1

We use a logon script to map drives for our domain users based on their security group membership.

Here is an excerpt from the script, showing how anyone in the "_development (W)" group automatically gets the "\servername\development" share mapped when they log on:

If (IsMember(objUser, "_development") = True) Then
If (MapDrive("W:", "\\servername\development") = False) Then
    MsgBox "Unable to map Development share"
    End If
End If

This works as intended for all domain users who are members of the various different security groups; however, no drives are mapped for the domain administrator account as it is not currently a member of any of the security groups (and I feel it would be redundant adding it to them, just for the sake of mapping drives).

What I want to do is to have an additional entry in the logon script which maps network drives specifically for the domain administrator account.

Our workstations are Windows 7 and the domain controller is SBS 2003.

What would be the correct syntax for this?

Austin ''Danger'' Powers
  • 1,180
  • 6
  • 21
  • 51
  • 3
    What client OS' and server OS'? Just curious why you aren't using GPO preferences for drive mappings instead. – TheCleaner May 16 '14 at 14:50
  • Our workstations are Windows 7 and the domain controller is SBS 2003. I never thought of GPO preferences for drive mappings - didn't think it would be an option in SBS 2003 but never checked. – Austin ''Danger'' Powers May 16 '14 at 15:03
  • I have to ask the reason for *still* running 2003, and did you omit this on purpose from your question? – MDMoore313 May 16 '14 at 15:04
  • Believe me, I wish we were running 2008 by now but small, non-profit organizations sometimes don't have (or need) the latest and greatest. We don't have Exchange or anything web-facing and this server generally does everything we need perfectly well. The possibility of upgrading this particular server has already been discussed here: http://serverfault.com/questions/491175/windows-small-business-server-2003-sp2-upgrade-plan. I am certainly not omitting it "on purpose" from my question. – Austin ''Danger'' Powers May 16 '14 at 15:14
  • @Austin''Danger''Powers I completely get that, as for the second part, I had to ask :) You won't believe the kind of questions we get here, then again, [you might](http://meta.serverfault.com/questions/6256/how-should-we-deal-with-slow-motion-trainwreck-questions). – MDMoore313 May 16 '14 at 15:30
  • You might ask your non-profit to check with TechSoup for cheap software upgrades. – uSlackr May 16 '14 at 17:58
  • What kind of script is that? VBS? – uSlackr May 16 '14 at 17:59
  • We usually go with Techsoup for our non-profit software prices; however, our server hardware does not meet the minimum requirements for the latest versions of Windows Server so we would need to upgrade that as well. It isn't really worth the expense for us right now. – Austin ''Danger'' Powers May 17 '14 at 08:49
  • Yes, its VBScript – Austin ''Danger'' Powers May 17 '14 at 08:49

1 Answers1

2

Group Policy Preferences allows you to set settings such as printer and drive mappings, and filter based on a myriad of settings. This includes computer names, WMI queries, and yes, user name or group membership.

Be aware that going this route may cause login delays, as the group policy accesses AD to determine group membership. Just something to keep an eye on.

I know you're running SBS 2003, there are articles online for running GPP on 2003. If it's something you want to pursue, I can't testify to the effectiveness of it.

As far as VBScript goes, perhaps:

strUserName = wshShell.ExpandEnvironmentStrings( "%USERNAME%" )
IF (strUserName = "Root") Then
 ...Map Drive
End IF

As you can see, I don't VBScript much, especially since PS has came on the scene, but the key here is grabbing the current user name and testing against your domain admin name in the script, and acting accordingly, which should be easy enough to implement.

Another alternative that is easy enough:

Use a single gpo with User Config login script with simple drive mappings, and target it at the OU the "domain administrator" account is in, and remove "authenticated users" from the GPO and just add "Domain Administrator" back. That will cause that account to run the login script, and no need to get fancy with the script...

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
MDMoore313
  • 5,581
  • 6
  • 36
  • 75