|
|
|||||||
I am in a pickle and would just love to hear from someone in an AD environment. Here's the predicament: A generic ID (EDMD, for example) auto-logs into the OS (Win XP) on a domain account. No problem, we do this all the time. This kicks off Vergence which is bio-metric. User swipes card or places fingerprint and system validates them via LDAP (domain\UName) and allows them to log onto the desktop. Now, keep in mind that EDMD is is the one actively connected to the domain. The user is only at the desktop. The HKCU belongs to EDMD, %username% and other env. variables are set for EDMD. Vergence will allow me to run a seperate logon script (.BAT file only) for the desktop and can pass it 3 variables: Domain, Username, and Password. So, EDMD logs on to OS, login script for EDMD runs, GP is set, etc. User logs on, Vergence run the batch file, batch file calls KiXtart. KiXtart script does my drive mappings for me, since users will be in different groups depending upon function (Admin, Nurse, Doctor, etc...). Kicker: Ingroup() is working as designed... It checks against all of the groups for EDMD, not the user. What I apparently need to do is get a list of the groups for the current user to check against. I have no idea how to go about this. BATCH file run by Vergence. Works fine. passes appropriate info. Code: REM MapDrives.bat @ECHO OFF CD KIXTART KIX32 MCGroups.kix /f /i %1 %2 %3 KiXtart script that works normally, but not with Vergence. Code: break on GLOBAL $Credentials ;DM=Domain UN=UserName PW=password for each $Arg in GetCommandLine(1) $Ct = $Ct + 1 if $Ct = 4 $DM = $Arg endif if $Ct = 5 $UN = $Arg endif if $Ct = 6 $PW = $Arg endif next $Credentials = $DM + "\" + $UN ;Sample of using Ingroup(). Left more out for brevity if ingroup("MC\MIG User Group",0) use R: /DELETE use R: "\\MCTECH\Images" /user:$Credentials /password:$PW endif EXIT A piece of code I found that has SOMETHING to do with this, however, I have been unable to figure out how to get it to give me any type of inumeration of groups for a specific user, then, just to complicate matters, a users ID may be in another container besides "Users". Code: Break On $sMCsPath = "LDAP://"+GetObject("LDAP://rootDSE").Get("defaultNamingContext") $objDomain = GetObject($sMCsPath) For Each $objContainer in $objDomain $objContainer.Name ? Next Exit |
||||||||
|
|
|||||||
Welcome to the board John. This was kind of neat and I thought I might be able to figure it out pretty quickly. So try this and see if it fits your needs. You will need to paste the GetUserDN() UDF - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=188576#Post188576 to the bottom of the script. Code: $user=getuserdn("username") ? $user if $user $objUser=getobject("LDAP://" + $user) $Groups = $objUser.GetEx("memberof") for each $group in $groups $Groupname=GetObject("LDAP://" + $Group).cn ? $groupname if $groupname="Doctors" use x: "\\server\share" endif if $groupname="Nurses" use x: "\\server\share" endif next endif |
||||||||
|
|
|||||||
Fantastic! That's the exact piece of code I needed! Here's what I ended up with. I put it all together in about 5 minutes and had it run through Alpha testing in under 10. It goes into a beta group of about 50 PCs later today (after I add a few more mappings in it) then will be deployed to about 9000 PCs in our enterprise. Updating should be a breeze! One file (MCGroups.kix) to modify and allow SCCM to make sure each machine always has the latest version. Kudos: Basically all I have done here is parse my commandline parameters. Allen already had everything else I needed. I was