ICC Home / Members / Meetings / Peer Support / Documentation / Projects
Login ScriptsReturn to IT/SA Services Documentation: Active Directory |
Updates to handle Vista and Windows 7 (December 2009)In mid-December of 2009, Andrew Carey made some changes, mostly to how printers get
mapped, but also in the basic means for kicking-off the login script so it runs differently on The only other login script change was the addition of a call to EnumMappings.vbs Further Updates to address issues with multi-user machines (February 25, 2010)Previously, the IF-Co-Managed User GPO called CheckOS.vbs which determined the users
In this latest revision, Andrew modified the scheduled task name to "IFAS Login Script Andrew also simplified the login script process by combining the CheckOS.vbs and OverviewAll IFAS users run a unified Login Script. The script is located on each domain controller
this printer script was revamped considerably by Andrew Carey in December 2009. Regarding the logon scripts, lets say we have a user named gogators who is in the CALS people OU. ad.ufl.edu/UF/Groups/AutoGroups/_IFAS-CALS-USERS_autoGS In addition this user is a member of the following groups: ad.ufl.edu/UF/Departments/IFAS/-Co-Managed/Campus/CALS/Groups/IF-CALS-AP ad.ufl.edu/UF/Departments/IFAS/-Co-Managed/Campus/FSHN/Groups/IF-FSHN-Support For this user four login scripts would execute: \\ad.ufl.edu\netlogon\ifas\cals\user\gogators.vbs \\ad.ufl.edu\netlogon\ifas\cals\_IFAS-CALS-USERS_autoGS.vbs \\ad.ufl.edu\netlogon\ifas\cals\IF-CALS-AP.vbs \\ad.ufl.edu\netlogon\ifas\FSHN\IF-FSHN-Support.vbs As you can see the location of the login scripts is based on the location Detailed Run-throughThe first few lines set up objects that are needed throughout the rest of the script On Error Resume Next Set objNetwork = CreateObject("Wscript.Network") Set objShell = CreateObject("WScript.Shell") Set objFileSystem = CreateObject("Scripting.FileSystemObject") '*** Needed for InIFAS query Const ADS_SCOPE_SUBTREE = 2 The next block of code is a pause that waits until the username variable is populated. UserName = "" Do While UserName = "" UserName = objNetwork.UserName Wscript.Sleep 10 Loop On Error Goto 0 The following section converts from the Gatorlink name to the distinquished name (DN) DNQuery = "SELECT distinguishedName FROM 'LDAP://DC=ad, DC=ufl,DC=edu' where CN='" & UserName & "'" Set Conn = CreateObject("ADODB.Connection") Conn.Provider = "ADSDSOObject" Conn.Open "ADs Provider" Set rs = Conn.Execute(DNQuery) Username = rs.Fields(0) Set objUser = GetObject("LDAP://" & Username) The next section checks whether a computer object is in the IFAS OU InIFAS = 0 Set objCOmmand.ActiveConnection = Conn objCommand.CommandText = _ "Select ADsPATH from 'LDAP://ou=ifas,ou=departments,ou=uf,DC=ad,DC=ufl,DC=edu' " _ & "where objectClass='computer' AND name='" & Computer & "'" objCommand.Properties("Page Size") = 1000 objCommand.Properties("Timeout") = 30 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.Properties("Cache Results") = False Set objRecordSet = objCommand.Execute If NOT (objRecordset.BOF AND objRecordset.EOF) Then objRecordSet.MoveFirst result = objRecordSet.Fields("ADsPATH").Value if UCase(Right(result,45)) = "IFAS,OU=DEPARTMENTS,OU=UF,DC=AD,DC=UFL,DC=EDU" then InIFAS = 1 End If End if The following section disables user access to the VSS previous versions tab so multiple users objShell.Run "REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer /v NoPreviousVersionsRestore /t REG_DWORD /d 1 /f" [Note: the script used to install a spyware blocklist at this point but that was commented out '***Spyware