#160973 - 2006-04-21 06:24 AM
User Group to run the script
|
remuspang
Lurker
Registered: 2006-04-21
Posts: 3
|
I have written the script and want to apply as the login script when user logon the domain. However, I found that the script only run when the user belongs to the local administrators group. However, it has security problem if i add everyone to the administrators group. Please Help!
|
Top
|
|
|
|
#160975 - 2006-04-21 09:13 AM
Re: User Group to run the script
|
remuspang
Lurker
Registered: 2006-04-21
Posts: 3
|
1.I am using Windows 2000 Server and AD and Windows 2000 Professional. 2.The version of KIX is Kix2001 3.The Script is running directly based on the user profile by typing "KIX32" in the logon script box. Besides,The script is named "KIXTART.kix" and placed in the netlogon
The following is my script, thanks for your help
Code:
;*** COPY KIXTART REQUIRED FILE TO THE PATH BASED ON THE OS INSTALL *** SETCONSOLE("HIDE")
SELECT CASE @PRODUCTTYPE="WINDOWS 95" OR @PRODUCTTYPE="WINDOWS 98" OR @PRODUCTTYPE="WINDOWS ME" OR @PRODUCTTYPE="WINDOWS XP PROFESSIONAL" IF EXIST ('C:\WINDOWS\KIX32.EXE')=0 COPY '\\HKPM-D\NETLOGON\KIX32.EXE' 'C:\WINDOWS\' ENDIF IF EXIST ('C:\WINDOWS\KX95.DLL')=0 COPY '\\HKPM-D\NETLOGON\KX95.DLL' 'C:\WINDOWS\' ENDIF IF EXIST ('C:\WINDOWS\KX16.DLL')=0 COPY '\\HKPM-D\NETLOGON\KX16.DLL' 'C:\WINDOWS\' ENDIF IF EXIST ('C:\WINDOWS\KX32.DLL')=0 COPY '\\HKPM-D\NETLOGON\KX32.DLL' 'C:\WINDOWS\' ENDIF IF EXIST('C:\WINDOWS\SYSTEM\KIXFORMS.DLL')=0 COPY '\\HKPM-D\NETLOGON\KIXFORMS.DLL' 'C:\WINDOWS\SYSTEM\' Run "%windir%\system\regsvr32 /s kixforms.dll " ENDIF
CASE @PRODUCTTYPE="WINDOWS 2000 PROFESSIONAL" IF EXIST ('C:\WINNT\SYSTEM\KIX32.EXE')=0 COPY '\\HKPM-D\NETLOGON\KIX32.EXE' 'C:\WINNT\SYSTEM\' ENDIF IF EXIST ('C:\WINNT\SYSTEM\KX95.DLL')=0 COPY '\\HKPM-D\NETLOGON\KX95.DLL' 'C:\WINNT\SYSTEM' ENDIF IF EXIST ('C:\WINNT\SYSTEM\KX16.DLL')=0 COPY '\\HKPM-D\NETLOGON\KX16.DLL' 'C:\WINNT\SYSTEM\' ENDIF IF EXIST ('C:\WINNT\SYSTEM\KX32.DLL')=0 COPY '\\HKPM-D\NETLOGON\KX32.DLL' 'C:\WINNT\SYSTEM\' ENDIF IF EXIST('C:\WINNT\SYSTEM32\KIXFORMS.DLL')=0 COPY '\\HKPM-D\NETLOGON\KIXFORMS.DLL' 'C:\WINNT\SYSTEM32\' Run "%windir%\system32\regsvr32 /s kixforms.dll " ENDIF
ENDSELECT
;***CHANGE THE PARENT SERVER OF THE CLIENT TO HKPM-D***
;SELECT ;CASE @PRODUCTTYPE="WINDOWS 95" OR @PRODUCTTYPE="WINDOWS 98" OR @PRODUCTTYPE="WINDOWS ME" ; IF INGROUP ("HOSTAFF") OR INGROUP ("HOMANAGERS") OR INGROUP("HKZM") OR ; INGROUP("TSTZM") OR INGROUP("MKAAM") OR INGROUP("TWAAM") OR ; INGROUP("HKABM") OR INGROUP("TSTABM") OR INGROUP("MKABM") OR ; INGROUP("TWABM") OR INGROUP("ITSTAFF") ; COPY '\\HKPM-D\NETLOGON\GRC.DAT''C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\' ; ENDIF
;CASE @PRODUCTTYPE="WINDOWS 2000 PROFESSIONAL" OR @PRODUCTTYPE="WINDOWS XP PROFESSIONAL" ; IF INGROUP ("HOSTAFF") OR INGROUP ("HOMANAGERS") OR INGROUP ("HOSENIORMGRS") OR INGROUP ("TOPMANAGEMENT") OR INGROUP("ITSTAFF") ; COPY '\\HKPM-D\NETLOGON\GRC.DAT' 'C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\' ; COPY '\\HKPM-D\NETLOGON\GRC.DAT' 'C:\Documents and Settings\All Users.WINNT\Application Data\Symantec\Symantec AntiVirus Corporate ;Edition\7.5\' ; ENDIF