hoping for a jump-off point to get me started and what he posted completed the job in its entirety. I can't tell you how much I appreciate the help! Generic ID auto-logs into OS with domain credentials. GP is set, etc... User logs into desktop with domain credentials (via bio-metrics) and is validated via LDAP. Vergence Authenticator runs MapDrives.bat: Code: @echo off set Credentials=%3\%1 %2 REM H: Will be the users home (private) folder net use H: /delete net use H: \\hospfilesrv\home\%1 /USER:%Credentials% /HOME /PERSISTENT:YES REM I: will be the ERCommon folder net use I: /delete net use I: \\hospfilesrv\ss2\ed\ercommon /USER:%Credentials% /HOME /PERSISTENT:YES cd "C:\Program Files\Sentillion\Vergence Authenticator\Kix" kix32 MCGroups.kix /f %3 %1 %2 /i This kix off the KiXtart script which does the following; Get the DESKTOP user ID, Domain, and Password. Finds the FQDN of the user. Checks to see what group memberships the user has. Assigns drives appropriately. Code: ; MCGroups.KIX break on GLOBAL $CL GLOBAL $Credentials ;Make sure no drives are carried over from previous desktop user! use * /DELETE for each $Arg in GetCommandLine(1) $Ct = $Ct + 1 if $Ct = 4 $Dm = $Arg endif if $Ct = 5 $UN = $Arg endif if $Ct = 6 $PW = $Arg endif next $Credentials = $DM + "\" + $UN ;Thanks to Allen from the KiXtart.org forums for ;this code and the function! He did all the REAL work. $user=getuserdn($Credentials) if $user $objUser=getobject("LDAP://" + $user) $Groups = $objUser.GetEx("memberof") for each $group in $groups $Groupname=GetObject("LDAP://" + $Group).cn if $groupname="MIG User Group" use R: /DELETE use R: "\\server\volume" /user:$Credentials /password:$PW endif if $groupname="Local Machine Admin" use Z: /DELETE use Z: "\\server\volume" /user:$Credentials /password:$PW endif next endif Function getUserDN(optional $username) Dim $objTrans if $username="" $username=@ldomain + "\"+ @userid endif if not instr($username,"\") $username=@ldomain + "\" + $username endif $objTrans = CreateObject("NameTranslate") if @error exit @error else $objTrans.Init(3, "") $objTrans.Set(3,$username) $getUserDN = $objTrans.Get(1) if @error exit @error endif endif EndFunction |
||||||||
|
|
|||||||
Glad to hear it helped. It seemed like this had to have been done before in a UDF, so I searched and it appears that all the group functions are based on the NT provider and not LDAP. With that in mind I went ahead and merged the code into a new UDF called GetADUserGroups() - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=198609#Post198609 To simplify your code above, it would be Code: for each $groupname in GetADUserGroups($Credentials) if $groupname="MIG User Group" use R: /DELETE use R: "\\server\volume" /user:$Credentials /password:$PW endif if $groupname="Local Machine Admin" use Z: /DELETE use Z: "\\server\volume" /user:$Credentials /password:$PW endif next Also... curious why you don't use kix for the vast majority of the script. Specifically, I don't see any reason why you have to map your drives in the batch. |
||||||||
|
|
|||||||
