Video Transcript

Hi this is Greg Shields and I'm going to show the hard way how to make decisions when you are mapping drives in log on scripts.' You have probably used logon scripts before. Down here in group policy management, typically our logon scripts are connected to our Default Domain Policy,' That means that that log on script will execute for everyone as soon as they log on to the domain. If I take a look at that, you will see here under User Configuration is this windows setting called Scripts (Logon/Logoff). If I double click Logon here I can add a logon script and actually configure the domains so that when users login they will get that logon script. I can do the same thing here with PowerShell scripts.

Now what is interesting however is that both of these locations only create a connection so users and their computers know to go look for a particular script when they log on to the domain. We have not created the script yet, I have to do that in a tool like Notepad. Now when I create that Logon script I have to do that by myself, there are not a lot of tools out there, at least natively inside of the Windows operating system to help me out. There are some third party tools out there, but let me show you how you can do it with notepad.

There are a couple of options available to you, you can use the net use command and map the S: drive to a location like \\server\shared\finance; that's not terribly good when it comes to making decisions. Maybe I want to map a drive, not just to \\server\shared\finance, but to a user name that is a subfolder of the finance folder. I can do net use and then the S: drive to \\server\shared\finance; here's the variable, %username%. This variable name will turn into whatever that username is whenever the user logs on.

That's great also, but maybe I'm not really interested in just making a decision based just on that user's username, maybe if have other things I need to base that drive mapping on instead.' This is really where you get the limit to what batch file scripting can do. I have to move to some other scripting language like perhaps VBScript. Here in VBScript I have to create a WScript.Network object and use the MapNetworkDrive method of that object to map S: to \\server\shared\finance. What you should see here is that while VB Script and its cousin PowerShell are far more powerful, there is still a lot more text required to be able to do what you want to do.

All we are doing at this point is mapping the S: drive to \\server\shared\finance; we are not actually making any decisions at this point. And it's here where things get a squirrely; I'm not going to show you the PowerShell method, because I will leave that up to Don Jones.

I will show you the easy VB Script method that you can do to make some very basis decisions. In order to do that I am going to paste in another script here.' To do so I have to create again another WScript. Network and I have to create an object here for ADSystemInfo and what this essentially lets me do is connect into the active directory to get the username, once I have that username I can find out what groups is that user a member of.

I'm taking the current user and finding out what groups they are a member of and then joining it all together into a nice string and giving me that lower case value of that string. Then I can say on the bottom here, if the word finance appears in that string then go ahead and map the R: to \\server\shared\finance. I have made one decision here, but I probably want to make multiple decisions since I've set up all these structures to be able to do so.

Here's a much larger script where you will see that the finance, accounting, and IT groups are included in the if/then statement. Here if it is in the finance group I map the R: drive to finance, accounting maps the S: drive to accounting, and IT maps the T: drive to IT. Again, to be able to make these decisions I'm going to have to come up with some sort of scripting because all I have are the native tools alone.