;ENDSELECT
;*** END OF COPY KIXTART PROGRAMS ***
; ***ENABLE MAXIMIZE LOGON SCRIPT WINDOWS FOR WIN 2000 AND XP*** ; ***REM ON 2004-05-17 BECAUSE OF REPLACEMENT OF THE LOGIN SCREEN BY KIXFORMS *** ;IF @dos >= "5.0" ; $hkcus = 'HKEY_CURRENT_USER\SOFTWARE' ; IF 1 <> ReadValue($hkcus+"\Microsoft\Windows NT\CurrentVersion\Winlogon", "RunLogonScriptSync") ; $ = WriteValue ($hkcus+"\Microsoft\Windows NT\CurrentVersion\Winlogon", "RunLogonScriptSync", "1", "REG_DWORD") ; ENDIF ; ENDIF ;*** END OF EANBLE MAXIMIZE LOGON SCRIPT WINDOWS***
;*** BEGIN OF LOGON GREETING ***
$Hour = SubStr("@TIME",1,2) Select Case Val("$Hour") < 12 $SALUTATION = "GOOD MORNING" Case Val("$Hour") > 18 $SALUTATION = "GOOD EVENING" Case 1 $SALUTATION = "GOOD AFTERNOON" EndSelect
; REM ON 2004-05-17 BECAUSE OF RELACEMENT OF THE LOGON SCREEN BY KIXFORMS ; REM DISPLAY BOX FOR ADMINISTRATORS ;small ;COLOR b+/n ;BOX (0,0,24,79,GRID) ;COLOR b/n ;BOX (2,9,22,75,GRID) ;COLOR g+/n ;BOX (1,8,21,74,FULL)
; REM DISPLAY NT VARIABLE NAMES ;Color w+/n ;AT ( 3,24) "WELCOME TO ABC (HK) CO., LTD." ;AT ( 4,16) "$SALUTATION" + ", " + @FULLNAME + ", " + "HAVE A NICE DAY!" ;AT ( 5,24) "TODAY IS "@DAY", "@MONTH" "@MDAYNO", "@YEAR"." ;AT ( 6,24) "THE CURRENT TIME IS "@TIME"." ;AT ( 9,16) "Userid : " ;AT (10,16) "Full name : " ;AT (11,16) "Privilege : " ;AT (12,16) "Workstation : " ;AT (13,16) "Domain : " ;AT (14,16) "Logon Domain : " ;AT (15,16) "Logon Server : "
; REM DISPLAY NT VARIABLES ;Color y+/n ;AT ( 9,31) @userid ;AT (10,31) @fullname ;AT (11,31) @priv ;AT (12,31) @wksta ;AT (13,31) @domain ;AT (14,31) @ldomain ;AT (15,31) @lserver ;COLOR w/n ;AT (17,20) "Please wait while configuring your profile." ;SLEEP 2
;***ADDED ON 2004-05-17 CREATION OF GUI LOGIN SCREEN*** Break On
$Form = CreateObject("Kixtart.Form")
$Form.Caption = "ABC (H.K.) Co., Ltd." $Form.Width = 600 $Form.Height = 400 $Form.Center $Form.Show $FORM.TEXT="ABC (HK) Co., Ltd." $FORM.BorderStyle =3
$FORM.SIZE=18 $Image = $FORM.Image('\\HKPM-D\netlogon\PROM.BMP')
$LABEL1 = $FORM.LABEL("WELCOME TO ABC (HK) CO., LTD. " ) $LABEL1.TOP=30 $LABEL1.LEFT=90 $LABEL1.WIDTH=400 $LABEL1.FontName = "Arial" $LABEL1.Alignment = 2 $LABEL1.fontsize=10 $Label1.FontBold = 1 $Label2 = $FORM.Label("$SALUTATION" + ", " + @FULLNAME + ", " + "HAVE A NICE DAY!" ) $LABEL2.TOP=60 $LABEL2.LEFT=30 $LABEL2.WIDTH=500 $LABEL2.FontName = "Arial" $LABEL2.Alignment = 2 $LABEL2.fontsize=10 $Label2.FontBold = 1 $Label3 = $FORM.Label("TODAY IS @DAY, @MONTH @MDAYNO, @YEAR." ) $LABEL3.TOP=90 $LABEL3.LEFT=70 $LABEL3.WIDTH=400 $LABEL3.FontName = "Arial" $LABEL3.Alignment = 2 $LABEL3.fontsize=10 $LABEL3.HEIGHT=24 $Label3.FontBold = 1 $Label4 = $FORM.Label("THE CURRENT TIME IS @TIME." ) $LABEL4.TOP=120 $LABEL4.LEFT=70 $LABEL4.WIDTH=400 $LABEL4.FontName = "Arial" $LABEL4.Alignment = 2 $LABEL4.fontsize=10 $LABEL4.FontBold = 1 $prgProgressBar1 = $Form.ProgressBar("",40,300,500,20)
$LABELPROGRESS=$FORM.LABEL("PLEASE WAIT WHILE AUTHENICATING YOUR USER ACCOUNT BY @LSERVER") $LABELPROGRESS.TOP=280 $LABELPROGRESS.LEFT=40 SLEEP 1