OK, I follow you, I think, but not exactly sure where to place the new code. I placed the UDF at the bottom, and yes, the other drives should be mapped in the KiXtart script (fixed). Can you let me know if I read your instructions correctly? Code: break on use G: /DELETE use J: /DELETE use K: /DELETE use L: /DELETE use N: /DELETE use O: /DELETE use P: /DELETE use Q: /DELETE use R: /DELETE use V: /DELETE use W: /DELETE use X: /DELETE use Y: /DELETE use Z: /DELETE GLOBAL $CL GLOBAL $Credentials for each $Arg in GetCommandLine(1) $Ct = $Ct + 1 if $Ct = 4 $Dm = $Arg endif if $Ct = 5 $UN = $Arg endif if $Ct = 6 $PW = $Arg endif next $Credentials = $DM + "\" + $UN use H: /DELETE use H: "\\hospfilesrv\Home\$UN" /user:$Credentials /password:$PW use I: /DELETE use I: "\\hospfilesrv\ss2\ed\ercommon" /user:$Credentials /password:$PW $user=getuserdn($Credentials) /* if $user $objUser=getobject("LDAP://" + $user) $Groups = $objUser.GetEx("memberof") for each $group in $groups $Groupname=GetObject("LDAP://" + $Group).cn if $groupname="edmgt" use H: /DELETE use H: "\\hospfilesrv\edmgt" /user:$Credentials /password:$PW endif if $groupname="Local Machine Admin" use Y: /DELETE use Y: "\\mctech02repo\backup" /user:$Credentials /password:$PW use Z: /DELETE use Z: "\\mctech\software" /user:$Credentials /password:$PW endif next endif */ for each $groupname in GetADUserGroups($Credentials) if $groupname="edmgt" use H: /DELETE use H: "\\hospfilesrv\edmgt" /user:$Credentials /password:$PW endif if $groupname="Local Machine Admin" use Y: /DELETE use Y: "\\mctech02repo\backup" /user:$Credentials /password:$PW use Z: /DELETE use Z: "\\mctech\software" /user:$Credentials /password:$PW endif next Function getUserDN(optional $username) Dim $objTrans if $username="" $username=@ldomain + "\"+ @userid endif if not instr($username,"\") $username=@ldomain + "\" + $username endif $objTrans = CreateObject("NameTranslate") if @error exit @error else $objTrans.Init(3, "") $objTrans.Set(3,$username) $getUserDN = $objTrans.Get(1) if @error exit @error endif endif EndFunction function getADUserGroups(optional $username, optional $mode) Dim $objTrans, $objUser, $group, $array[0], $i if $username="" $username=@ldomain + "\"+ @userid endif if not instr($username,"\") $username=@ldomain + "\" + $username endif $objTrans = CreateObject("NameTranslate") if @error exit @error else $objTrans.Init(3, "") $objTrans.Set(3,$username) $username = $objTrans.Get(1) if @error exit @error else for each $group in getobject("LDAP://" + $username).GetEx("memberof") redim preserve $array[$i] if $mode=0 $array[$i]=GetObject("LDAP://" + $Group).cn else $array[$i]=$group endif $i=$i+1 next $getADUserGroups=$array endif endif endfunction |
||||||||
|
|
|||||||
You can remove the line using getuserDN() and the the function itself. It's all tied up in the new UDF now. You might also consider commenting the two sections of mappings as to why you are doing it the way you are, similar to your first post here. (Glenn will love me for asking for comments ). |
||||||||
|
|
|||||||
Allen, I'm about to head out for the weekend and will not have access to a PC, but I'll be back bright and early Monday morning. You've been a tremendous assistance and I really do appreciate it. Now, here it is in its entirety. This is the batch file being called by the Vergence Authenticator: Code: @echo off cd "C:\Program Files\Sentillion\Vergence Authenticator\Kix" START /W /B kix32 MCGroups.kix /f %3 %1 %2 /i As you can see, all drive mappings are going to be placed in the KiXtart script, which follows, along with my current internal comments. Code: ; MCGroups.KIX /*Hmmm. Might be able to "use * /DELETE" here. Need to check with E.D. Mgt. Team*/ use G: /DELETE use J: /DELETE use K: /DELETE use L: /DELETE use N: /DELETE use O: /DELETE use P: /DELETE use Q: /DELETE use R: /DELETE use V: /DELETE use W: /DELETE use X: /DELETE use Y: /DELETE use Z: /DELETE /* I don't think these are needed now*/ GLOBAL $CL GLOBAL $Credentials /* Lets parse the CommandLine and make it more friendly*/ for each $Arg in GetCommandLine(1) $Ct = $Ct + 1 if $Ct = 4 $Dm = $Arg endif