#198592 - 2010-05-12 04:51 PM
Ingroup() and Vergence Authenticator
|
John_Fischer
Fresh Scripter
Registered: 2010-05-12
Posts: 10
Loc: Lexington, KY, USA
|
I am in a pickle and would just love to hear from someone in an AD environment. Here's the predicament:
A generic ID (EDMD, for example) auto-logs into the OS (Win XP) on a domain account. No problem, we do this all the time. This kicks off Vergence which is bio-metric. User swipes card or places fingerprint and system validates them via LDAP (domain\UName) and allows them to log onto the desktop.
Now, keep in mind that EDMD is is the one actively connected to the domain. The user is only at the desktop. The HKCU belongs to EDMD, %username% and other env. variables are set for EDMD.
Vergence will allow me to run a seperate logon script (.BAT file only) for the desktop and can pass it 3 variables: Domain, Username, and Password.
So, EDMD logs on to OS, login script for EDMD runs, GP is set, etc.
User logs on, Vergence run the batch file, batch file calls KiXtart. KiXtart script does my drive mappings for me, since users will be in different groups depending upon function (Admin, Nurse, Doctor, etc...).
Kicker: Ingroup() is working as designed... It checks against all of the groups for EDMD, not the user. What I apparently need to do is get a list of the groups for the current user to check against. I have no idea how to go about this.
BATCH file run by Vergence. Works fine. passes appropriate info.
REM MapDrives.bat
@ECHO OFF
CD KIXTART
KIX32 MCGroups.kix /f /i %1 %2 %3
KiXtart script that works normally, but not with Vergence.
break on
GLOBAL $Credentials
;DM=Domain UN=UserName PW=password
for each $Arg in GetCommandLine(1)
$Ct = $Ct + 1
if $Ct = 4 $DM = $Arg endif
if $Ct = 5 $UN = $Arg endif
if $Ct = 6 $PW = $Arg endif
next
$Credentials = $DM + "\" + $UN
;Sample of using Ingroup(). Left more out for brevity
if ingroup("MC\MIG User Group",0)
use R: /DELETE
use R: "\\MCTECH\Images" /user:$Credentials /password:$PW
endif
EXIT
A piece of code I found that has SOMETHING to do with this, however, I have been unable to figure out how to get it to give me any type of inumeration of groups for a specific user, then, just to complicate matters, a users ID may be in another container besides "Users".
Break On
$sMCsPath = "LDAP://"+GetObject("LDAP://rootDSE").Get("defaultNamingContext")
$objDomain = GetObject($sMCsPath)
For Each $objContainer in $objDomain
$objContainer.Name ?
Next
Exit
_________________________
John K. Fischer University of Kentucky HealthCare - ITS
|
Top
|
|
|
|
#198593 - 2010-05-12 08:00 PM
Re: Ingroup() and Vergence Authenticator
[Re: John_Fischer]
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4545
Loc: USA
|
Welcome to the board John. This was kind of neat and I thought I might be able to figure it out pretty quickly. So try this and see if it fits your needs. You will need to paste the GetUserDN() UDF - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=188576#Post188576 to the bottom of the script.
$user=getuserdn("username")
? $user
if $user
$objUser=getobject("LDAP://" + $user)
$Groups = $objUser.GetEx("memberof")
for each $group in $groups
$Groupname=GetObject("LDAP://" + $Group).cn
? $groupname
if $groupname="Doctors"
use x: "\\server\share"
endif
if $groupname="Nurses"
use x: "\\server\share"
endif
next
endif
Edited by Allen (2010-05-12 09:28 PM)
|
Top
|
|
|
|
#198610 - 2010-05-14 05:23 AM
Re: Ingroup() and Vergence Authenticator
[Re: John_Fischer]
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4545
Loc: USA
|
Glad to hear it helped.