For $lProgress = 0 to 20 $prgProgressBar1.Value = $lProgress NEXT GOSUB DELETEMAP $LABELPROGRESS=$FORM.LABEL("CONNECTING TO NETWORK DRIVE") $LABELPROGRESS.TOP=280 $LABELPROGRESS.LEFT=40 For $lProgress = 21 to 30 $prgProgressBar1.Value = $lProgress NEXT SLEEP 0.5 GOSUB SPECIALGRP $LABELPROGRESS=$FORM.LABEL("CONNECTING TO COMMON") $LABELPROGRESS.TOP=280 $LABELPROGRESS.LEFT=40 GOSUB COMMONMAP For $lProgress = 31 to 50 $prgProgressBar1.Value = $lProgress NEXT SLEEP 0.5 GOSUB MEETING For $lProgress = 51 to 70 $prgProgressBar1.Value = $lProgress NEXT SLEEP 0.5 $LABELPROGRESS=$FORM.LABEL("CONNECTING TO DEPARTMENT DRIVE") $LABELPROGRESS.TOP=280 $LABELPROGRESS.LEFT=40 GOSUB DEPARTMENT For $lProgress = 71 to 100 $prgProgressBar1.Value = $lProgress NEXT Sleep 0.5
EXIT
;*** END OF LOGON GREETING ***
:DELETEMAP ; *** DELETE EXISTING MAP DRIVES*** USE '*' /DELETE USE LPT1: /DEL RETURN ; *** END OF DELETE EXISTING MAP DRIVES ***
;***BEGIN OF HANDLING SPECIAL GROUP*** ;HANDLE THE GROUPS OF TOPMANAGEMENT, BRANCHMANAGERS AND BRANCH STAFF SEPERATELY TO SPEED UP THE LOGON PROCESS :SPECIALGRP $LABELPROGRESS=$FORM.LABEL("CONNECTING TO NETWORK DRIVES") $LABELPROGRESS.TOP=280 $LABELPROGRESS.LEFT=40
SELECT
CASE INGROUP("HKZM") GOSUB HKZMMAP GOSUB BRSCREENSAVER For $lProgress = 31 to 100 $prgProgressBar1.Value = $lProgress NEXT SLEEP 1 EXIT
CASE INGROUP("TSTZM") GOSUB TSTZMMAP GOSUB BRSCREENSAVER For $lProgress = 31 to 100 $prgProgressBar1.Value = $lProgress NEXT SLEEP 1 EXIT
CASE INGROUP("MKZM") GOSUB MKZMMAP GOSUB BRSCREENSAVER For $lProgress = 31 to 100 $prgProgressBar1.Value = $lProgress NEXT SLEEP 1 EXIT
CASE INGROUP("TWZM") GOSUB TWZMMAP GOSUB BRSCREENSAVER For $lProgress = 31 to 100 $prgProgressBar1.Value = $lProgress NEXT SLEEP 1 EXIT
CASE INGROUP("HKABM") GOSUB HKABMMAP GOSUB BRSCREENSAVER For $lProgress = 31 to 100 $prgProgressBar1.Value = $lProgress NEXT SLEEP 1 EXIT
CASE INGROUP("TSTABM") GOSUB TSTABMMAP GOSUB BRSCREENSAVER For $lProgress = 31 to 100 $prgProgressBar1.Value = $lProgress NEXT SLEEP 1 EXIT
CASE INGROUP("MKABM") GOSUB MKABMMAP GOSUB BRSCREENSAVER For $lProgress = 31 to 100 $prgProgressBar1.Value = $lProgress NEXT SLEEP 1 EXIT
CASE INGROUP("TWABM") GOSUB TWABMMAP GOSUB BRSCREENSAVER For $lProgress = 31 to 100 $prgProgressBar1.Value = $lProgress NEXT SLEEP 1 EXIT
CASE INGROUP ("BRANCHALLSTAFF") GOSUB BRSTAFFMAP GOSUB BRSCREENSAVER For $lProgress = 31 to 100 $prgProgressBar1.Value = $lProgress NEXT SLEEP 1 EXIT
CASE INGROUP ("TOPMANAGEMENT") GOSUB TOPMGTMAP GOSUB HOSCREENSAVER For $lProgress = 31 to 100 $prgProgressBar1.Value = $lProgress NEXT SLEEP 1 EXIT
ENDSELECT
;*** END OF HANDLING OF SPECIAL GROUPS***
; *** MAP DRIVES ACCORDING TO POLICY AND GROUPS***
;***COMMON MAPPING FOR HOSTAFF, HOMANAGERS AND HOSENIORMGRS *** :COMMONMAP IF INGROUP ("HOSTAFF") OR INGROUP ("HOMANAGERS") OR INGROUP ("HOSENIORMGRS")
USE G: '\\HKPM-D\TEMPORARY'
IF EXIST ('\\HKPM-D\'+"@USERID")=1 USE P: '\\HKPM-D\'+@USERID ENDIF
;IF @USERID='TAKEYOSHI_J005' ;USE P: '\\HKPM-D\TAKE_J005' ;ENDIF
USE M: '\\HKPM-D\HEADOFFICEDOC'
USE W: '\\HKPM-D\COMMONDOCS'
ENDIF
RETURN ;*** END OF COMMON MAPPING FOR HOSTAFF,HOMANAGERS AND HOSENIORMGRS ***