if $Ct = 5 $UN = $Arg endif if $Ct = 6 $PW = $Arg endif next $Credentials = $DM + "\" + $UN /* ALL users in the E.D. should have these drives*/ use I: /DELETE use I: "\\hospfilesrv\ss2\ed\ercommon" /user:$Credentials /password:$PW use H: /DELETE use H: "\\hospfilesrv\Home\$UN" /user:$Credentials /password:$PW /* ; Per C.A.B. ; This section to be implemented for a redirection if it has not been done already ; Still needs testing. If it requires a restart or re-logon to take affect then ; we may need another solution. Will alpha in isolated ESIS Domain. ; Oh, and the test is generic. Will send through ESIS/Server for input. ; Also need to test and see if "HKCU" = "HKEY_CURRENT_USER" in KiXtart ; "File.txt" is merely a token. Be better served to see what the key ; currently says and change only if needed. IF NOT EXIST ("H:\") $Text = "No Home Folder found." + @CRLF $Text = $Text + "Call us at 323-8586 and get one on server:" + @CRLF $Text = $Text + "\\hospfilesrv\home" MESSAGEBOX ($Text, "Home Folder Missing", 4160, 300) ELSE IF NOT EXIST ("H:\File.txt") COPY "File.txt" "H:\" /h /r $Val1 = [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] $Val2 = [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] WRITEVALUE ("$Val1", "Personal", "H:\\", "REG_EXPAND_SZ") WRITEVALUE ("$Val1", "My Pictures", "H:\\My Pictures", "REG_EXPAND_SZ") WRITEVALUE ("$Val1", "My Music", "H:\\My Music", "REG_EXPAND_SZ") WRITEVALUE ("$Val1", "My Videos", "H:\\My Videos", "REG_EXPAND_SZ") WRITEVALUE ("$Val2", "Personal", "H:\\", "REG_EXPAND_SZ") WRITEVALUE ("$Val2", "My Pictures", "H:\\My Pictures", "REG_EXPAND_SZ") WRITEVALUE ("$Val2", "My Music", "H:\\My Music", "REG_EXPAND_SZ") WRITEVALUE ("$Val2", "My Videos", "H:\\My Videos", "REG_EXPAND_SZ") ENDIF ENDIF */ ;Author: Allen Powell ; He combined a couple of things into a more elegant piece of code. for each $groupname in GetADUserGroups($Credentials) if $groupname="edmgt" use H: /DELETE use H: "\\hospfilesrv\edmgt" /user:$Credentials /password:$PW endif if $groupname="Local Machine Admin" use Y: /DELETE use Y: "\\mctech02repo\backup" /user:$Credentials /password:$PW use Z: /DELETE use Z: "\\mctech\software" /user:$Credentials /password:$PW endif next ;Function: GetADUserGroups() - Get User Properties / Attributes from Active Directory ;Author: Allen Powell ;Version: 1.0.0 2010/05/13 ;Action: Get a Users Groups from Active Directory ;Syntax: GetADUserGroups(optional $user, optional $mode) ;Parameters: ; $user(optional) Supply the user name in the form of USERNAME or DOMAIN\USERNAME. ; If ommitted, will default to the current user. ; $mode(optional) 0 = GroupNames, 1 = Group OU Names. Defaults to GroupNames ;Returns: An array of groupnames, or nothing ;Dependencies: None ;Example: ; for each $group in GetADUsergroups("username") ; ? $group ; next ; function getADUserGroups(optional $username, optional $mode) Dim $objTrans, $objUser, $group, $array[0], $i if $username="" $username=@ldomain + "\"+ @userid endif if not instr($username,"\") $username=@ldomain + "\" + $username endif $objTrans = CreateObject("NameTranslate") if @error exit @error else $objTrans.Init(3, "") $objTrans.Set(3,$username) $username = $objTrans.Get(1) if @error exit @error else for each $group in getobject("LDAP://" + $username).GetEx("memberof") redim preserve $array[$i] if $mode=0 $array[$i]=GetObject("LDAP://" + $Group).cn else $array[$i]=$group endif $i=$i+1 next $getADUserGroups=$array endif endif endfunction |
||||||||
|
|
|||||||
Not that there is any thing wrong with block comments, but you might just stick with using the semi colon for comments. It seems very few people who post here use the block style. |
