning down the lines, it initially jumps out as missing ENDIFs which it is not. I realize one-liners are easier to copy/paste and that the indenting shows the true nesting but it still catches my mind's eye. The SETTIME thing, I will hold my tongue on. I don't know about others, but I've never understood the @HomeShr thing. If you map the HomeShr in the profile, why do it in KiX too? I've run into issues with some PCs not mapping it properly in the profile and if done in both places, I've run into conflict issues. I don't set it in the profile leaving it entirely upto the script to do. Deleting drives... another point of confusion... if drives are mapped persistent, the /persistent switch is needed to delete them. If not mapped persistent, they shouldn't need to be deleted. What am I missing? |
||||||||
|
|
|||||||
Mart - Borrow away! Great to hear that my stuff can be used! That kind of huge pile of cr*p I did inherit as well - this is the result of it :). Thank you for the rewrite - tossed it up instead. Regarding the userpart of the script I found that the amount of users that acctually needed their own script - was so few but needed so much alteration so I used the built in function of kix (the first check for @userid.kix , then kixtart.kix ). Les - that's because I did not write that function - someone else here did - and I did not sanitize it since it rolled anyway in the env. SETTIME was used prev on adminmachines that wasn't really part of production - don't bite it off please ;). I know - never really understood why we kept using it either - until we rebuilt the env. and ad kept missing to map it, that wasn't my real concern to fix, so I used it until they fixed it. The drive deletion came because some did persistent mappings over certain map-letters, that was by policy to be used by what ever was mapped by us. Needs to be rewritten to acctually work - this is old scrap from home when I started it out ;). |
||||||||
|
|
|||||||
A bit to bump - just to get some feedback before I'll digg and get my newer version. |
||||||||
|
|
|||||||
Borrowed parts from it in the past and they are useful once more. Got a new job for about a year now (Aug-1) and we have one logon script that does about 5% of what can be done (and 50% of that 5% fails because of user and/or ex-admin actions) and it runs on 3.63 I’ve been altering the stuff I used at my previous job to fit the network me and my colleague manage now and parts of your stuff are in it for sure. Thanks again. |
||||||||
|
|
|||||||
Nice! ( A tad late, but hey... |
||||||||
|
|
|||||||
Quote: I don't know about others, but I've never understood the @HomeShr thing. If you map the HomeShr in the profile, why do it in KiX too? I've run into issues with some PCs not mapping it properly in the profile and if done in both places, I've run into conflict issues. I don't set it in the profile leaving it entirely upto the script to do. I completely agree with you, though, to add an interesting bit of information regarding this. I once had an issue with login scripts, and I had to call Microsoft: the homeshare in the user profile wasn't consistently being picked up by the logon script to map. They flat out told me that the only way that they support login scripts is if they are running from the GPO, and not from the Netlogon. Go figure... Though there's some legit use for the GPO logon scripts, for some reason, I'm still partial for the netlogon scripts, but from that day on, I completely abandoned the net use /home nomenclature, and now rely on either ini files, or database to get use home dirs (at least until I have DFS fully implemented ) |
||||||||
|
|
|||||||
. |
||||||||
|
|
|||||||
Mart / Shane - might just want to delete your messages since they no longer can be viewed in their original context.. Just creates confusion as Bjorn pointed out. Glenn |
||||||||
|
|
|||||||
Done. Thanks. |