;*** BEGIN OF MAPPING THE FOLDER "MEETING" FOR HOSENIORMGRS AND HOMANAGERS*** :MEETING IF INGROUP ("HOSENIORMGRS") OR INGROUP ("HOMANAGERS") USE K: '\\HKPM-D\MEETINGS' $LABELPROGRESS=$FORM.LABEL("CONNECTING TO MEETING:") $LABELPROGRESS.TOP=280 $LABELPROGRESS.LEFT=40 ENDIF For $lProgress = 51 to 70 $prgProgressBar1.Value = $lProgress NEXT RETURN
;*** END OF MAPPING FOR HOSENIORMGRS AND HOMANAGERS
;*** BEGIN OF MAPPING OF DEPARTMENT DRIVE FOR CORRESPONDING DEPARTMENT USER *** :DEPARTMENT SELECT CASE INGROUP ("ACCOUNT") USE H: '\\HKPM-D\ACC&FIN' USE I: '\\SUNACCT\SUNCONV' USE S: '\\SUNACCT\SUN426' USE U: '\\SUNACCT\SUNBK' USE LPT1: '\\HKPM-D\ACC'
CASE INGROUP ("PERSONNEL") USE F: '\\HKPM-D\PERSONNEL' USE H: '\\HKPM-D\PERSONNEL' USE V: '\\HKPM-D\BRANCHDOC'
CASE INGROUP ("AUDIT") USE H: '\\HKPM-D\AUDIT'
;CASE INGROUP ("BUSCENTER") AND NOT INGROUP ("SALES")***Amend the Local Group on 2006-04-20*** ;USE H: '\\HKPM-D\BUSCENTER' ***Amend the Local Group on 2006-04-20*** ;USE V: '\\HKPM-D\BRANCHDOC' ***Amend the Local Group on 2006-04-20***
;***Split BUSCENTER to CSCApp and CSCOp on 2006-04-20*** CASE INGROUP ("CSCApp") AND NOT INGROUP ("SALES") USE H: '\\HKPM-D\BUSCENTER' USE V: '\\HKPM-D\BRANCHDOC'
CASE INGROUP ("CSCOp") AND NOT INGROUP ("SALES") USE H: '\\HKPM-D\BUSCENTER' USE J: '\\HKPM-D\FTP' USE V: '\\HKPM-D\BRANCHDOC'
CASE INGROUP ("SALES") AND NOT INGROUP ("OPPLANNING") USE H: '\\HKPM-D\SALES' USE Q: '\\HKPM-D\BUSCENTER' USE V: '\\HKPM-D\BRANCHDOC' USE Y: '\\HKPM-D\AREAS'
CASE INGROUP ("OPPLANNING") AND @USERID='EC_0287' USE H: '\\HKPM-D\OPPLANNING' USE Q: '\\HKPM-D\SALES' USE V: '\\HKPM-D\BRANCHDOC'
CASE INGROUP ("OPPLANNING") USE H: '\\HKPM-D\OPPLANNING' USE V: '\\HKPM-D\BRANCHDOC'
CASE INGROUP ("CREDITOP") AND NOT INGROUP ("MGTPLANNING") USE H: '\\HKPM-D\CREDITOP' USE J: '\\HKPM-D\FTP'
CASE INGROUP ("MGTPLANNING") AND INGROUP ("CREDITOP") USE H: '\\HKPM-D\MGTPLANNING' USE Q: '\\HKPM-D\CREDITOP' USE V: '\\HKPM-D\BRANCHDOC' USE J: '\\HKPM-D\FTP'
CASE INGROUP ("MGTPLANNING") AND NOT INGROUP ("CREDITOP") USE H: '\\HKPM-D\MGTPLANNING' USE V: '\\HKPM-D\BRANCHDOC'
CASE INGROUP ("FINANCE") USE H: '\\HKPM-D\FINANCE' USE I: '\\SUNACCT\SUNCONV' USE S: '\\SUNACCT\SUN426' USE U: '\\SUNACCT\SUNBK' USE LPT1: '\\HKPM-D\SALES'
CASE INGROUP ("MARKETING") USE H: '\\HKPM-D\MARKETING' USE V: '\\HKPM-D\BRANCHDOC'
CASE INGROUP ("IT") USE H: '\\HKPM-D\itdept'
CASE INGROUP ("ITSTAFF") USE H: '\\HKPM-D\itdept'
ENDSELECT
;SCREEN SAVER SETTING FOR HO STAFF SALES AND CSCApp AND CSCOp USE BR SCREEN SAVER ,OTHERS USE HO SCREEN SAVER SELECT CASE INGROUP ("CSCApp") AND NOT INGROUP ("SALES") GOSUB CSCSCREENSAVER
CASE INGROUP ("CSCOp") AND NOT INGROUP ("SALES") GOSUB CSCSCREENSAVER
;CASE 1 ; GOSUB HOSCREENSAVER
ENDSELECT
RETURN ;*** END OF MAPPING FOR DEPARTMENT USER *** EXIT
;*** BEGIN OF TOPMGTMAP*** :TOPMGTMAP IF @USERID='KSJ009' USE P: '\\HKPM-D\KOYAMA_J009' ENDIF USE G: '\\HKPM-D\TEMPORARY' USE H: '\\HKPM-D\DEPARTMENTS' USE K: '\\HKPM-D\MEETINGS' USE M: '\\HKPM-D\HEADOFFICEDOC' USE P: '\\HKPM-D\'+@USERID USE Q: '\\HKPM-D\SALES' USE R: '\\HKPM-D\ACC&FIN' USE V: '\\HKPM-D\BRANCHDOC' USE W: '\\HKPM-D\COMMONDOCS' USE Y: '\\HKPM-D\AREAS' RETURN ;*** END OF TOPMGTMAP***
;***BEGIN OF BRSTAFFMAP*** :BRSTAFFMAP USE G: '\\HKPM-D\TEMPORARY' USE V: '\\HKPM-D\BRANCHDOC' USE W: '\\HKPM-D\COMMONDOCS' RETURN ;***END OF BRSTAFFMAP ***
