#197574 - 2010-01-29 03:32 PM
Back to basics
|
2Cs
Just in Town
Registered: 2010-01-29
Posts: 4
Loc: UK
|
Hi all,
I have no previous experience of creating Kixtart login scripts.
Can someone post me a sample login script so I can see what it is I need to do?
Thanks,
Al
|
Top
|
|
|
|
#197576 - 2010-01-29 03:58 PM
Re: Back to basics
[Re: Mart]
|
2Cs
Just in Town
Registered: 2010-01-29
Posts: 4
Loc: UK
|
I would like the script to do the following:
-Detect site & then map the required drives for that site -Install printers shared on Print Server -Deploy VNC, writting password and other settings -Update local admin password -Update system time
Once I get a feel for this I could then add any additional requirements after, just need some help getting started.
Thanks Mart,
Al
|
Top
|
|
|
|
#197577 - 2010-01-29 04:23 PM
Re: Back to basics
[Re: 2Cs]
|
Mart
KiX Supporter
Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
|
A small example:
Break on
Select
;Map drive x for Site1
Case @SITE = "Site1"
Use x: "\\server1\share"
;Map drive x for Site2
Case @SITE = "Site2"
Use x: "\\server2\share"
;Map drive x for Site3
Case @SITE = "Site3"
Use x: "\\Server3\Share"
EndSelect
;Add the printer.
$rc = AddPrinterConnection("\\server\printer")
;Set the printer as default.
$rc = SetDefaultPrinter("\\server\printer")
;Set disconenct action to Lock.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "DisconnectAction", "Lock", "REG_SZ")
;Set remove wallpaper on connect to true.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "RemoveWallpaper", "1", "REG_DWORD")
;Set remove pattern on connect to true.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "RemovePattern", "1", "REG_DWORD")
;Set remove disable effects on connect to true.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "DisableEffects", "1", "REG_DWORD")
;Set VNC password for server or workstations used as servers.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "Password", "Binary password goes here", "REG_BINARY")
;Disable ask user to accept connections.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "QueryConnect", "0", "REG_DWORD")
;Disable only connect if user is logged on.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "QueryOnlyIfLoggedOn", "0", "REG_DWORD")
;Set local admin password.
Shell '%comspec% /c "net user administrator Password">Nul'
Setting the time should be done using AD if you have AD. If not then SetTime command can help you. All commands and functions are listed in the manual that comes with the KiXtart package you can download. If you have any question then please post them.
_________________________
Mart
- Chuck Norris once sold ebay to ebay on ebay.
|
Top
|
|
|
|
#197578 - 2010-01-29 04:38 PM
Re: Back to basics
[Re: Mart]
|
eriqjaffe
Hey THIS is FUN
Registered: 2004-06-24
Posts: 214
Loc: Arlington Heights, IL USA
|
Here's what I use to set the local admin password:
$sNewPassword = "YourSuperSecretPasswordGoesHere!"
$sAdminName = GetAdministratorName
$oUser = GetObject("WinNT://" + @WKSTA + "/" + $sAdminName + ",user")
$oUser.SetPassword($sNewPassword)
$oUser.SetInfo
Function GetAdministratorName()
Dim $sUserSID, $oWshNetwork, $oUserAccount
$oWshNetwork = CreateObject("WScript.Network")
$oUserAccounts = GetObject("winmgmts://" + $oWshNetwork.ComputerName + "/root/cimv2").ExecQuery("Select Name, SID from Win32_UserAccount" + " WHERE Domain = '" + $oWshNetwork.ComputerName + "'")
For Each $oUserAccount In $oUserAccounts
If Left($oUserAccount.SID, 9) = "S-1-5-21-" And Right($oUserAccount.SID, 4) = "-500"
$GetAdministratorName = $oUserAccount.Name
EndIf
Next
EndFunction I tokenize the script (read the manual about that) and call it from the main login script so the admin password isn't hanging around in plain text.
It can also be set via GPO, which is probably a better way to go.
Edited by eriqjaffe (2010-01-29 04:39 PM)
|
Top
|
|
|
|
#197612 - 2010-02-02 12:45 PM
Re: Back to basics
[Re: Mart]
|
2Cs
Just in Town
Registered: 2010-01-29
Posts: 4
Loc: UK
|
Hi Mart,
Thanks for that, how do I specify what site is 1/2/3/etc?
Does that script run as the user?
If so how will they have permissions for change the local admin password?
If not does it run as domain admin/administrator account, will this not cause problems with multiple users mapping the drive with the same credentials?
Thanks,
Al
|
Top
|
|
|
|
#197619 - 2010-02-02 06:41 PM
Re: Back to basics
[Re: Arend_]
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
One thing guys.. The one thing you all are forgetting are the samples that Ruud so graciously provides in the initial archive that we download and use.
Thanks!
Kent
|
Top
|
|
|
|
#197744 - 2010-02-11 12:51 PM
Re: Back to basics
[Re: Kdyer]
|
2Cs
Just in Town
Registered: 2010-01-29
Posts: 4
Loc: UK
|
Hi guys,
Below I have my login script that calls the kix script and runs, the admin password change isn't working (assuming I've done something wrong) can someone point me in the right direction?
