Page 1 of 1 1
Topic Options
#197574 - 2010-01-29 03:32 PM Back to basics
2Cs Offline
Just in Town

Registered: 2010-01-29
Posts: 4
Loc: UK
Hi all,

I have no previous experience of creating Kixtart login scripts.

Can someone post me a sample login script so I can see what it is I need to do?

Thanks,

Al

Top
#197575 - 2010-01-29 03:53 PM Re: Back to basics [Re: 2Cs]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
It all depends on what you would like the logon script to do.

- Map drives
- Map printers
- Set some configuration settings.
- Etc.....

You must have some idea what you would like the script to do for you right? Can you let us know your requirements for the script?

Kix is very powerful and can make your job as an admin a lot easier.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#197576 - 2010-01-29 03:58 PM Re: Back to basics [Re: Mart]
2Cs Offline
Just in Town

Registered: 2010-01-29
Posts: 4
Loc: UK
I would like the script to do the following:

-Detect site & then map the required drives for that site
-Install printers shared on Print Server
-Deploy VNC, writting password and other settings
-Update local admin password
-Update system time

Once I get a feel for this I could then add any additional requirements after, just need some help getting started.

Thanks Mart,

Al

Top
#197577 - 2010-01-29 04:23 PM Re: Back to basics [Re: 2Cs]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
A small example:
 Code:
Break on

Select
	;Map drive x for Site1
	Case @SITE = "Site1"
		Use x: "\\server1\share"
	;Map drive x for Site2
	Case @SITE = "Site2"
		Use x: "\\server2\share"
	;Map drive x for Site3
	Case @SITE = "Site3"
		Use x: "\\Server3\Share"
EndSelect

;Add the printer.
$rc = AddPrinterConnection("\\server\printer")
;Set the printer as default.
$rc = SetDefaultPrinter("\\server\printer")

;Set disconenct action to Lock.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "DisconnectAction", "Lock", "REG_SZ")
;Set remove wallpaper on connect to true.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "RemoveWallpaper", "1", "REG_DWORD")
;Set remove pattern on connect to true.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "RemovePattern", "1", "REG_DWORD")
;Set remove disable effects on connect to true.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "DisableEffects", "1", "REG_DWORD")
;Set VNC password for server or workstations used as servers.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "Password", "Binary password goes here", "REG_BINARY")
;Disable ask user to accept connections.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "QueryConnect", "0", "REG_DWORD")
;Disable only connect if user is logged on.
$rc = WriteValue("HKLM\SOFTWARE\RealVNC\WinVNC4", "QueryOnlyIfLoggedOn", "0", "REG_DWORD")

;Set local admin password.
Shell '%comspec% /c "net user administrator Password">Nul'


Setting the time should be done using AD if you have AD. If not then SetTime command can help you. All commands and functions are listed in the manual that comes with the KiXtart package you can download.
If you have any question then please post them.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#197578 - 2010-01-29 04:38 PM Re: Back to basics [Re: Mart]
eriqjaffe Offline
Hey THIS is FUN

Registered: 2004-06-24
Posts: 214
Loc: Arlington Heights, IL USA
Here's what I use to set the local admin password:

 Code:
$sNewPassword = "YourSuperSecretPasswordGoesHere!"
$sAdminName = GetAdministratorName
$oUser = GetObject("WinNT://" + @WKSTA + "/" + $sAdminName + ",user")
$oUser.SetPassword($sNewPassword)
$oUser.SetInfo

Function GetAdministratorName()
  Dim $sUserSID, $oWshNetwork, $oUserAccount
  $oWshNetwork = CreateObject("WScript.Network")
  $oUserAccounts = GetObject("winmgmts://" + $oWshNetwork.ComputerName + "/root/cimv2").ExecQuery("Select Name, SID from Win32_UserAccount" + " WHERE Domain = '" + $oWshNetwork.ComputerName + "'")
  For Each $oUserAccount In $oUserAccounts
    If Left($oUserAccount.SID, 9) = "S-1-5-21-" And Right($oUserAccount.SID, 4) = "-500"
      $GetAdministratorName = $oUserAccount.Name
    EndIf
  Next
EndFunction

I tokenize the script (read the manual about that) and call it from the main login script so the admin password isn't hanging around in plain text.