;*** BEGIN OF HKZMMAP *** :HKZMMAP USE G: '\\HKPM-D\TEMPORARY' IF EXIST ('\\HKPM-D\'+"@USERID")=1 USE P: '\\HKPM-D\'+@USERID ENDIF USE K: '\\HKPM-D\MEETINGS' USE V: '\\HKPM-D\BRANCHDOC' USE W: '\\HKPM-D\COMMONDOCS' USE Y: '\\HKPM-D\HK' RETURN ;*** END OF HKZMMAP ***
;*** BEGIN OF TSTZMMAP *** :TSTZMMAP USE G: '\\HKPM-D\TEMPORARY' IF EXIST ('\\HKPM-D\'+"@USERID")=1 USE P: '\\HKPM-D\'+@USERID ENDIF USE K: '\\HKPM-D\MEETINGS' USE V: '\\HKPM-D\BRANCHDOC' USE W: '\\HKPM-D\COMMONDOCS' USE Y: '\\HKPM-D\TST' RETURN ;*** END OF TSTZMMAP ***
;*** BEGIN OF MKZMMAP *** :MKZMMAP USE G: '\\HKPM-D\TEMPORARY' IF EXIST ('\\HKPM-D\'+"@USERID")=1 USE P: '\\HKPM-D\'+@USERID ENDIF USE K: '\\HKPM-D\MEETINGS' USE V: '\\HKPM-D\BRANCHDOC' USE W: '\\HKPM-D\COMMONDOCS' USE Y: '\\HKPM-D\MK' RETURN ;*** END OF MKZMMAP ***
;*** BEGIN OF TWZMMAP *** :TWZMMAP USE G: '\\HKPM-D\TEMPORARY' IF EXIST ('\\HKPM-D\'+"@USERID")=1 USE P: '\\HKPM-D\'+@USERID ENDIF USE K: '\\HKPM-D\MEETINGS' USE V: '\\HKPM-D\BRANCHDOC' USE W: '\\HKPM-D\COMMONDOCS' USE Y: '\\HKPM-D\TW' RETURN ;*** END OF TWZMMAP ***
;*** BEGIN OF HKABMMAP *** :HKABMMAP USE G: '\\HKPM-D\TEMPORARY' IF EXIST ('\\HKPM-D\'+"@USERID")=1 USE P: '\\HKPM-D\'+@USERID ENDIF USE V: '\\HKPM-D\BRANCHDOC' USE W: '\\HKPM-D\COMMONDOCS' USE Y: '\\HKPM-D\HK' RETURN ;*** END OF HKABMMAP ***
;*** BEGIN OF TSTABMMAP *** :TSTABMMAP USE G: '\\HKPM-D\TEMPORARY' IF EXIST ('\\HKPM-D\'+"@USERID")=1 USE P: '\\HKPM-D\'+@USERID ENDIF USE V: '\\HKPM-D\BRANCHDOC' USE W: '\\HKPM-D\COMMONDOCS' USE Y: '\\HKPM-D\TST' RETURN ;*** END OF TSTABMMAP ***
;*** BEGIN OF MKABMMAP *** :MKABMMAP USE G: '\\HKPM-D\TEMPORARY' IF EXIST ('\\HKPM-D\'+"@USERID")=1 USE P: '\\HKPM-D\'+@USERID ENDIF USE V: '\\HKPM-D\BRANCHDOC' USE W: '\\HKPM-D\COMMONDOCS' USE Y: '\\HKPM-D\MK' RETURN ;*** END OF MKABMMAP ***
;*** BEGIN OF TWABMMAP *** :TWABMMAP USE G: '\\HKPM-D\TEMPORARY' IF EXIST ('\\HKPM-D\'+"@USERID")=1 USE P: '\\HKPM-D\'+@USERID ENDIF USE V: '\\HKPM-D\BRANCHDOC' USE W: '\\HKPM-D\COMMONDOCS' USE Y: '\\HKPM-D\TW' RETURN ;*** END OF TWABMMAP ***
;************************************************************************************* ; 11 MAY 2004 ADDED, Set the Logon Screen Saver For Branch with a timer (3 minutes) ; - DISABLE the ScreenSaver tab in Display properties ;************************************************************************************* :BRSCREENSAVER
$hkcu = 'HKEY_CURRENT_USER' $hkcus = 'HKEY_CURRENT_USER\SOFTWARE' $screensavekey = $hkcu+"\Control Panel\Desktop" $sysini = "%Windir%\System.ini" $scrsavtab = "Yes" ; - Yes, hide it
IF $scrsavtab = "Yes" ; -- Hide the screensaver tab (can also be done in POLEDIT) $poleditkey = $hkcus+"\Microsoft\Windows\CurrentVersion\Policies\System" $screensavetab = Readvalue($poleditkey,"NoDispScrSavPage") IF $screensavetab <> 1 $systempol = EXISTKEY($poleditkey) IF $systempol <> 0 $rc = ADDKEY($poleditkey) ENDIF $rc = WRITEVALUE($poleditkey,"NoDispScrSavPage","1","REG_DWORD") ENDIF ENDIF ; -- Set the timeout IF "180" <> Readvalue($screensavekey,"ScreenSaveTimeOut") $rc = WRITEVALUE($screensavekey,"ScreenSaveTimeOut","180","REG_SZ") ENDIF
