1. Home
  2. Microsoft Products
  3. Windows Server Hack

Hack 32 Check Group Membership and Map Drives in a Logon Script

figs/expert.gif figs/hack32.gif

Find out which group a user referenced within a logon script belongs to.

Logon scripts are useful for mapping drives so that users can store their work files in standard locations on network file servers. It would be nice to be able to map drives based on a user's group membership, and that's what this hack is about. By placing a user's group membership information into a dictionary object, you can quickly find out if a user is a member of a group and then perform actions (such as mapping drives) if they are. The script in this hack allows you to accomplish this and more.

This script quickly checks to see if a user is a member of a particular group. It reads the Member Of tab information for the user account and places it into a dictionary object, because a dictionary object offers fast and easy access to group membership information. If the user is a member of the group specified, a dialog box will tell you so.

The Code

To use this script, type it into Notepad (with Word Wrap disabled) and save it with a .vbs extension as CheckMembership.vbs.

Option Explicit ' Force explicit declarations

'

' Variables

'

Dim WSHNetwork

Dim FSO

Dim strUserName ' Current user

Dim strUserDomain ' Current User's domain name

Dim ObjGroupDict ' Dictionary of groups to which the user belongs



Set WSHNetwork = WScript.CreateObject("WScript.Network")

Set FSO = CreateObject("Scripting.FileSystemObject")

'

' Wait until the user is really logged in...

'

strUserName = ""

While strUserName = ""

WScript.Sleep 100 ' 1/10 th of a second

strUserName = WSHNetwork.UserName

Wend

strUserDomain = WSHNetwork.UserDomain



' Read the user's account "Member Of" tab info across the network

' once into a dictionary object. 



Set ObjGroupDict = CreateMemberOfObject(strUserDomain, strUserName)

If MemberOf(ObjGroupDict, "Domain Admins") Then

wscript.echo "Is a member of Domain Admins." 

'REM this line to Map Network Drives



'Map network Drives here, UNREM the below lines:

'WSHNetwork.MapNetworkDrive "O:", "\\server1\share"

'WSHNetwork.MapNetworkDrive "Q:", "\\server2\share"



Else

wscript.echo "Is NOT a member of Domain Admins"

End If



Function MemberOf(ObjDict, strKey)

' Given a Dictionary object containing groups to which the user

' is a member of and a group name, then returns True if the group

' is in the Dictionary else return False. 

'

' Inputs:

' strDict - Input, Name of a Dictionary object

' strKey - Input, Value being searched for in

' the Dictionary object

' Sample Usage:

'

' If MemberOf(ObjGroupDict, "DOMAIN ADMINS") Then

' wscript.echo "Is a member of Domain Admins."

' End If

'

'

MemberOf = CBool(ObjGroupDict.Exists(strKey))



End Function





Function CreateMemberOfObject(strDomain, strUserName)

' Given a domain name and username, returns a Dictionary

' object of groups to which the user is a member of.

'

' Inputs:

'

' strDomain - Input, NT Domain name

' strUserName - Input, NT username

'

Dim objUser, objGroup



Set CreateMemberOfObject = CreateObject("Scripting.Dictionary")

CreateMemberOfObject.CompareMode = vbTextCompare

Set objUser = GetObject("WinNT://" _

& strDomain & "/" _

& strUserName & ",user")

For Each objGroup In objUser.Groups

CreateMemberOfObject.Add objGroup.Name, "-"

Next

Set objUser = Nothing



End Function

Running the Hack

To map drives based on a different user group than Domain Admins modify this line as required:

If MemberOf(ObjGroupDict, "Domain Admins") Then

For example, if you want to map drives based on whether users are members of a global group named Sales use this line instead:

If MemberOf(ObjGroupDict, "Sales") Then

To map drives instead of displaying a message box, comment out the following line:

wscript.echo "Is a member of Domain Admins." 'REM this line to Map Network Drives

and uncomment these lines:

'WSHNetwork.MapNetworkDrive "O:", "\\server1\share"

'WSHNetwork.MapNetworkDrive "Q:", "\\server2\share"

specifying drive letters and UNC paths as appropriate depending on your own networking environment. For example, to map the drive letter K: to a shared folder named Reports on file server fs3.mtit.com use this line instead of the above:

WSHNetwork.MapNetworkDrive "K:", "\\fs3.mtit.com\Reports"

?Hans Schefske



    		Windows Server Hacks
    		Credits
    		Foreword: I'm a Sci-Fi freak
    		Preface
    		Chapter 1. General Administration
    		Chapter 2. Active Directory
    		Chapter 3. User Management
    		Hacks #25-35
    		Hack 25 Search for Domain Users
    		Hack 26 Manage User Accounts in Active Directory
    		Hack 27 Get a List of Disabled Accounts
    		Hack 28 Get User Account Information
    		Hack 29 Check for Passwords that Never Expire
    		Hack 30 Enumerate Group Membership to a CSV File
    		Hack 31 Modify User Properties for All Users in a Particular OU
    		Hack 32 Check Group Membership and Map Drives in a Logon Script
    		Hack 33 Script Creation of a User's Home Directory and Permissions
    		Hack 34 Prevent Ordinary Users from Creating Local Accounts
    		Hack 35 Put a Logoff Icon on the Desktop
    		Chapter 4. Networking Services
    		Chapter 5. File and Print
    		Chapter 6. IIS
    		Chapter 7. Deployment
    		Chapter 8. Security
    		Chapter 9. Patch Management
    		Chapter 10. Backup and Recovery
    		Colophon