It can also be set via GPO, which is probably a better way to go.


Edited by eriqjaffe (2010-01-29 04:39 PM)

Top
#197596 - 2010-02-01 09:19 AM Re: Back to basics [Re: eriqjaffe]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
Nice.
Never even thought about doing it this way. We have some French XP's here and I had a separate part of the script setting the admin password for the local Administarteur instead of the Administrator with a shell command.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#197612 - 2010-02-02 12:45 PM Re: Back to basics [Re: Mart]
2Cs Offline
Just in Town

Registered: 2010-01-29
Posts: 4
Loc: UK
Hi Mart,

Thanks for that, how do I specify what site is 1/2/3/etc?

Does that script run as the user?

If so how will they have permissions for change the local admin password?

If not does it run as domain admin/administrator account, will this not cause problems with multiple users mapping the drive with the same credentials?

Thanks,

Al

Top
#197613 - 2010-02-02 01:00 PM Re: Back to basics [Re: 2Cs]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
Sites can be identified in AD (see the @SITE macro) or via subnet.

Login scripts run in the User context.

Changing the admin password is not a login process - it is an admin process and you can find many examples of how to accomplish this right from your desk, run as a domain admin.

I don't really understand your last concern. We have clients who have hundreds of sites with thousands of users and have no problem mapping to resources without any level of admin access.

Maybe you should look at the pre-made login script on my web site. The manual PDF is linked to the main login-script page. It should provide you with many ideas of what can be done via login script. Look in Products / Admin Toolchest / Universal Login Script to find the link to the user guide.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#197616 - 2010-02-02 01:34 PM Re: Back to basics [Re: 2Cs]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
2Cs,

Glenn is right.
Sites are defined in AD and should be changed in the script so that the site names in the script match the site names in AD. You need to be at least a local admin to change the PW for the local administrator account. If you need to specify user credentials for mapping your drives then I would suggest setting up your network in a way that the users who need the drive can access it with their credentials.
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#197617 - 2010-02-02 01:37 PM Re: Back to basics [Re: Mart]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
and before you ask. This is "Active Directory - Sites and Services" in your start menu under "Administrative Tools" on your server (or your workstation if you installed the admin tools. You can also reach it by typing "dssite.msc" in a Command Prompt.
Top
#197619 - 2010-02-02 06:41 PM Re: Back to basics [Re: Arend_]
Kdyer Offline
KiX Supporter
*****

Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
One thing guys.. The one thing you all are forgetting are the samples that Ruud so graciously provides in the initial archive that we download and use.

Thanks!

Kent
_________________________
Utilize these resources:
UDFs (Full List)
KiXtart FAQ & How to's

Top
#197744 - 2010-02-11 12:51 PM Re: Back to basics [Re: Kdyer]
2Cs Offline
Just in Town

Registered: 2010-01-29
Posts: 4
Loc: UK
Hi guys,

Below I have my login script that calls the kix script and runs, the admin password change isn't working (assuming I've done something wrong) can someone point me in the right direction?

 Code:
======================
Logon Batch File
======================

@Echo Off

Cls
ECHO Verifying / Updating /  Copying Script Software Installation, Please Wait...

Del c:\windows\system32\logon.kix
Del c:\windows\system32\kix32.exe
Net use m: \\2csdc01\netlogon

xcopy m:\kix32.exe c:\windows\system32 /D /H /I /R /V
xcopy m:\logon.kix c:\windows\system32 /D /H /I /R /V

Net use m: /delete

ECHO Loading Logon Script, Please Wait...
c:\windows\SYSTEM32\KIX32.EXE c:\windows\system32\logon.KIX


 Code:
 ===================================
Kix logon script
===================================

; ===========================================================================================
;
; 	Script Information
;	
;	Title: Map Drives
;	Author: Alex Wilden					
;	Description: Map login drives depending on group membership			
;	
;
; ===========================================================================================
;=============================================
;Map Network Drives
;=============================================