; -- Be sure that the screen saver is active IF 1 <> Readvalue($screensavekey,"ScreenSaveActive") $rc = WRITEVALUE($screensavekey,"ScreenSaveActive","1","REG_SZ") ENDIF
; -- COPY THE SCREENSAVAER FROM SERVER AND SET THE SCREEN SAVER TO "%WINDIR%\SYSTEM\ABCB.SCR" SELECT CASE @PRODUCTTYPE= "WINDOWS 2000 PROFESSIONAL" or @PRODUCTTYPE= "WINDOWS XP PROFESSIONAL" $RESULT = COMPAREFILETIMES (@LDRIVE + "B.SCR", "%WINDIR%\SYSTEM32\ABCB.SCR") IF $RESULT =1 DEL "%WINDIR%\SYSTEM32\ABCB.SCR" COPY @LDRIVE + "ABCB.SCR" "%WINDIR%\SYSTEM32\" ENDIF IF $RESULT =-3 COPY @LDRIVE + "ABCB.SCR" "%WINDIR%\SYSTEM32\" ENDIF IF Readvalue($screensavekey,"SCRNSAVE.EXE") <> "%WINDIR%\SYSTEM32\ABCB.SCR" $rc = WRITEVALUE($screensavekey,"SCRNSAVE.EXE","%WINDIR%\SYSTEM32\ABCB.SCR","REG_SZ") ENDIF
CASE @PRODUCTTYPE= "WINDOWS 95" OR @PRODUCTTYPE = "WINDOWS 98" OR @PRODUCTTYPE = "WINDOWS ME" $RESULT = COMPAREFILETIMES (@LDRIVE + "ABCB.SCR", "%WINDIR%\SYSTEM\ABCB.SCR") IF $RESULT =1 DEL "%WINDIR%\SYSTEM\ABCB.SCR" COPY @LDRIVE + "ABCB.SCR" "%WINDIR%\SYSTEM\" ENDIF IF $RESULT =-3 COPY @LDRIVE + "ABCB.SCR" "%WINDIR%\SYSTEM\" ENDIF IF ReadProfileString($sysini,"boot","scrnsave.exe") <> "%WINDIR%\SYSTEM\ABCB.SCR" $rc = WriteProfileString($sysini,"boot","scrnsave.exe","%WINDIR%\SYSTEM\ABCB.SCR") ENDIF
ENDSELECT RETURN ;END OF SETTING FOR BRSCREEN SAVER
;************************************************************************************* ; 11 MAY 2004 ADDED, Set the Logon Screen Saver For HO with a timer (3 minutes) ; - DISABLE the ScreenSaver tab in Display properties ;************************************************************************************* :HOSCREENSAVER RETURN $hkcu = 'HKEY_CURRENT_USER' $hkcus = 'HKEY_CURRENT_USER\SOFTWARE' $screensavekey = $hkcu+"\Control Panel\Desktop" $sysini = "%Windir%\System.ini" $scrsavtab = "Yes" ; - Yes, hide it
IF $scrsavtab = "Yes" ; -- Hide the screensaver tab (can also be done in POLEDIT) $poleditkey = $hkcus+"\Microsoft\Windows\CurrentVersion\Policies\System" $screensavetab = Readvalue($poleditkey,"NoDispScrSavPage") IF $screensavetab <> 1 $systempol = EXISTKEY($poleditkey) IF $systempol <> 0 $rc = ADDKEY($poleditkey) ENDIF $rc = WRITEVALUE($poleditkey,"NoDispScrSavPage","1","REG_DWORD") ENDIF ENDIF ; -- Set the timeout IF "180" <> Readvalue($screensavekey,"ScreenSaveTimeOut") $rc = WRITEVALUE($screensavekey,"ScreenSaveTimeOut","180","REG_SZ") ENDIF
; -- Be sure that the screen saver is active IF 1 <> Readvalue($screensavekey,"ScreenSaveActive") $rc = WRITEVALUE($screensavekey,"ScreenSaveActive","1","REG_SZ") ENDIF
; -- SET THE SCREEN SAVER TO ABCH.SCR SELECT CASE @PRODUCTTYPE= "WINDOWS 2000 PROFESSIONAL" or @PRODUCTTYPE= "WINDOWS XP PROFESSIONAL" $RESULT = COMPAREFILETIMES (@LDRIVE + "ABCH.SCR", "%WINDIR%\SYSTEM32\ABCH.SCR") IF $RESULT =1 DEL "%WINDIR%\SYSTEM32\ABCH.SCR" COPY @LDRIVE + "ABCH.SCR" "%WINDIR%\SYSTEM32\" ENDIF IF $RESULT =-3 COPY @LDRIVE + "ABCH.SCR" "%WINDIR%\SYSTEM32\" ENDIF IF Readvalue($screensavekey,"SCRNSAVE.EXE") <> "%WINDIR%\SYSTEM32\ABCH.SCR" $rc = WRITEVALUE($screensavekey,"SCRNSAVE.EXE","%WINDIR%\SYSTEM32\ABCH.SCR","REG_SZ") ENDIF
