Map drives based on user’s AD group membership using IFMEMBER
Login scripts are very handy – but when it comes to mapping drives (or processing other commands) based on the users active directory group membership – it can be a bit of a pain.
Thats where Ifmember.exe (part of the Windows Server 2003 Resource Kit) comes in.
You can get this to work for you in one of two ways. The first is to have it call it from within your login script and then evaluate the errorlevel (Errorlevel 1 if they are a member or 0 if not) – which is multiline and not very tidy. The other option is to use conditional execution (executes additional commands depending on which errorlevel the command returns).
Perhaps the best way to explain this is through a few examples:
ifmember Finance || net use f: \\server\finance
Assuming that the current user *is* a member of the ‘Finance’ group – it will map drive F. Similarly, you can use && instead to process commands if the user is *NOT* a member of Finance:
ifmember Finance && net use f: \\server\someothershare
Of course, these examples both assume that ifmember.exe is in the local machines search path (or it’s being called from the same directory as the script). Another option is that you could call it through a UNC path:
\\server\tools\ifmember.exe Finance || net use f: \\server\finance
Which works quite well!
You can obtain ifmember.exe either as part of the Windows 2003 Server Resource Kit Tools from Microsoft here (which is well worth doing!):
Or you can get just the file itself from:
Did you find this hint useful? Are you looking to learn more? Well, here’s a few books that I’ve found useful – have a goosie!
 Active Directory for Dummies |
 Microsoft Windows Shell Script Programming |
 Microsoft Windows Script Host |
 Mastering Windows Server 2003 |
Configure Outlook Exchange email account through login script
This one’s a common issue – you’ve got hundreds of users and want an efficient way of handing out Exchange email account settings to all of your Outlook users. Well, I’m going to cut through all the waffle and tell you the method I use.
I create a .prf file (Outlook Profile), store it in a shared server location, and reference it from within a login script. The problem is, I only want it to run once (when a user logs into a machine for the first time). So I check for the existence of a junk file in the users profile directory (C:\Doc & Set\user\outlookdone.dat – which incidentally also contains the date it was originally done). The resulting login batch file looks a bit like this:
if exist “%USERPROFILE%\outlookdone.dat” goto outlookdone
echo Configuring Outlook EMail profile..
“c:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE” /importprf \\server\share\outlook.prf
echo %date% >”%USERPROFILE%\outlookdone.dat”: outlookdone
(NB: that this is for Outlook 2003 – OFFICE11. This method should also work for 2002 and 2007 – however it has not been tested). Finally, the all important .prf file looks a bit like this:
[General]
Custom=1
ProfileName=Default profile
DefaultProfile=Yes
OverwriteProfile=No
ModifyDefaultProfileIfPresent=FALSE[Service List]
;ServiceX=Microsoft Outlook Client
ServiceEGS=Exchange Global Section