======================
Logon Batch File
======================
@Echo Off
Cls
ECHO Verifying / Updating / Copying Script Software Installation, Please Wait...
Del c:\windows\system32\logon.kix
Del c:\windows\system32\kix32.exe
Net use m: \\2csdc01\netlogon
xcopy m:\kix32.exe c:\windows\system32 /D /H /I /R /V
xcopy m:\logon.kix c:\windows\system32 /D /H /I /R /V
Net use m: /delete
ECHO Loading Logon Script, Please Wait...
c:\windows\SYSTEM32\KIX32.EXE c:\windows\system32\logon.KIX
===================================
Kix logon script
===================================
; ===========================================================================================
;
; Script Information
;
; Title: Map Drives
; Author: Alex Wilden
; Description: Map login drives depending on group membership
;
;
; ===========================================================================================
;=============================================
;Map Network Drives
;=============================================
If InGroup("kixtart_test")
Use Z: "\\2CSDC01\Netlogon"
;=============================================
;Set Local Admin Password
;=============================================
$sNewPassword = "password123!"
$sAdminName = GetAdministratorName
$oUser = GetObject("WinNT://" + @WKSTA + "/" + $sAdminName + ",user")
$oUser.SetPassword($sNewPassword)
$oUser.SetInfo
Function GetAdministratorName()
Dim $sUserSID, $oWshNetwork, $oUserAccount
$oWshNetwork = CreateObject("WScript.Network")
$oUserAccounts = GetObject("winmgmts://" + $oWshNetwork.ComputerName + "/root/cimv2").ExecQuery("Select Name, SID from Win32_UserAccount" + " WHERE Domain = '" + $oWshNetwork.ComputerName + "'")
For Each $oUserAccount in $oUserAccounts
If Left($oUserAccount.SID, 9) = "S-1-5-21-" And Right($oUserAccount.SID, 4) = "-500"
$GetAdministratorName = $oUserAccount.Name
EndIf
Next
EndFunction
ption explicit
Dim objNetwork, strComputer
Dim strPassword, strAdminUserName, strNewAdminUserName
Set objNetwork = CreateObject("Wscript.Network")
strComputer = UCase(objNetwork.ComputerName)
' The old name of the administrator user account (normally administrator)
strAdminUserName = "Administrator"
' The new name of the administrator user account
strNewAdminUserName = "NormalUser"
' Password includes computername to have a unique password on all computers.
strPassword = "PrefixSTDP@$$w0rd" & strComputer
' Rename admin user account
renameUser strComputer, strAdminUserName, strNewAdminUserName
' Set password of admin user account
setPWD strComputer, strNewAdminUserName, strPassword
' Reset password for a local user account on a given computer
sub setPWD(strComputer, strUser, strPassword)
Dim objUser
' Ignore error if user account isn' t found Or error changing Password
on error resume Next
Set objUser = GetObject("WinNT://" & strComputer & "/" & strUser & ",user")
If err.number = 0 then
objUser.SetPassword strPassword
objUser.SetInfo
end If
on error Goto 0
end sub
Edited by 2Cs (2010-02-11 12:53 PM)
|
Top
|
|
|
|
#197745 - 2010-02-11 02:25 PM
Re: Back to basics
[Re: 2Cs]
|
Glenn Barnas
KiX Supporter
Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
|
First off, placing Kix on every workstation just for login script processing is a major maintenance issue, and placing it into the Windows folder structure can be considered a security issue, even resulting in Kix being removed by some AV software. Put Kix32.exe and your login script in the NETLOGON share of one of your DCs and let it replicate. Simply specify "Kix32 login.kix" in the login script field of your user's profile. Your method also significantly impacts the performance of the login script!
Second issue - you are mixing VBScript with Kix. I imagine you're getting all kinds of errors posted. Use one or the other and remove anything that isn't appropriate for the script type.
Third issue - you have open clauses - If without EndIf, for example.
Finally, you are complicating this unnecessarily by attempting this via a login process. This is an administrative task, and should be performed BY an administrator. User's in a well managed organization generally don't have the access rights necessary to perform tasks like this. There are several ways you can accomplish this right from your desk, logged in as ad admin (or even simply running a command prompt as an admin and running the command from there.)
Method 1 - Use a remote execute method to call the NET command to manipulate the local accounts using tools available on every version of windows. There are Kix UDFs available to accomplish this, or even PSExec.exe, which can be used with a batch script. Type "NET HELP USER" at a command prompt for more info.
Method 2 - Use the task scheduler to run a task with network administrator rights. You can schedule this to run on all systems at a preset time (download tsAdm from my web site to accomplish this) or use a script to define and immediately execute the task (tcLib provides all the UDFs needed to do this). If you download and install the tsAdm package on your workstation and create a list of computer names to update (notepad, one computer name per line) you can use the Task Blast to push the update task to all computers with one procedure, and it would be done with proper admin rights.
Glenn
_________________________
Actually I am a Rocket Scientist!
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 557 anonymous users online.
|
|
|