If InGroup("kixtart_test")
	Use Z: "\\2CSDC01\Netlogon"
;=============================================
;Set Local Admin Password
;=============================================

$sNewPassword = "password123!"
$sAdminName = GetAdministratorName
$oUser = GetObject("WinNT://" + @WKSTA + "/" + $sAdminName + ",user")
$oUser.SetPassword($sNewPassword)
$oUser.SetInfo

Function GetAdministratorName()
	Dim $sUserSID, $oWshNetwork, $oUserAccount
	$oWshNetwork = CreateObject("WScript.Network")
	$oUserAccounts = GetObject("winmgmts://" + $oWshNetwork.ComputerName + "/root/cimv2").ExecQuery("Select Name, SID from Win32_UserAccount" + " WHERE Domain = '" + $oWshNetwork.ComputerName + "'")
	For Each $oUserAccount in $oUserAccounts
		If Left($oUserAccount.SID, 9) = "S-1-5-21-" And Right($oUserAccount.SID, 4) = "-500"
			$GetAdministratorName = $oUserAccount.Name
		EndIf
	Next
EndFunction
ption explicit
Dim objNetwork, strComputer
Dim strPassword, strAdminUserName, strNewAdminUserName

Set objNetwork = CreateObject("Wscript.Network")
strComputer = UCase(objNetwork.ComputerName)

' The old name of the administrator user account (normally administrator)
strAdminUserName = "Administrator"
' The new name of the administrator user account
strNewAdminUserName = "NormalUser"
' Password includes computername to have a unique password on all computers.
strPassword = "PrefixSTDP@$$w0rd" & strComputer

' Rename admin user account
renameUser strComputer, strAdminUserName, strNewAdminUserName
' Set password of admin user account
setPWD strComputer, strNewAdminUserName, strPassword

' Reset password for a local user account on a given computer
sub setPWD(strComputer, strUser, strPassword)

Dim objUser
' Ignore error if user account isn' t found Or error changing Password
on error resume Next 
Set objUser = GetObject("WinNT://" & strComputer & "/" & strUser & ",user")
If err.number = 0 then
	objUser.SetPassword strPassword
	objUser.SetInfo
	end If
	on error Goto 0
	
	end sub


Edited by 2Cs (2010-02-11 12:53 PM)

Top
#197745 - 2010-02-11 02:25 PM Re: Back to basics [Re: 2Cs]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
First off, placing Kix on every workstation just for login script processing is a major maintenance issue, and placing it into the Windows folder structure can be considered a security issue, even resulting in Kix being removed by some AV software. Put Kix32.exe and your login script in the NETLOGON share of one of your DCs and let it replicate. Simply specify "Kix32 login.kix" in the login script field of your user's profile. Your method also significantly impacts the performance of the login script!

Second issue - you are mixing VBScript with Kix. I imagine you're getting all kinds of errors posted. Use one or the other and remove anything that isn't appropriate for the script type.

Third issue - you have open clauses - If without EndIf, for example.

Finally, you are complicating this unnecessarily by attempting this via a login process. This is an administrative task, and should be performed BY an administrator. User's in a well managed organization generally don't have the access rights necessary to perform tasks like this. There are several ways you can accomplish this right from your desk, logged in as ad admin (or even simply running a command prompt as an admin and running the command from there.)

Method 1 - Use a remote execute method to call the NET command to manipulate the local accounts using tools available on every version of windows. There are Kix UDFs available to accomplish this, or even PSExec.exe, which can be used with a batch script. Type "NET HELP USER" at a command prompt for more info.

Method 2 - Use the task scheduler to run a task with network administrator rights. You can schedule this to run on all systems at a preset time (download tsAdm from my web site to accomplish this) or use a script to define and immediately execute the task (tcLib provides all the UDFs needed to do this). If you download and install the tsAdm package on your workstation and create a list of computer names to update (notepad, one computer name per line) you can use the Task Blast to push the update task to all computers with one procedure, and it would be done with proper admin rights.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
2 registered (morganw, mole) and 414 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.069 seconds in which 0.022 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org