It seemed like this had to have been done before in a UDF, so I searched and it appears that all the group functions are based on the NT provider and not LDAP. With that in mind I went ahead and merged the code into a new UDF called GetADUserGroups() - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=198609#Post198609
To simplify your code above, it would be
for each $groupname in GetADUserGroups($Credentials)
if $groupname="MIG User Group"
use R: /DELETE
use R: "\\server\volume" /user:$Credentials /password:$PW
endif
if $groupname="Local Machine Admin"
use Z: /DELETE
use Z: "\\server\volume" /user:$Credentials /password:$PW
endif
next
Also... curious why you don't use kix for the vast majority of the script. Specifically, I don't see any reason why you have to map your drives in the batch.
|
Top
|
|
|
|
#198622 - 2010-05-14 12:49 PM
Re: Ingroup() and Vergence Authenticator
[Re: Allen]
|
John_Fischer
Fresh Scripter
Registered: 2010-05-12
Posts: 10
Loc: Lexington, KY, USA
|
OK, I follow you, I think, but not exactly sure where to place the new code. I placed the UDF at the bottom, and yes, the other drives should be mapped in the KiXtart script (fixed). Can you let me know if I read your instructions correctly?
break on
use G: /DELETE
use J: /DELETE
use K: /DELETE
use L: /DELETE
use N: /DELETE
use O: /DELETE
use P: /DELETE
use Q: /DELETE
use R: /DELETE
use V: /DELETE
use W: /DELETE
use X: /DELETE
use Y: /DELETE
use Z: /DELETE
GLOBAL $CL
GLOBAL $Credentials
for each $Arg in GetCommandLine(1)
$Ct = $Ct + 1
if $Ct = 4 $Dm = $Arg endif
if $Ct = 5 $UN = $Arg endif
if $Ct = 6 $PW = $Arg endif
next
$Credentials = $DM + "\" + $UN
use H: /DELETE
use H: "\\hospfilesrv\Home\$UN" /user:$Credentials /password:$PW
use I: /DELETE
use I: "\\hospfilesrv\ss2\ed\ercommon" /user:$Credentials /password:$PW
$user=getuserdn($Credentials)
/*
if $user
$objUser=getobject("LDAP://" + $user)
$Groups = $objUser.GetEx("memberof")
for each $group in $groups
$Groupname=GetObject("LDAP://" + $Group).cn
if $groupname="edmgt"
use H: /DELETE
use H: "\\hospfilesrv\edmgt" /user:$Credentials /password:$PW
endif
if $groupname="Local Machine Admin"
use Y: /DELETE
use Y: "\\mctech02repo\backup" /user:$Credentials /password:$PW
use Z: /DELETE
use Z: "\\mctech\software" /user:$Credentials /password:$PW
endif
next
endif
*/
for each $groupname in GetADUserGroups($Credentials)
if $groupname="edmgt"
use H: /DELETE
use H: "\\hospfilesrv\edmgt" /user:$Credentials /password:$PW
endif
if $groupname="Local Machine Admin"
use Y: /DELETE
use Y: "\\mctech02repo\backup" /user:$Credentials /password:$PW
use Z: /DELETE
use Z: "\\mctech\software" /user:$Credentials /password:$PW
endif
next
Function getUserDN(optional $username)
Dim $objTrans
if $username=""
$username=@ldomain + "\"+ @userid
endif
if not instr($username,"\")
$username=@ldomain + "\" + $username
endif
$objTrans = CreateObject("NameTranslate")
if @error
exit @error
else
$objTrans.Init(3, "")
$objTrans.Set(3,$username)
$getUserDN = $objTrans.Get(1)
if @error
exit @error
endif
endif
EndFunction
function getADUserGroups(optional $username, optional $mode)
Dim $objTrans, $objUser, $group, $array[0], $i
if $username=""
$username=@ldomain + "\"+ @userid
endif
if not instr($username,"\")
$username=@ldomain + "\" + $username
endif
$objTrans = CreateObject("NameTranslate")
if @error
exit @error
else
$objTrans.Init(3, "")
$objTrans.Set(3,$username)
$username = $objTrans.Get(1)
if @error
exit @error
else
for each $group in getobject("LDAP://" + $username).GetEx("memberof")
redim preserve $array[$i]
if $mode=0
$array[$i]=GetObject("LDAP://" + $Group).cn
else
$array[$i]=$group
endif
$i=$i+1
next
$getADUserGroups=$array
endif
endif
endfunction
_________________________
John K. Fischer University of Kentucky HealthCare - ITS
|
Top
|
|
|
|
#198624 - 2010-05-14 03:16 PM
Re: Ingroup() and Vergence Authenticator
[Re: John_Fischer]
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4545
Loc: USA
|
You can remove the line using getuserDN() and the the function itself. It's all tied up in the new UDF now.
