We've partnered with TechNet to bring you answers to technical questions from deep within Microsoft--direct from "Mole."
Answers from Deep Inside
We've partnered with TechNet to bring you answers to technical questions from deep within Microsoft--direct from "Mole."
The Mole
Did Mole just hear you mutter, “Who is this Mole,
anyway?” In case you haven’t heard, Mole is
the Phantom of the Burrow, the furry friend of network
administrators everywhere, the creature who lives in subterranean
Redmond beneath the Microsoft campus, and lives to dig
up ingenious answers to questions about the intricacies
of Microsoft products, particularly as they behave in
conjunction with other Microsoft products. Mole is, in
short, the IT Pro’s IT Pro. Note that he doesn’t
claim near-omniscience because of his own high intelligence,
so much as because he’s a kind of genius at knowing
whom to ask. Mole is fond of Mountain Dew (free to Microsoft
employees), Raisinettes (from the vending machine on the
second floor), and Mother Mole’s worm and onion pie.
Go ahead, ask him anything.
Mole’s Logon Scripts, Version 14.5
Mole,
Where can I find complete information on Windows NT Logon
script commands? What I see in all the manuals and books
I can find is very limited. I need a method to map drives
based on group membership or to be able to test for other
conditions. This was very easy to do in Novell login scripts.
Thanks for your help.
—Michael D. Herman
Corporate Support Specialist
Michael,
Mole is an interop mammal all the way. And for the benefit
of you IT guys and gals who learned your chops in a Novell
world, there’s an article on TechNet that should
make you feel right at home in Windows NT. It’s called
“Logon Scripting—A Powerful, Underutilized Tool,”
and it gives you a list of variables to use in your Logon
scripts, plus directions on where to put the scripts,
how to set up User Environment Profiles, and how to use
Logon scripts to troubleshoot problems with Windows drive
mapping. [See Additional Information for complete
addresses of resources mentioned.—Ed.]
Of course, Mole feels compelled to point out that in
Windows NT, a Logon script isn’t really a script
at all. It’s a hook in the User Environment Profile
and wears the nametag .bat or .exe. The User Environment
Variables you specify (you can view and modify these via
the Control Panel) take precedence over the system environment
variables. Read about this feature in the Knowledge Base
article, “NT Environment Variables.” And rejoice.
Here’s something that has the same name and happens
in the same place in both NT 4.0 and Windows 2000.
And, Michael, Logon scripts are just one approach to
mapping drives based on group membership.
The IFMember utility supplied in the Windows NT 4.0 Workstation
Resource Kit, used in logon scripts and other batch files,
IFMember accepts a list of groups as parameters on the
command line, checks to see to how many of these groups
the current user belongs to, then exits with the number
of matches as its exit value. This can be used by the
IF ERRORLEVEL command in the logon script.
Keep in mind that IFMember uses its own process token
to discover group membership, rather than querying the
relevant Domain Controller each time it runs, a definite
thumbs-up performance-wise. The downside is that it will
only be aware of groups on the local computer, the computer’s
domain, and trusted domains.
Finally, here’s a syntax statement:
ifmember [groupname1] [groupname2] ...
[groupnameN]
You can learn more about the Windows NT 4.0 Workstation
Resource Kit on TechNet. Once you have that CD in your
paws and installed on your machine, you can download a
new version of the IFMember utility that addresses users
belonging to more than 15 groups from the Microsoft FTP
Server.
KiXtart is another solution. (Mole would like to take
a moment to assure you that while he frequently recommends
the KiXtart utility to IT pros, he has never accepted
so much as a single can of Mountain Dew from its manufacturer.
No IT payola here.) There’s a KiXtart command called
INGROUP that should make you very, very happy. (You can
plug whatever command you want into the IF statement—for
example, “net use m: \\myserver\sharename”.)
Here’s the skinny on the INGROUP:
ACTION: Checks whether the
current user is a member of a group.
SYNTAX: INGROUP (“group
name”)
PARAMETER: Group name
Identifies the group in which to check the user’s
membership.
REMARKS: INGROUP can be used
to check for group membership of groups that exist on
the domain or server where the user is logged on, or to
check for group membership of groups on a specific domain
or server.
When checking for a local group, INGROUP identifies that
the user is indirectly a member of the group by virtue
of being a member of a global group that, in turn, is
a member of the local group.
If you want to check for membership in a group on a specific
domain or server, use the following format:
"OtherDomain\group"
or:
"\\SomeServer\group"
For example:
IF INGROUP("Domain Users")
DISPLAY "z:\users.txt"
ENDIF
IF INGROUP("Developers") = 2
? "Member of local group Developers"
ENDIF
IF INGROUP("\\" + @WKSTA + "\Developers")
= 2
? "Member of local group Developers
on local system"
ENDIF