#196497 - 2009-10-27 06:28 PM
Kix 4.61+ INGROUP + Windows 7
|
kaffee
Fresh Scripter
Registered: 2009-10-26
Posts: 5
Loc: Paris
|
HI, I am migrating to Kix 4.61 and some WK7. I am starting to have a headache with Windows 7 + Kix 4.61 and the INGROUP command. Just it is not working *- i have serach a lot in the net and forums and nothing a part the post #196185
Anyone can tell if INGROUP (4.61) on windows 7 (32 and 64 bits) works if yes how ?
Ps. INGROUP (4.61) works fine on XP, Windows Server 2008 Enterprise Edition 64 bits
IF INGROUP("ADMINS") = 1
AT (17,9) "Connexion \\SVRXSL02\CONSOLES "
USE W: /D /PERSISTENT
USE W: \\SVRXSL02\CONSOLES
sleep 1
ENDIF
Thanks Kaffee
Edited by Mart (2009-10-28 09:07 AM) Edit Reason: Please use code tags when posting code.
|
Top
|
|
|
|
#196499 - 2009-10-27 09:50 PM
Re: Kix 4.61+ INGROUP + Windows 7
[Re: kaffee]
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4549
Loc: USA
|
Try this and post back your results.
? "kix:" + @kix
IF INGROUP("ADMINS")
? "In the group"
USE W: /D /PERSISTENT
? @result
? @serror
USE W: "\\SVRXSL02\CONSOLES"
? @result
? @serror
else
? "Not in Group"
ENDIF
Also, check the Eventlog for any errors that might be of use. Make sure your group name is spelled correctly.
|
Top
|
|
|
|
#196504 - 2009-10-28 11:39 AM
Re: Kix 4.61+ INGROUP + Windows 7
[Re: Allen]
|
kaffee
Fresh Scripter
Registered: 2009-10-26
Posts: 5
Loc: Paris
|
Hi,
Result of the script Kix : 4.61 Not in Group
There is an event error log see below (in french) but event ID is 1789 the error is on W7 32 bits and 64 bits
The speeling name is correct as it works on XP, Windows 2008 Server and for information our Active Directory is Windows 2000 DC's
I think that someting is missing to get a trust membership between the Server and Station
Thanks for any suggestion Rgds, Kaffee
Nom du journal :Application Source : KIXTART Date : 28/10/2009 11:20:51 ID de l’événement :1789 Catégorie de la tâche :Aucun Niveau : Erreur Mots clés : Classique Utilisateur : N/A Ordinateur : AdminSel-Win7.Xsl.Schneider-Electric.com Description : La description de l’ID d’événement 1789 dans la source KIXTART est introuvable. Le composant qui a déclenché cet événement n’est pas installé sur l’ordinateur local ou l’installation est endommagée. Vous pouvez installer ou réparer le composant sur l’ordinateur local.
Si l’événement provient d’un autre ordinateur, les informations d’affichage doivent être enregistrées avec l’événement.
Les informations suivantes étaient incluses avec l’événement :
GetPrimaryGroup failed Error : La relation d’approbation entre cette station de travail et le domaine principal a échoué. (0x6fd/1789)
|
Top
|
|
|
|
#196516 - 2009-10-29 09:42 AM
Re: Kix 4.61+ INGROUP + Windows 7
[Re: Mart]
|
kaffee
Fresh Scripter
Registered: 2009-10-26
Posts: 5
Loc: Paris
|
Hi,
Sorry for taking some time for reply du to tests and work.