You might also consider commenting the two sections of mappings as to why you are doing it the way you are, similar to your first post here. (Glenn will love me for asking for comments ).
|
Top
|
|
|
|
#198626 - 2010-05-14 04:04 PM
Re: Ingroup() and Vergence Authenticator
[Re: Allen]
|
John_Fischer
Fresh Scripter
Registered: 2010-05-12
Posts: 10
Loc: Lexington, KY, USA
|
Allen, I'm about to head out for the weekend and will not have access to a PC, but I'll be back bright and early Monday morning. You've been a tremendous assistance and I really do appreciate it.
Now, here it is in its entirety.
This is the batch file being called by the Vergence Authenticator:
@echo off
cd "C:\Program Files\Sentillion\Vergence Authenticator\Kix"
START /W /B kix32 MCGroups.kix /f %3 %1 %2 /i
As you can see, all drive mappings are going to be placed in the KiXtart script, which follows, along with my current internal comments.
; MCGroups.KIX
/*Hmmm. Might be able to "use * /DELETE" here. Need to check with E.D. Mgt. Team*/
use G: /DELETE
use J: /DELETE
use K: /DELETE
use L: /DELETE
use N: /DELETE
use O: /DELETE
use P: /DELETE
use Q: /DELETE
use R: /DELETE
use V: /DELETE
use W: /DELETE
use X: /DELETE
use Y: /DELETE
use Z: /DELETE
/* I don't think these are needed now*/
GLOBAL $CL
GLOBAL $Credentials
/* Lets parse the CommandLine and make it more friendly*/
for each $Arg in GetCommandLine(1)
$Ct = $Ct + 1
if $Ct = 4 $Dm = $Arg endif
if $Ct = 5 $UN = $Arg endif
if $Ct = 6 $PW = $Arg endif
next
$Credentials = $DM + "\" + $UN
/* ALL users in the E.D. should have these drives*/
use I: /DELETE
use I: "\\hospfilesrv\ss2\ed\ercommon" /user:$Credentials /password:$PW
use H: /DELETE
use H: "\\hospfilesrv\Home\$UN" /user:$Credentials /password:$PW
/*
; Per C.A.B.
; This section to be implemented for a redirection if it has not been done already
; Still needs testing. If it requires a restart or re-logon to take affect then
; we may need another solution. Will alpha in isolated ESIS Domain.
; Oh, and the test is generic. Will send through ESIS/Server for input.
; Also need to test and see if "HKCU" = "HKEY_CURRENT_USER" in KiXtart
; "File.txt" is merely a token. Be better served to see what the key
; currently says and change only if needed.