CASE @PRODUCTTYPE= "WINDOWS 95" OR @PRODUCTTYPE = "WINDOWS 98" OR @PRODUCTTYPE = "WINDOWS ME" $RESULT = COMPAREFILETIMES (@LDRIVE + "ABCH.SCR", "%WINDIR%\SYSTEM\ABCH.SCR") IF $RESULT =1 DEL "%WINDIR%\SYSTEM\ABCH.SCR" COPY @LDRIVE + "ABCH.SCR" "%WINDIR%\SYSTEM\" ENDIF IF $RESULT =-3 COPY @LDRIVE + "ABCH.SCR" "%WINDIR%\SYSTEM\" ENDIF IF ReadProfileString($sysini,"boot","scrnsave.exe") <> "%WINDIR%\SYSTEM\ABCH.SCR" $rc = WriteProfileString($sysini,"boot","scrnsave.exe","%WINDIR%\SYSTEM\ABCH.SCR") ENDIF
ENDSELECT RETURN ;END OF SETTING FOR HOSCREEN SAVER
;************************************************************************************* ; 11 MAY 2004 ADDED, Set the Logon Screen Saver For CSC with a timer (3 minutes) ; - DISABLE the ScreenSaver tab in Display properties ;*************************************************************************************
:CSCSCREENSAVER
$hkcu = 'HKEY_CURRENT_USER' $hkcus = 'HKEY_CURRENT_USER\SOFTWARE' $screensavekey = $hkcu+"\Control Panel\Desktop" $sysini = "%Windir%\System.ini" $scrsavtab = "Yes" ; - Yes, hide it
IF $scrsavtab = "Yes" ; -- Hide the screensaver tab (can also be done in POLEDIT) $poleditkey = $hkcus+"\Microsoft\Windows\CurrentVersion\Policies\System" $screensavetab = Readvalue($poleditkey,"NoDispScrSavPage") IF $screensavetab <> 1 $systempol = EXISTKEY($poleditkey) IF $systempol <> 0 $rc = ADDKEY($poleditkey) ENDIF $rc = WRITEVALUE($poleditkey,"NoDispScrSavPage","1","REG_DWORD") ENDIF ENDIF ; -- Set the timeout IF "180" <> Readvalue($screensavekey,"ScreenSaveTimeOut") $rc = WRITEVALUE($screensavekey,"ScreenSaveTimeOut","180","REG_SZ") ENDIF
; -- Be sure that the screen saver is active IF 1 <> Readvalue($screensavekey,"ScreenSaveActive") $rc = WRITEVALUE($screensavekey,"ScreenSaveActive","1","REG_SZ") ENDIF
; -- SET THE SCREEN SAVER TO ABCC.SCR SELECT CASE @PRODUCTTYPE= "WINDOWS 2000 PROFESSIONAL" or @PRODUCTTYPE= "WINDOWS XP PROFESSIONAL" $RESULT = COMPAREFILETIMES (@LDRIVE + "ABCC.SCR", "%WINDIR%\SYSTEM32\ABCC.SCR") IF $RESULT =1 DEL "%WINDIR%\SYSTEM32\ABCC.SCR" COPY @LDRIVE + "ABCC.SCR" "%WINDIR%\SYSTEM32\" ENDIF IF $RESULT =-3 COPY @LDRIVE + "ABCC.SCR" "%WINDIR%\SYSTEM32\" ENDIF IF Readvalue($screensavekey,"SCRNSAVE.EXE") <> "%WINDIR%\SYSTEM32\ABCC.SCR" $rc = WRITEVALUE($screensavekey,"SCRNSAVE.EXE","%WINDIR%\SYSTEM32\ABCC.SCR","REG_SZ") ENDIF
CASE @PRODUCTTYPE= "WINDOWS 95" OR @PRODUCTTYPE = "WINDOWS 98" OR @PRODUCTTYPE = "WINDOWS ME" $RESULT = COMPAREFILETIMES (@LDRIVE + "ABCC.SCR", "%WINDIR%\SYSTEM\ABCC.SCR") IF $RESULT =1 DEL "%WINDIR%\SYSTEM\ABCC.SCR" COPY @LDRIVE + "ABCC.SCR" "%WINDIR%\SYSTEM\" ENDIF IF $RESULT =-3 COPY @LDRIVE + "ABCC.SCR" "%WINDIR%\SYSTEM\" ENDIF IF ReadProfileString($sysini,"boot","scrnsave.exe") <> "%WINDIR%\SYSTEM\ABCC.SCR" $rc = WriteProfileString($sysini,"boot","scrnsave.exe","%WINDIR%\SYSTEM\ABCC.SCR") ENDIF
ENDSELECT RETURN ;END OF SETTING FOR CSCSCREEN SAVER
Edited by Allen (2006-04-22 12:25 AM)
|
Top
|
|
|
|
#160977 - 2006-04-21 11:03 AM
Re: User Group to run the script
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11623
Loc: CA
|
Quote:
The version of KIX is Kix2001
Well there is no KiX 2001 so to speak. I meant the actual version number like: v4.20, v4.21, v4.50, v4.51, v4.52 etc...