Blocklist '***Create as GPO If InIFAS then 'objShell.Run "regedit.exe /S \\ad.ufl.edu\NETLOGON\IFAS\ie-ads.reg" objShell.Run "\\ad.ufl.edu\NETLOGON\IFAS\Lsclient.exe lansweeper.ifas.ufl.edu",0 End If This action line of this script has been commented out and ePO is no longer pushed, but it begins If Left(Username,9) <> "CN=IF-ADM" then '***Install EPO Agent on error resume next If InIFAS then Version = objShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\EPOAGENT3000\Version") If Version <> "4.0.0.1345" then If Version <> "4.0.0.1444" then Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject") If FileSystem.FileExists("\\IF-SRV-EPO.ad.ufl.edu\EPO-Installs$\" & objNetwork.ComputerName & ".txt") Then Set objFile = FileSystem.OpenTextFile("\\IF-SRV-EPO.ad.ufl.edu\EPO-Installs$\" & objNetwork.ComputerName & ".txt", 8) Else Set objFile = FileSystem.CreateTextFile("\\IF-SRV-EPO.ad.ufl.edu\EPO-Installs$\" & objNetwork.ComputerName & ".txt", True) End If objFile.WriteLine Now & "," & Version & "," & objNetwork.Username objfile.Close '* objShell.Run "\\ad.ufl.edu\NETLOGON\IFAS\UFAD_ePOAgent-36HF10.exe /INSTALL=AGENT /FORCEINSTALL /SILENT" End If End If End If on error goto 0 Then the printer installation script is run--except for IF-ADMx logons. '***Runs Printer Installation Script objShell.Run Chr(34) & "\\ad.ufl.edu\netlogon\IFAS\printers.vbs" & Chr(34),0,FALSE End If The following section was temporarily placed to assist with the transition to using 'Deletes Old Listserv Cookie objShell.Run Chr(34) & "\\ad.ufl.edu\netlogon\IFAS\DeleteCookie.vbs" & Chr(34),0,FALSE This next major section is the portion of the script that determines the user's group memberships '***Determines group membership and builds path Dim arrGroup() Dim arrOU() arrMemberOf = objUser.GetEx("memberOf") For each Group in arrMemberOf CN = Split (Group, ",OU=") If ubound(CN) <> 0 then If CN(ubound(CN)-2) = "IFAS" Then If CN(ubound(CN)-3) <>"-Central-IT" Then If Left(CN(ubound(CN)-3),7) = "CEODIST" then redim Preserve arrGroup(Counter) arrGroup(Counter) = CN(ubound(CN)-3) & "\" & CN(ubound(CN)-4) & "\" & Right(CN(0),(Len(CN(0))-3)) Counter=Counter+1 Else On Error Resume Next Set objOUCheck = GetObject("LDAP://OU=" & CN(ubound(CN)-4) & ", OU=" & CN(ubound(CN)-3) & ", OU=IFAS, OU=People, OU=UF, DC=ad, DC=ufl, DC=edu") If err.number <> "0" then redim Preserve arrGroup(Counter) arrGroup(Counter)= CN(ubound(CN)-3) & "\" & Right(CN(0),(Len(CN(0))-3)) Counter=Counter+1 Else redim Preserve arrGroup(Counter) arrGroup(Counter) = CN(ubound(CN)-3) & "\" & CN(ubound(CN)-4) & "\" & Right(CN(0),(Len(CN(0))-3)) Counter=Counter+1 End If On Error goto 0 End If End If ElseIf CN(UBound(CN)-1) = "Groups" and Left(CN(0),9) = "CN=_IFAS-" then AutoGroup = split (CN(0), "-USERS_autoGS") If Len(AutoGroup(0)) <> "8" Then redim Preserve arrGroup(Counter) arrGroup(Counter) = Replace(Right(autogroup(0), (Len(AutoGroup(0))-9)), "-", "\") & "\" & Right(CN(0),(Len(CN(0))-3)) Counter=Counter+1 End If End If End If Next Once the arrays of groups and corresponding script paths have been created, the various group logon scripts ' ***Executes group logon scripts For each group in ArrGroup Group = Replace(Group, ". ","") GroupScript = "\\ad.ufl.edu\NETLOGON\IFAS\" & group & ".VBS" If objFileSystem.FileExists(GroupScript) Then objShell.Run Chr(34) & GroupScript & Chr(34) End If Next Then the any specific script for that user is also run. ' ***Executes user logon scripts OU = Split (UserName, ",OU=") If OU(ubound(OU)-2) = "IFAS" Then If Left(OU(ubound(OU)-4), 3) <> "CN=" then UserScript = "\\ad.ufl.edu\NETLOGON\IFAS\" & OU(ubound(OU)-3) & "\" & OU(ubound(OU)-4) & "\User\" & objNetwork.Username & ".VBS" Else UserScript = "\\ad.ufl.edu\NETLOGON\IFAS\" & OU(ubound(OU)-3) & "\User\" & objNetwork.Username & ".VBS" End If If objFileSystem.FileExists(UserScript) Then objShell.Run Chr(34) & UserScript & Chr(34) End If End If The next line is a change which Andrew Carey inserted during the December 2009 script update objShell.Run Chr(34) & "\\ad.ufl.edu\netlogon\IFAS\EnumMappings.vbs" & Chr(34),0,FALSE This last large section is excluded for service accounts. This part of the code checks for a If Left(Username,6) <> "CN=IF-" then On Error Resume Next err.number = "" intNoticeDays = 14 dtmADPwdSet = objUser.PasswordLastChanged dtmPwdSetDate = PwdSetDate(dtmADPwdSet) dtmPwdSetTime = PwdSetTime(dtmADPwdSet) dtmGLPwdExpired = objUser.Get("GLPwdExpired") dtmGLPwdExpiredDate = datevalue(left(dtmGLPwdExpired,10)) If isdate(dtmGLPwdExpiredDate) Then strGLPwdExpiredValid = "true" Else strGLPwdExpiredValid = "false" End If If dtmGLPwdExpired = "" then wscript.echo "Password expiration not synced. Expiration time will be synced the next time password is changed." End if If strGLPwdExpiredValid = "true" then dtmGLPwdExpDate = left(objUser.GLPwdExpired,10) dtmGLPwdExpTime = right(objUser.GLPwdExpired,8) dtmToday = FormatDateTime(Now(),2) dtmExpires = DateValue(FormatDateTime(Now(),2))-DateValue(Left(dtmGLPwdExpired,10)) dtmExpiredays = datediff("d",now,dtmGLPwdExpDate) Else If Err.Number <> 0 Then If Err.Number = "-2147463155" Then dtmGLPwdExpired = "Not Set" Else dtmGLPwdExpired = "Unknown Error: " & Err.Number End If End If End If intIcon = VBInformation If (dtmExpiredays = 0) and (strGLPwdExpiredValid = "true") then PwdChangeNow () intIcon = vbCritical Else If (dtmExpiredays <= intNoticeDays) and (strGLPwdExpiredValid = "true") then PwdChangeSoon () End If End If Function PwdSetDate (varADPwdSet) dtmPwdSetYear = datepart("yyyy",varADPwdSet) dtmPwdSetMonth = datepart("m",varADPwdSet) dtmPwdSetDay = datepart("d",varADPwdSet) PwdSetDate = dtmPwdSetMonth & "/" & dtmPwdSetDay &"/" & dtmPwdSetYear End Function Function PwdSetTime (dtmADPwdSet) dtmPwdSetHour = datepart("h",objUser.PasswordLastChanged) dtmPwdSetMin = datepart("n",objUser.PasswordLastChanged) dtmPwdSetSec = datepart("s",objUser.PasswordLastChanged) PwdSetTime = dtmPwdSetHour & ":" & dtmPwdSetMin &":" & dtmPwdSetSec End Function Function PwdChangeSoon () strMsg = "Your GatorLink password will expire in " & dtmExpiredays & " days on: " & dtmGLPwdExpDate & " at " & dtmGLPwdExpTime strMsgPwdSetTime= "You last set your GatorLink password on " & dtmPwdSetDate & " at " & dtmPwdSetTime strResetPass="Would you like to reset your password now at my.ufl.edu?" strMsgfull = strMsg & vbCrLf & strMsgPwdSetTime & vbCrLf &vbCrLf & strResetPass intBoxType=vbYesNo + intIcon + vbDefaultButton2 varMsgBox = objShell.Popup(strMsgfull,10,"Password Expiration",intBoxType) Select Case varMsgBox Case vbYes objShell.Run "http://my.ufl.edu/psp/ps/EMPLOYEE/UF_PA_SSL/c/MAINTAIN_SECURITY.CHANGE_PASSWORD.GBL" Case vbNo strMsgRemind = "Remember that you will need to reset your password at http://my.ufl.edu before it expires" varMsgBox = objShell.Popup(strMsgRemind,10,"Reminder",vbInformation) End Select End Function Function PwdChangeNow () strMsg = "Your GatorLink password has expired! You will be redirected to my.ufl.edu to reset it." varPopupBox = objShell.Popup(strMsg,3,"redirecting to my.ufl.edu...", vbExclamation) objShell.Run "http://my.ufl.edu/psp/ps/EMPLOYEE/UF_PA_SSL/c/MAINTAIN_SECURITY.CHANGE_PASSWORD.GBL" End Function End If |
last edited 8 March 2009 by Steve Lasley