IF NOT EXIST ("H:\")
$Text = "No Home Folder found." + @CRLF
$Text = $Text + "Call us at 323-8586 and get one on server:" + @CRLF
$Text = $Text + "\\hospfilesrv\home"
MESSAGEBOX ($Text, "Home Folder Missing", 4160, 300)
ELSE
IF NOT EXIST ("H:\File.txt")
COPY "File.txt" "H:\" /h /r
$Val1 = [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
$Val2 = [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
WRITEVALUE ("$Val1", "Personal", "H:\\", "REG_EXPAND_SZ")
WRITEVALUE ("$Val1", "My Pictures", "H:\\My Pictures", "REG_EXPAND_SZ")
WRITEVALUE ("$Val1", "My Music", "H:\\My Music", "REG_EXPAND_SZ")
WRITEVALUE ("$Val1", "My Videos", "H:\\My Videos", "REG_EXPAND_SZ")
WRITEVALUE ("$Val2", "Personal", "H:\\", "REG_EXPAND_SZ")
WRITEVALUE ("$Val2", "My Pictures", "H:\\My Pictures", "REG_EXPAND_SZ")
WRITEVALUE ("$Val2", "My Music", "H:\\My Music", "REG_EXPAND_SZ")
WRITEVALUE ("$Val2", "My Videos", "H:\\My Videos", "REG_EXPAND_SZ")
ENDIF
ENDIF
*/
;Author: Allen Powell
; He combined a couple of things into a more elegant piece of code.
for each $groupname in GetADUserGroups($Credentials)
if $groupname="edmgt"
use H: /DELETE
use H: "\\hospfilesrv\edmgt" /user:$Credentials /password:$PW
endif
if $groupname="Local Machine Admin"
use Y: /DELETE
use Y: "\\mctech02repo\backup" /user:$Credentials /password:$PW
use Z: /DELETE
use Z: "\\mctech\software" /user:$Credentials /password:$PW
endif
next
;Function: GetADUserGroups() - Get User Properties / Attributes from Active Directory
;Author: Allen Powell
;Version: 1.0.0 2010/05/13
;Action: Get a Users Groups from Active Directory
;Syntax: GetADUserGroups(optional $user, optional $mode)
;Parameters:
; $user(optional) Supply the user name in the form of USERNAME or DOMAIN\USERNAME.
; If ommitted, will default to the current user.
; $mode(optional) 0 = GroupNames, 1 = Group OU Names. Defaults to GroupNames
;Returns: An array of groupnames, or nothing
;Dependencies: None
;Example:
; for each $group in GetADUsergroups("username")
; ? $group
; next
;
function getADUserGroups(optional $username, optional $mode)
Dim $objTrans, $objUser, $group, $array[0], $i
if $username=""
$username=@ldomain + "\"+ @userid
endif
if not instr($username,"\")
$username=@ldomain + "\" + $username
endif
$objTrans = CreateObject("NameTranslate")
if @error
exit @error
else
$objTrans.Init(3, "")
$objTrans.Set(3,$username)
$username = $objTrans.Get(1)
if @error
exit @error
else
for each $group in getobject("LDAP://" + $username).GetEx("memberof")
redim preserve $array[$i]
if $mode=0
$array[$i]=GetObject("LDAP://" + $Group).cn
else
$array[$i]=$group
endif
$i=$i+1
next
$getADUserGroups=$array
endif
endif
endfunction
_________________________
John K. Fischer University of Kentucky HealthCare - ITS
|
Top
|
|
|
|
#198650 - 2010-05-18 05:22 PM
Re: Ingroup() and Vergence Authenticator
[Re: Allen]
|
John_Fischer
Fresh Scripter
Registered: 2010-05-12
Posts: 10
Loc: Lexington, KY, USA
|
...follow up and say if it worked, OR even a Thanks would be nice THANKS! I haven't forgotten, but I have a few things I've been working out on the Vergence side. Should have a completed script, ini and batch file tomorrow (hopefully). I'll make sure to post the info here. Oh, and I've removed the block comments and changed them to semi-colons.
_________________________
John K. Fischer University of Kentucky HealthCare - ITS
|
Top
|
|
|
|
#198735 - 2010-05-28 12:16 PM
Re: Ingroup() and Vergence Authenticator
[Re: Allen]
|
John_Fischer
Fresh Scripter
Registered: 2010-05-12
Posts: 10
Loc: Lexington, KY, USA
|
Well, our Change Advisory Board has approved our rollout and deployment has begun. Here's what we ended up with:
Our installer adds the following registry keys to redirect "My Documents" to the H:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal"="H:\\"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"=hex(2):48,00,3a,00,5c,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetCache]
"Enabled"=dword:00000000
Here's the install batch file:
@ECHO OFF
CLS
ECHO.