Quite a big script there and it's quite late here so no time to really check it out in depth.
You have a couple of issues as far as permissions that need to be addressed, and perhaps some updated code to use a bettter "best practice" approach to the script.
Will try to review and give more input on it tomorrow if I have time. Do you still run Windows 95/98 there? Do you have the ADSI client installed for all of them?
Do you still have NT4 worktations there too? Do you have the ADSI client installed for them? Windows 95/98/NT4 do not understand and won't use any GPOs as an FYI. Since you're trying to copy the KIX32 locally I assume you have some slow links somewhere, is that true? If this is on a 100MB LAN then there is no need to copy the file locally (imho).
|
Top
|
|
|
|
#160980 - 2006-04-27 05:06 AM
Re: User Group to run the script
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11623
Loc: CA
|
Quote:
You should divide the script into two portions, an admin scrpt that performs the roll-out of the KiXtart executables and KiXforms DLL to those computers that do not have it yet, e.g. via GPO or scheduled script, and a second portion that only performs the user-level logon script functions.
Jens,
Only Windows 9x require the DLL files however Windows 9x and NT4 DO NOT understand or use GPO.
Unless this is slow network I'd leave everything on the server NETLOGON share.
|
Top
|
|
|
|
#160982 - 2006-04-27 08:17 AM
Re: User Group to run the script
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11623
Loc: CA
|
ROFL - Missed that Kform piece and was thinking KiXtart DLL files.
But he has some bad code if his only clients are 2000 Pro
Quote:
CASE @PRODUCTTYPE="WINDOWS 95" OR @PRODUCTTYPE="WINDOWS 98" OR @PRODUCTTYPE="WINDOWS ME"
With that code I have to assume it is either LEGACY code that was never cleaned up, or he does have Windows 9x clients.
|
Top
|
|
|
|
#160984 - 2006-04-28 06:45 AM
Re: User Group to run the script
|
remuspang
Lurker
Registered: 2006-04-21
Posts: 3
|
Sorry for late reply: 1.I have both windows 98 and windows 2000 pro client, but no NT4 client. 2.ADSI is not installed for the windows 98
Besides, I do some testing and found that using "writeprofilestring" to add key to registry require admin right.
The reason i copy the kix required file to the local machine is that i have over 100 clients. So, i am afraid the execute file may not be accessed if many user login
If I ignore those, windows 98 client, how can I use GPO to apply the script? Thanks for your kindly reply
|
Top
|
|
|
|
#160986 - 2006-04-28 10:25 AM
Re: User Group to run the script
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11623
Loc: CA
|
Quote:
I disagree with that writeprofilestring require administrator-rights
Sure it does on NT/2000/XP because there is a Windows API call that redirects calls to that file to write to the registry in HKLM which does require Admin rights. On Windows 9x it won't matter as there is no such thing as Administrator.
I agree the code could use a re-write. I'll see if I can review it more and give a few more ideas, pointers on it tomorrow.
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 515 anonymous users online.
|
|
|