||||||||
|
|
|||||||
Originally Posted By: Allen ...follow up and say if it worked, OR even a Thanks would be nice THANKS! I haven't forgotten, but I have a few things I've been working out on the Vergence side. Should have a completed script, ini and batch file tomorrow (hopefully). I'll make sure to post the info here. Oh, and I've removed the block comments and changed them to semi-colons. |
||||||||
|
|
|||||||
Not directed at you specially... its my signature... way to many people never say a word after asking for help. |
||||||||
|
|
|||||||
Well, our Change Advisory Board has approved our rollout and deployment has begun. Here's what we ended up with: Our installer adds the following registry keys to redirect "My Documents" to the H: Code: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Personal"="H:\\" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Personal"=hex(2):48,00,3a,00,5c,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetCache] "Enabled"=dword:00000000 Here's the install batch file: Code: @ECHO OFF CLS ECHO. ECHO. ECHO You MUST be logged in as the user WITH Admin Rights ECHO to successfully complete this installation. ECHO If you are NOT, abort this script now. ECHO. ECHO. PAUSE ECHO. ECHO. ECHO Setting up the registry for "My Documents" redirection ECHO Setting up the registry to turn OFF "File Synchronization" regedit /s PersonalRedirect.reg ECHO. ECHO. ECHO Copying necessary files... COPY MapDrives.bat "C:\Program Files\Sentillion\Vergence Authenticator" /y rem COPY Authenticator.ini "C:\Program Files\Sentillion\Vergence Authenticator" /y MD "C:\Program Files\Sentillion\Vergence Authenticator\Kix" COPY .\Kix\*.exe "C:\Program Files\Sentillion\Vergence Authenticator\Kix" /y COPY .\Kix\*.chm "C:\Program Files\Sentillion\Vergence Authenticator\Kix" /y COPY .\Kix\*.dll "C:\Program Files\Sentillion\Vergence Authenticator\Kix" /y COPY .\Kix\*.kix "C:\Program Files\Sentillion\Vergence Authenticator\Kix" /y COPY .\Kix\*.lnk "C:\Documents and Settings\All Users\Desktop" /y ECHO. ECHO. ECHO Now the hard part. You need to make 2 changes to Authenticator.ini. ECHO I will open it for you in a moment. ECHO Find the line "Path=" ABOUT 20 to 25 lines down. Change it to: ECHO. ECHO Path="C:\Program Files\Sentillion\Vergence Authenticator\MapDrives.bat" ECHO. ECHO Next you need to find the line "Valsa=CredAgent.exe" (A few lines further down) ECHO All you need to do is put a semi-colon (;) in front of it. ECHO. ECHO I will open Authenticator.ini after this pause. ECHO. PAUSE NOTEPAD "C:\Program Files\Sentillion\Vergence Authenticator\Authenticator.ini" ECHO. ECHO. ECHO When you are finished with the file please remove the user's Admin rights. ECHO Do that now please. ECHO. ECHO. ECHO Installation is complete. ECHO Please restart the PC. ECHO. PAUSE Once the install is completed and the file MapDrives.bat is placed, when a user logs in the DESKTOP it is executed. The IF statement needs to be there because (according to vendor) this file will run at both logon and logoff (I don't know why, but they say it does. Seems poorly planned to me). Code: @echo off IF %3 == "" GOTO END cd "C:\Program Files\Sentillion\Vergence Authenticator\Kix" kix32.exe MCGroups.kix /f %3 %1 %2 /i EXIT :END Obviously, all that does is run the KiXtart script, which is here: Code: ;Program: MCGroups.KIX ;Author: John K. Fischer with tremendous help from ; Allen Powell of www.KiXtart.org ;Version: 1.0.0 May 27, 2010 ;Action: ;Dependencies: Kix32.exe 4.61 ; use G: /DELETE use H: /DELETE