ECHO.
ECHO You MUST be logged in as the user WITH Admin Rights
ECHO to successfully complete this installation.
ECHO If you are NOT, abort this script now.
ECHO.
ECHO.
PAUSE
ECHO.
ECHO.
ECHO Setting up the registry for "My Documents" redirection
ECHO Setting up the registry to turn OFF "File Synchronization"
regedit /s PersonalRedirect.reg
ECHO.
ECHO.
ECHO Copying necessary files...
COPY MapDrives.bat "C:\Program Files\Sentillion\Vergence Authenticator" /y
rem COPY Authenticator.ini "C:\Program Files\Sentillion\Vergence Authenticator" /y
MD "C:\Program Files\Sentillion\Vergence Authenticator\Kix"
COPY .\Kix\*.exe "C:\Program Files\Sentillion\Vergence Authenticator\Kix" /y
COPY .\Kix\*.chm "C:\Program Files\Sentillion\Vergence Authenticator\Kix" /y
COPY .\Kix\*.dll "C:\Program Files\Sentillion\Vergence Authenticator\Kix" /y
COPY .\Kix\*.kix "C:\Program Files\Sentillion\Vergence Authenticator\Kix" /y
COPY .\Kix\*.lnk "C:\Documents and Settings\All Users\Desktop" /y
ECHO.
ECHO.
ECHO Now the hard part. You need to make 2 changes to Authenticator.ini.
ECHO I will open it for you in a moment.
ECHO Find the line "Path=" ABOUT 20 to 25 lines down. Change it to:
ECHO.
ECHO Path="C:\Program Files\Sentillion\Vergence Authenticator\MapDrives.bat"
ECHO.
ECHO Next you need to find the line "Valsa=CredAgent.exe" (A few lines further down)
ECHO All you need to do is put a semi-colon (;) in front of it.
ECHO.
ECHO I will open Authenticator.ini after this pause.
ECHO.
PAUSE
NOTEPAD "C:\Program Files\Sentillion\Vergence Authenticator\Authenticator.ini"
ECHO.
ECHO.
ECHO When you are finished with the file please remove the user's Admin rights.
ECHO Do that now please.
ECHO.
ECHO.
ECHO Installation is complete.
ECHO Please restart the PC.
ECHO.
PAUSE Once the install is completed and the file MapDrives.bat is placed, when a user logs in the DESKTOP it is executed. The IF statement needs to be there because (according to vendor) this file will run at both logon and logoff (I don't know why, but they say it does. Seems poorly planned to me).
@echo off
IF %3 == "" GOTO END
cd "C:\Program Files\Sentillion\Vergence Authenticator\Kix"
kix32.exe MCGroups.kix /f %3 %1 %2 /i
EXIT
:END Obviously, all that does is run the KiXtart script, which is here:
;Program: MCGroups.KIX
;Author: John K. Fischer with tremendous help from
; Allen Powell of www.KiXtart.org
;Version: 1.0.0 May 27, 2010
;Action:
;Dependencies: Kix32.exe 4.61
;
use G: /DELETE
use H: /DELETE
use I: /DELETE
use J: /DELETE
use K: /DELETE
use L: /DELETE
use N: /DELETE
use O: /DELETE
use P: /DELETE
use Q: /DELETE
use R: /DELETE
use V: /DELETE
use W: /DELETE
use X: /DELETE
use Y: /DELETE
use Z: /DELETE
; Have to delete these so they can be mapped for the DT user.