Service1=Microsoft Exchange Server
ServiceEGS=Exchange Global Section[ServiceEGS]
MailboxName=%UserName%
HomeServer=YOUREXCHANGESERVERNAMEGOESHERE
[Service1]
OverwriteExistingService=No
UniqueService=Yes
MailboxName=%UserName%
HomeServer=YOUREXCHANGESERVERNAMEGOESHERE
AccountName=Microsoft Exchange Server[Microsoft Exchange Server]
ServiceName=MSEMS
MDBGUID=5494A1C0297F101BA58708002B2A2517
MailboxName=PT_STRING8,0×6607
HomeServer=PT_STRING8,0×6608
OfflineAddressBookPath=PT_STRING8,0x660E
OfflineFolderPath=PT_STRING8,0×6610[Exchange Global Section]
SectionGUID=13dbb0c8aa05101a9bb000aa002fc45a
MailboxName=PT_STRING8,0×6607
HomeServer=PT_STRING8,0×6608
RPCoverHTTPflags=PT_LONG,0×6623
RPCProxyServer=PT_UNICODE,0×6622
RPCProxyPrincipalName=PT_UNICODE,0×6625
RPCProxyAuthScheme=PT_LONG,0×6627
CachedExchangeConfigFlags=PT_LONG,0×6629[Microsoft Mail]
ServiceName=MSFS
ServerPath=PT_STRING8,0×6600
Mailbox=PT_STRING8,0×6601
Password=PT_STRING8,0x67f0
RememberPassword=PT_BOOLEAN,0×6606
ConnectionType=PT_LONG,0×6603
UseSessionLog=PT_BOOLEAN,0×6604
SessionLogPath=PT_STRING8,0×6605
EnableUpload=PT_BOOLEAN,0×6620
EnableDownload=PT_BOOLEAN,0×6621
UploadMask=PT_LONG,0×6622
NetBiosNotification=PT_BOOLEAN,0×6623
NewMailPollInterval=PT_STRING8,0×6624
DisplayGalOnly=PT_BOOLEAN,0×6625
UseHeadersOnLAN=PT_BOOLEAN,0×6630
UseLocalAdressBookOnLAN=PT_BOOLEAN,0×6631
UseExternalToHelpDeliverOnLAN=PT_BOOLEAN,0×6632
UseHeadersOnRAS=PT_BOOLEAN,0×6640
UseLocalAdressBookOnRAS=PT_BOOLEAN,0×6641
UseExternalToHelpDeliverOnRAS=PT_BOOLEAN,0×6639
ConnectOnStartup=PT_BOOLEAN,0×6642
DisconnectAfterRetrieveHeaders=PT_BOOLEAN,0×6643
DisconnectAfterRetrieveMail=PT_BOOLEAN,0×6644
DisconnectOnExit=PT_BOOLEAN,0×6645
DefaultDialupConnectionName=PT_STRING8,0×6646
DialupRetryCount=PT_STRING8,0×6648
DialupRetryDelay=PT_STRING8,0×6649[Personal Folders]
ServiceName=MSPST MS
Name=PT_STRING8,0×3001
PathToPersonalFolders=PT_STRING8,0×6700
RememberPassword=PT_BOOLEAN,0×6701
EncryptionType=PT_LONG,0×6702
Password=PT_STRING8,0×6703[Unicode Personal Folders]
ServiceName=MSUPST MS
Name=PT_UNICODE,0×3001
PathToPersonalFolders=PT_STRING8,0×6700
RememberPassword=PT_BOOLEAN,0×6701
EncryptionType=PT_LONG,0×6702
Password=PT_STRING8,0×6703[Outlook Address Book]
ServiceName=CONTAB[LDAP Directory]
ServiceName=EMABLT
ServerName=PT_STRING8,0×6600
UserName=PT_STRING8,0×6602
UseSSL=PT_BOOLEAN,0×6613
UseSPA=PT_BOOLEAN,0×6615
DisableVLV=PT_LONG,0×6616
DisplayName=PT_STRING8,0×3001
ConnectionPort=PT_STRING8,0×6601
SearchTimeout=PT_STRING8,0×6607
MaxEntriesReturned=PT_STRING8,0×6608
SearchBase=PT_STRING8,0×6603[Microsoft Outlook Client]
SectionGUID=0a0d020000000000c000000000000046
FormDirectoryPage=PT_STRING8,0×0270
WebServicesLocation=PT_STRING8,0×0271
ComposeWithWebServices=PT_BOOLEAN,0×0272
PromptWhenUsingWebServices=PT_BOOLEAN,0×0273
OpenWithWebServices=PT_BOOLEAN,0×0274
CachedExchangeMode=PT_LONG,0x041f
CachedExchangeSlowDetect=PT_BOOLEAN,0×0420[Personal Address Book]
ServiceName=MSPST AB
NameOfPAB=PT_STRING8,0x001e3001
Path=PT_STRING8,0x001e6600
ShowNamesBy=PT_LONG,0×00036601; ************************************************************************
; Section 7 – Mapping for internet account properties. DO NOT MODIFY.