use I: /DELETE use J: /DELETE use K: /DELETE use L: /DELETE use N: /DELETE use O: /DELETE use P: /DELETE use Q: /DELETE use R: /DELETE use V: /DELETE use W: /DELETE use X: /DELETE use Y: /DELETE use Z: /DELETE ; Have to delete these so they can be mapped for the DT user. ; Can only have one logged in user per server connection and ; the Generic ID already connected. S: and T: can be left ; alone since we are not attempting a second connection to ; that particular server use M: /DELETE use U: /DELETE GLOBAL $CL, $Credentials, $Dm, $UN, $PW, $Folder ; Lets parse the CommandLine and make it more friendly for each $Arg in GetCommandLine(1) $Ct = $Ct + 1 if $Ct = 4 $Dm = $Arg endif if $Ct = 5 $UN = $Arg endif if $Ct = 6 $PW = $Arg endif next $Credentials = $DM + "\" + $UN ; ALL users in the E.D. should have this drive $Folder = "\\hospfilesrv\" + $UN + "$$" use H: $Folder /user:$Credentials /password:$PW ; Check and make sure user has a home folder and give the ; instructions if they do not. IF NOT EXIST ("H:\") $Text = "Home Folder does not exist." + @CRLF $Text = $Text + "Please call 323-8586 and request access for the following folder: " + @CRLF $Text = $Text + "\\hospfilesrv\$UN$$" MESSAGEBOX ($Text, "Home Folder Missing", 4160, 20) ENDIF ;Author: Allen Powell ; He combined a couple of things into a more elegant piece of code. ; This is where all of the drive mappings should be located and they ; are all based upon a users group membership in Active Directory. for each $groupname in GetADUserGroups($Credentials) if instr($groupname,"ERcommon") use I: "\\hospfilesrv\ss2\ed\ercommon" /user:$Credentials /password:$PW endif if $groupname="neotransport" use J: "\\hospfilesrv\neotransport$" /user:$Credentials /password:$PW endif if $groupname="edmgt" use K: "\\hospfilesrv\edmgt" /user:$Credentials /password:$PW endif if $groupname="EDTRANSPORT on HOSPFILESRV READ WRITE" use L: "\\hospfilesrv\edtransport" /user:$Credentials /password:$PW endif if $groupname="Softmed" use M: "\\hospfilesrv\him\employee\updates\vpn\unsignedorders" /user:$Credentials /password:$PW use U: "\\hospfilesrv\him" /user:$Credentials /password:$PW endif if $groupname="Local Machine Admin" use Y: "\\mctech02repo\backup" /user:$Credentials /password:$PW use Z: "\\mctech\software" /user:$Credentials /password:$PW endif next ;Function: GetADUserGroups() - Get User Properties / Attributes from Active Directory ;Author: Allen Powell ;Version: 1.0.0 2010/05/13 ;Action: Get a Users Groups from Active Directory ;Syntax: GetADUserGroups(optional $user, optional $mode) ;Parameters: ; $user(optional) Supply the user name in the form of USERNAME or DOMAIN\USERNAME. ; If ommitted, will default to the current user. ; $mode(optional) 0 = GroupNames, 1 = Group OU Names. Defaults to GroupNames ;Returns: An array of groupnames, or nothing ;Dependencies: None ;Example: ; for each $group in GetADUsergroups("username") ; ? $group ; next ; function getADUserGroups(optional $username, optional $mode) Dim $objTrans, $objUser, $group, $array[0], $i if $username="" $username=@ldomain + "\"+ @userid endif if not instr($username,"\") $username=@ldomain + "\" + $username endif $objTrans = CreateObject("NameTranslate") if @error exit @error else $objTrans.Init(3, "") $objTrans.Set(3,$username) $username = $objTrans.Get(1) if @error exit @error else for each $group in getobject("LDAP://" + $username).GetEx("memberof") redim preserve $array[$i] if $mode=0 $array[$i]=GetObject("LDAP://" + $Group).cn else $array[$i]=$group endif $i=$i+1 next $getADUserGroups=$array endif endif endfunction Our end users are