; Can only have one logged in user per server connection and
; the Generic ID already connected. S: and T: can be left
; alone since we are not attempting a second connection to
; that particular server
use M: /DELETE
use U: /DELETE
GLOBAL $CL, $Credentials, $Dm, $UN, $PW, $Folder
; Lets parse the CommandLine and make it more friendly
for each $Arg in GetCommandLine(1)
$Ct = $Ct + 1
if $Ct = 4 $Dm = $Arg endif
if $Ct = 5 $UN = $Arg endif
if $Ct = 6 $PW = $Arg endif
next
$Credentials = $DM + "\" + $UN
; ALL users in the E.D. should have this drive
$Folder = "\\hospfilesrv\" + $UN + "$$"
use H: $Folder /user:$Credentials /password:$PW
; Check and make sure user has a home folder and give the
; instructions if they do not.
IF NOT EXIST ("H:\")
$Text = "Home Folder does not exist." + @CRLF
$Text = $Text + "Please call 323-8586 and request access for the following folder: " + @CRLF
$Text = $Text + "\\hospfilesrv\$UN$$"
MESSAGEBOX ($Text, "Home Folder Missing", 4160, 20)
ENDIF
;Author: Allen Powell
; He combined a couple of things into a more elegant piece of code.
; This is where all of the drive mappings should be located and they
; are all based upon a users group membership in Active Directory.
for each $groupname in GetADUserGroups($Credentials)
if instr($groupname,"ERcommon")
use I: "\\hospfilesrv\ss2\ed\ercommon" /user:$Credentials /password:$PW
endif
if $groupname="neotransport"
use J: "\\hospfilesrv\neotransport$" /user:$Credentials /password:$PW
endif
if $groupname="edmgt"
use K: "\\hospfilesrv\edmgt" /user:$Credentials /password:$PW
endif
if $groupname="EDTRANSPORT on HOSPFILESRV READ WRITE"
use L: "\\hospfilesrv\edtransport" /user:$Credentials /password:$PW
endif
if $groupname="Softmed"
use M: "\\hospfilesrv\him\employee\updates\vpn\unsignedorders" /user:$Credentials /password:$PW
use U: "\\hospfilesrv\him" /user:$Credentials /password:$PW
endif
if $groupname="Local Machine Admin"
use Y: "\\mctech02repo\backup" /user:$Credentials /password:$PW
use Z: "\\mctech\software" /user:$Credentials /password:$PW
endif
next
;Function: GetADUserGroups() - Get User Properties / Attributes from Active Directory
;Author: Allen Powell
;Version: 1.0.0 2010/05/13
;Action: Get a Users Groups from Active Directory
;Syntax: GetADUserGroups(optional $user, optional $mode)
;Parameters:
; $user(optional) Supply the user name in the form of USERNAME or DOMAIN\USERNAME.
; If ommitted, will default to the current user.
; $mode(optional) 0 = GroupNames, 1 = Group OU Names. Defaults to GroupNames
;Returns: An array of groupnames, or nothing
;Dependencies: None
;Example:
; for each $group in GetADUsergroups("username")
; ? $group
; next
;
function getADUserGroups(optional $username, optional $mode)
Dim $objTrans, $objUser, $group, $array[0], $i
if $username=""
$username=@ldomain + "\"+ @userid
endif
if not instr($username,"\")
$username=@ldomain + "\" + $username
endif
$objTrans = CreateObject("NameTranslate")
if @error
exit @error
else
$objTrans.Init(3, "")
$objTrans.Set(3,$username)
$username = $objTrans.Get(1)
if @error
exit @error
else
for each $group in getobject("LDAP://" + $username).GetEx("memberof")
redim preserve $array[$i]
if $mode=0
$array[$i]=GetObject("LDAP://" + $Group).cn
else
$array[$i]=$group
endif
$i=$i+1
next
$getADUserGroups=$array
endif
endif
endfunction
Our end users are loving this. They are finally getting a private folder that will be available no matter where they are, they still have a shared documents folder on the local PC, and they are getting the proper mappings for $hares they need to access.
Here is part of what I had to submit to the CAB for them to look over, along with a demo and a beta group of 5 machines.