; ************************************************************************[I_Mail]
AccountType=POP3
;— POP3 Account Settings —
AccountName=PT_UNICODE,0×0002
DisplayName=PT_UNICODE,0x000B
EmailAddress=PT_UNICODE,0x000C
;— POP3 Account Settings —
POP3Server=PT_UNICODE,0×0100
POP3UserName=PT_UNICODE,0×0101
POP3UseSPA=PT_LONG,0×0108
Organization=PT_UNICODE,0×0107
ReplyEmailAddress=PT_UNICODE,0×0103
POP3Port=PT_LONG,0×0104
POP3UseSSL=PT_LONG,0×0105
; — SMTP Account Settings —
SMTPServer=PT_UNICODE,0×0200
SMTPUseAuth=PT_LONG,0×0203
SMTPAuthMethod=PT_LONG,0×0208
SMTPUserName=PT_UNICODE,0×0204
SMTPUseSPA=PT_LONG,0×0207
ConnectionType=PT_LONG,0x000F
ConnectionOID=PT_UNICODE,0×0010
SMTPPort=PT_LONG,0×0201
SMTPUseSSL=PT_LONG,0×0202
ServerTimeOut=PT_LONG,0×0209
LeaveOnServer=PT_LONG,0×1000[IMAP_I_Mail]
AccountType=IMAP
;— IMAP Account Settings —
AccountName=PT_UNICODE,0×0002
DisplayName=PT_UNICODE,0x000B
EmailAddress=PT_UNICODE,0x000C
;— IMAP Account Settings —
IMAPServer=PT_UNICODE,0×0100
IMAPUserName=PT_UNICODE,0×0101
IMAPUseSPA=PT_LONG,0×0108
Organization=PT_UNICODE,0×0107
ReplyEmailAddress=PT_UNICODE,0×0103
IMAPPort=PT_LONG,0×0104
IMAPUseSSL=PT_LONG,0×0105
; — SMTP Account Settings —
SMTPServer=PT_UNICODE,0×0200
SMTPUseAuth=PT_LONG,0×0203
SMTPAuthMethod=PT_LONG,0×0208
SMTPUserName=PT_UNICODE,0×0204
SMTPUseSPA=PT_LONG,0×0207
ConnectionType=PT_LONG,0x000F
ConnectionOID=PT_UNICODE,0×0010
SMTPPort=PT_LONG,0×0201
SMTPUseSSL=PT_LONG,0×0202
ServerTimeOut=PT_LONG,0×0209
CheckNewImap=PT_LONG,0×1100
RootFolder=PT_UNICODE,0×1101[INET_HTTP]
AccountType=HOTMAIL
Account=PT_UNICODE,0×0002
HttpServer=PT_UNICODE,0×0100
UserName=PT_UNICODE,0×0101
Organization=PT_UNICODE,0×0107
UseSPA=PT_LONG,0×0108
TimeOut=PT_LONG,0×0209
Reply=PT_UNICODE,0×0103
EmailAddress=PT_UNICODE,0x000C
FullName=PT_UNICODE,0x000B
Connection Type=PT_LONG,0x000F
ConnectOID=PT_UNICODE,0×0010
Did you find this hint useful? Are you looking to learn more? Well, here’s a few books that I’ve found useful – have a goosie!
 Mastering Microsoft Exchange Server 2003 |
Microsoft Windows Shell Script Programming |
Microsoft Windows Script Host |
Active Directory for Dummies |
Redirecting My Documents shell folder from a login script / commandline
I’ve always been a firm believer in Group Policy redirecting users’ My Documents folders for me – but there’s nothing like the reassurance of a good old batch file carrying this operation out for you.
So how do you do it? Well, the location of My Documents is stored in the registry (which is read by the explorer process when it’s spawned) and is located here:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal
As you would expect, editing this one value redirects My Docs. So, as part of your network login script, you can achive this automatically by adding in:
reg add “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders” /v Personal /t REG_EXPAND_SZ /d \\server\%USERNAME% /f
…to redirect to your server using the username of the currently logged on user as the share name.
Did you find this hint useful? Are you looking to learn more? Well, here’s a few books that I’ve found useful – have a goosie!
Active Directory for Dummies |
Microsoft Windows Shell Script Programming |
Microsoft Windows Script Host |
Mastering Windows Server 2003 |