So, In my case Kix version : 4.61 W2K DC + Windows 2000 AD - Clients : Windows XP, Windows Vista, Windows 7, Windows 2008 Srv : all 32 and 64 bits
My simple script is to check if some users are in a goup :
? "kix:" + @kix
IF INGROUP("ADMINS")
? "In the group"
USE W: /D /PERSISTENT
? @result
? @serror
USE W: "\\SVRXSL02\CONSOLES"
? @result
? @serror
else
? "Not in Group"
ENDIF
It work for all clients except for : Windows 7 32 and 64 bits
The Microsfot KB 262958 doesnot resolve the issue http://support.microsoft.com/default.aspx?scid=kb;en-us;262958
But i have found something intersting:
If I do use the BuiltIN Groups : (Domain Local Groups) - IT WORKS But NOT for Global Groups
BuitIn group List (In French) Accès compatible Pre-Windows 2000 Administrateurs Duplicateurs Invités Opérateurs de compte Opérateurs de sauvegarde Opérateurs de serveur Opérateurs d'impression Utilisateurs
Well, It is not working but i did progress a bit. I will continue in investigating if someone has a clue i take it.
Rgds Kaffee
Edited by Mart (2009-10-29 10:59 AM) Edit Reason: Please use code tags when posting code.
|
Top
|
|
|
|
#196517 - 2009-10-29 10:25 AM
Re: Kix 4.61+ INGROUP + Windows 7
[Re: kaffee]
|
kaffee
Fresh Scripter
Registered: 2009-10-26
Posts: 5
Loc: Paris
|
Hi again,
I have created a new DOMAIN GROUP , insert users in it and test : IT WORKS
In my case, I cannot test the Universal Groups
In conclusion for my part for Windows 7 : INGROUP doesnot work for Global Groups
If anyone has a solution for Global Groups.
Rgds, Kaffee
|
Top
|
|
|
|
#196548 - 2009-11-02 10:19 AM
Re: Kix 4.61+ INGROUP + Windows 7
[Re: Arend_]
|
Arend_
MM club member
Registered: 2005-01-17
Posts: 1895
Loc: Hilversum, The Netherlands
|
Alright, update. It's definately the way KiX looks it up. If you try it using LDAP it works fine. for instance:
Dim $objSysInfo, $objUser, $objGroup
$objSysInfo = CreateObject("ADSystemInfo")
$objUser = GetObject("LDAP://"+$objSysInfo.userName)
$objGroup = GetObject("LDAP://CN=Domain Admins,CN=users,DC=mydomain,DC=local")
If $objGroup.IsMember($objUser.AdsPath)
? "Global Test Succeeded"
Else
? "Global Test Failed"
EndIf
|
Top
|
|
|
|
#196560 - 2009-11-03 09:09 AM
Re: Kix 4.61+ INGROUP + Windows 7
[Re: Arend_]
|
Arend_
MM club member
Registered: 2005-01-17
Posts: 1895
Loc: Hilversum, The Netherlands
|
ok WinNT test passes as well:
Dim $objGroup
$objGroup = GetObject("WinNT://"+@LDOMAIN+"/Domain Admins")
$objGroup.GetInfo
If $objGroup.IsMember("WinNT://"+@LDOMAIN+"/"+@USERID) = -1
? "Global Test Succeeded"
Else
? "Global Test Failed"
EndIf
|
Top
|
|
|
|
#196561 - 2009-11-03 09:14 AM
Re: Kix 4.61+ INGROUP + Windows 7
[Re: Arend_]
|
Arend_
MM club member
Registered: 2005-01-17
Posts: 1895
Loc: Hilversum, The Netherlands
|
Since the GetSID fails in the psTools I figured I'll test my own Name2SID udf (as can be found in the UDF section). And all those tests pass, which means WMI works fine too.
? Name2SID(@USERID)
? Name2SID("Domain Admins")
Function Name2SID(Optional $userid,Optional $domain)
If $userid = "" $userid = @USERID EndIf
If $domain = "" $domain = @LDOMAIN EndIf
Dim $objWMIService
$objWMIService = GetObject("winmgmts:\\.\root\cimv2")
$Name2SID = $objWMIService.Get("Win32_Account.Name='"+$userid+"',Domain='"+$domain+"'").SID
If @ERROR EXIT @ERROR EndIf
EndFunction
So I can conclude the following: When talking to the AD; LDAP works fine. WinNT works fine. WMI works fine.
So I can't seem to figure out how kixtart is talking to the AD.
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 370 anonymous users online.
|
|
|