Pre-requisites:
System:
1. Must have “File Synchronization” turned off in registry
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetCache]
"Enabled"=dword:00000000
2.Generic ID MUST have “My Documents” redirected to H:\
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal"="H:\\"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Personal"=hex(2):48,00,3a,00,5c,00,00,00
Vergence:
1. "C:\Program Files\Sentillion\Vergence Authenticator" must contain:
a. "MapDrives.bat"
b. Authenticator.ini with the following line changes:
Path="C:\Program Files\Sentillion\Vergence Authenticator\MapDrives.bat"
;Valsa=CredAgent.exe
2. KiXtart:
a. "C:\Program Files\Sentillion\Vergence Authenticator\Kix" must contain:
Document Archives.lnk
KiX32.exe
KiXtart.dll
MCGroups.KIX
Kixhelp453.chm
3. Generic ID:
a.Must be a member of the "Softmed" group (for S: and T:)
4. Desktop user ID:
a. Must have a home folder \\hospfilesrv\home\%Username%$ (for H:)
i. Must be accessible as \\hospfilesrv\%Username%$
b. Must be a member of one of the following groups (for I:)
i. "ercommon"
ii. "ERcommon on HOSPFILESERVER READ WRITE"
iii. "ERcommon on HOSPFILESERVER READ ONLY"
c. E.D. Transporters: "EDTRANSPORT on HOSPFILESRV READ WRITE" (for J:)
d. E.D. Managers: "edmgt" (for K:)
e. "Softmed" (for M: and U:)
Workflow:
1. Generic ID logs into the OS and Vergence presents a login screen for the Desktop user
a.Drives S: and T: are mapped for Softmed under these credentials
2. Desktop user logs in via “Tap & Go” or the keyboard
3. Vergence launches “MapDrives.bat” via Authenticator.ini passing:
a. Desktop Username as %1
b. Desktop Password as %2
c. Desktop Domain as %3
4. “Mapdrives.bat” then
a. Checks to see if this is a logon or logoff
i. If Logoff:
1. exit the batch file
2. end all scripting
3. present the Vergence login screen for next user
ii. If Logon: launch “MCGroup.KIX”, passing same credentials as above
5. “MCGroup.KIX” then:
a. Clears all drives that may be left from previous user
b. Attempts to create users Home folder (H:)
i. Success = Yes
1. Continue Script
ii. Success = No
1. Notify user to call help-desk and have a home folder created
2. Continue Script
c. Query LDAP and create an array of all groups the Desktop user is a member of
d. Map appropriate drives based upon group membership
i. “Ercommon*”, I:
1. \\hospfilesrv\ss2\ed\ercommon
ii. “Softmed”, M: and U:
1. \\hospfilesrv\him\employee\updates\vpn\unsignedorders
2. \\hospfilesrv\him
iii. “neotransport”, J:
1. \\hospfilesrv\neotransport$
iv. “edmgt”, K:
1. \\hospfilesrv\edmgt
v. "EDTRANSPORT on HOSPFILESRV READ WRITE", L:
1. \\hospfilesrv\edtransport
vi. “Local machine Admin”, Y: and Z:
1. \\mctech02repo\backup
2. \\mctech\software
6. Desktop user is presented with the desktop and PC is ready for use
Again, my thanks to Allen Powell. Without his assistance this might never have come to fruition so quickly.
And now, I wish all of you a great weekend and wonderful next week. I'll be on vacation in the mountains!
_________________________
John K. Fischer University of Kentucky HealthCare - ITS
|
Top
|
|
|
|
#198738 - 2010-05-28 03:11 PM
Re: Ingroup() and Vergence Authenticator
[Re: John_Fischer]
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4545
Loc: USA
|
Glad to help. The check is in the mail, right?
|
Top
|
|
|
|
#198743 - 2010-05-28 07:00 PM
Re: Ingroup() and Vergence Authenticator
[Re: Allen]
|
Allen
KiX Supporter
Registered: 2003-04-19
Posts: 4545
Loc: USA
|
cd "C:\Program Files\Sentillion\Vergence Authenticator\Kix"
Curious why you are not running the script from the netlogon folder of your DCs?
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 259 anonymous users online.
|
|
|