In case you need to prepare your DR site for testing that includes drive and printer re-mapping based on user and/or computer group membership, you can choose between GPO and VBScript. Windows 2008 GPO features for drive and printer mapping and item level targeting support group based filtering for both users and computers and there is no need for scripting. Otherwise you might need to script it in VBS.
These settings need to be configured in AD at the DR site level in order to ensure that only clients logging on at the DR site get the DR-related settings. The GPO needs to be enforced in order to override overlapping settings from GPOs set at the OU level.
Here are the steps to do it through GPO:
For drives go to GPO > User Configuration > Preferences > Windows Settings > Drive Maps and create a new object. Choose ‘replace’ for an action in order to remove the old drive and set the other options. Then go to the Common tab, put a tick mark in ‘Item-level targeting’, click the button ‘Targeting’, add a new item by clicking on New Item and choosing Security Group, specify either ‘user in group’ or ‘computer in group’, click on the button with dots and select the group you want.
For printers go to GPO > User Configuration > Preferences > Control Panel Settings > Printers and create a new object. Then go to the Common tab, put a tick mark in ‘Item-level targeting’, click the button ‘Targeting’, add a new item by clicking on New Item and choosing Security Group, specify either ‘user in group’ or ‘computer in group’, click on the button with dots and select the group you want.
Here is a VB script that does the same:
Note:
1.Some users and computers might be members of several groups and I haven’t tested what happens if a user/computer is a member of 2 groups and both groups are used for filtering and mapping.
2.The script reads group names that contain spaces without any issues
On Error Resume Next
Set objSysInfo = CreateObject("ADSystemInfo")
Set objNetwork = CreateObject("Wscript.Network")
‘get the user name
strUserName = objNetwork.UserName
strComputer = objSysInfo.ComputerName
‘get the user path
strUserPath = "LDAP://" & objSysInfo.UserName
Set objUser = GetObject(strUserPath)
‘get the computer name
Set objComputer = GetObject("LDAP://" & strComputer)
objmemberOf = objComputer.GetEx("memberOf")
Next
'map drives and printers based on user group membership
For Each strGroup in objUser.MemberOf
strGroupPath = "LDAP://" & strGroup
Set objGroup = GetObject(strGroupPath)
strGroupName = objGroup.CN
Select Case strGroupName
Case “group name 1"
objNetwork.RemoveNetworkDrive "G:", True, True
objNetwork.MapNetworkDrive "G:", "\\server\share"
objNetwork.RemoveNetworkDrive "H:", True, True
objNetwork.MapNetworkDrive "H:", "\\server\share" & "\" & strUserName
objNetwork.RemoveNetworkDrive "J:", True, True
objNetwork.MapNetworkDrive "J:", "\\server\share"
objNetwork.AddWindowsPrinterConnection "\\server\printer"
Case "group name 2"
objNetwork.RemoveNetworkDrive "G:", True, True
objNetwork.MapNetworkDrive "G:", "\\server\share"
objNetwork.RemoveNetworkDrive "H:", True, True
objNetwork.MapNetworkDrive "H:", "\\server\share" & "\" & strUserName
objNetwork.RemoveNetworkDrive "J:", True, True
objNetwork.MapNetworkDrive "J:", "\\server\share"
objNetwork.AddWindowsPrinterConnection "\\server\printer"
End Select
Next
'map drives based on computer group membership
Set objSysInfo = CreateObject("ADSystemInfo")
strComputer = objSysInfo.ComputerName
Set objComputer = GetObject("LDAP://" & strComputer)
objmemberOf = objComputer.GetEx("memberOf")
For Each objGroup in objmemberOf
groupCN = Split(objGroup, ",")
groupName = Mid(groupCN(0),4)
Select Case groupName
Case "group name 3"
objNetwork.RemoveNetworkDrive "X:", True, True
objNetwork.MapNetworkDrive "X:", "\\server\share"
objNetwork.AddWindowsPrinterConnection "\\server\printer"
Case "group name 4"
objNetwork.RemoveNetworkDrive "Y:", True, True
objNetwork.MapNetworkDrive "Y:", "\\server\share"
End Select
Next
Using Group Policy Preferences to Map Drives Based on Group Membership
How Can I Map Drives Based on Membership in a Group?
How Can I Use a Logon Script to Remove All Mapped Drives?
How Can I Map a Printer, But Only If the User Doesn’t Have a Local Printer?
Check Computer Object group membership in AD
Implementing powerful and flexible login scripts
No comments:
Post a Comment