loving this. They are finally getting a private folder that will be available no matter where they are, they still have a shared documents folder on the local PC, and they are getting the proper mappings for $hares they need to access. Here is part of what I had to submit to the CAB for them to look over, along with a demo and a beta group of 5 machines. Code: Pre-requisites: System: 1. Must have “File Synchronization” turned off in registry [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetCache] "Enabled"=dword:00000000 2.Generic ID MUST have “My Documents” redirected to H:\ [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Personal"="H:\\" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Personal"=hex(2):48,00,3a,00,5c,00,00,00 Vergence: 1. "C:\Program Files\Sentillion\Vergence Authenticator" must contain: a. "MapDrives.bat" b. Authenticator.ini with the following line changes: Path="C:\Program Files\Sentillion\Vergence Authenticator\MapDrives.bat" ;Valsa=CredAgent.exe 2. KiXtart: a. "C:\Program Files\Sentillion\Vergence Authenticator\Kix" must contain: Document Archives.lnk KiX32.exe KiXtart.dll MCGroups.KIX Kixhelp453.chm 3. Generic ID: a.Must be a member of the "Softmed" group (for S: and T:) 4. Desktop user ID: a. Must have a home folder \\hospfilesrv\home\%Username%$ (for H:) i. Must be accessible as \\hospfilesrv\%Username%$ b. Must be a member of one of the following groups (for I:) i. "ercommon" ii. "ERcommon on HOSPFILESERVER READ WRITE" iii. "ERcommon on HOSPFILESERVER READ ONLY" c. E.D. Transporters: "EDTRANSPORT on HOSPFILESRV READ WRITE" (for J:) d. E.D. Managers: "edmgt" (for K:) e. "Softmed" (for M: and U:) Workflow: 1. Generic ID logs into the OS and Vergence presents a login screen for the Desktop user a.Drives S: and T: are mapped for Softmed under these credentials 2. Desktop user logs in via “Tap & Go” or the keyboard 3. Vergence launches “MapDrives.bat” via Authenticator.ini passing: a. Desktop Username as %1 b. Desktop Password as %2 c. Desktop Domain as %3 4. “Mapdrives.bat” then a. Checks to see if this is a logon or logoff i. If Logoff: 1. exit the batch file 2. end all scripting 3. present the Vergence login screen for next user ii. If Logon: launch “MCGroup.KIX”, passing same credentials as above 5. “MCGroup.KIX” then: a. Clears all drives that may be left from previous user b. Attempts to create users Home folder (H:) i. Success = Yes 1. Continue Script ii. Success = No 1. Notify user to call help-desk and have a home folder created 2. Continue Script c. Query LDAP and create an array of all groups the Desktop user is a member of d. Map appropriate drives based upon group membership i. “Ercommon*”, I: 1. \\hospfilesrv\ss2\ed\ercommon ii. “Softmed”, M: and U: 1. \\hospfilesrv\him\employee\updates\vpn\unsignedorders 2. \\hospfilesrv\him iii. “neotransport”, J: 1. \\hospfilesrv\neotransport$ iv. “edmgt”, K: 1. \\hospfilesrv\edmgt v. "EDTRANSPORT on HOSPFILESRV READ WRITE", L: 1. \\hospfilesrv\edtransport vi. “Local machine Admin”, Y: and Z: 1. \\mctech02repo\backup 2. \\mctech\software 6. Desktop user is presented with the desktop and PC is ready for use Again, my thanks to Allen Powell. Without his assistance this might never have come to fruition so quickly. And now, I wish all of you a great weekend and wonderful next week. I'll be on vacation in the mountains! |
||||||||
|
|
|||||||
Glad to help. The check is in the mail, right? |
||||||||
|
|
|||||||
Code: cd "C:\Program Files\Sentillion\Vergence Authenticator\Kix" Curious why you are not running the script from the netlogon folder of your DCs? |