+ Post New Thread
Results 1 to 10 of 10
Scripts Thread, script to run command based on AD group of the computer in Coding and Web Development; Hi, Is is possible for a logon script to run based on the group a compter is in? Basically i ...
  1. #1

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,948
    Thank Post
    886
    Thanked 1,697 Times in 1,475 Posts
    Blog Entries
    12
    Rep Power
    447

    script to run command based on AD group of the computer

    Hi,

    Is is possible for a logon script to run based on the group a compter is in?

    Basically i want to create a script that will see if the computer is in the group "V213Mono" and if so run this command:

    rundll32 printui.dll,PrintUIEntry /y /n "\\KP-Print\V213Mono"

    Thanks

  2. #2

    Join Date
    Dec 2005
    Posts
    535
    Thank Post
    34
    Thanked 89 Times in 79 Posts
    Rep Power
    39
    If you use kix scripts to do your logon scripts then there is a way to do it using certain kixscript udf scripts.

    I dont know if you can do it with any other type of logon script - let me know if you need the kixscript info

  3. #3


    Join Date
    Oct 2006
    Posts
    3,411
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    New GPO and use the security filtering

  4. #4

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,897
    Thank Post
    351
    Thanked 1,289 Times in 881 Posts
    Blog Entries
    4
    Rep Power
    1128
    We use Kix Scripts.

    Stage one: We have a batch file: Staff Printers.BAT:

    [Staff Printers.Bat is a logon script set in Active Directory]

    Code:
    echo off
    \\DomainController.ChildDomain.ParentDomain.local\netlogon\wkix32.exe /b \\DomainController.ChildDomain.ParentDomain.local\netlogon\StaffPrinters.kix
    Staff Printers.KIX looks like this:

    Code:
    ;Classroom and administration workstations
    
    SELECT
    
    ;Rooms 1 to 5
    
    CASE LEFT(@WKSTA, 5) = "Room1"
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\Staff Room")
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\Administration Office Kyocera")
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\English Office")
    SetDefaultPrinter ("\\PrintServer.ChildDomain.ParentDomain.Local\Staff Room")
    
    CASE LEFT(@WKSTA, 5) = "Room2"
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\Staff Room")
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\Administration Office Kyocera")
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\English Office")
    SetDefaultPrinter ("\\PrintServer.ChildDomain.ParentDomain.Local\Staff Room")
    ...
    
    ...
    
    CASE LEFT(@WKSTA, 13) = "AdminOffice01"
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\Staff Room")
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\Administration Office Kyocera")
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\English Office")
    SetDefaultPrinter ("\\PrintServer.ChildDomain.ParentDomain.Local\Staff Room")
    
    ENDSELECT
    So for a station called AdminOffice01 a user would get Staff Room, Admin Office Kyocera, English Office printers and the Staff Room Printer would be selected as the default for the user logging onto that station.

    For students we do something similar except that the logon script is attached to the station OU and that script only runs for students.

    HTH.

  5. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,948
    Thank Post
    886
    Thanked 1,697 Times in 1,475 Posts
    Blog Entries
    12
    Rep Power
    447
    Quote Originally Posted by j17sparky View Post
    New GPO and use the security filtering
    Would that work as the group is a computer group and the script is a user script. I dont want to use loopback either

    Quote Originally Posted by siuko View Post
    If you use kix scripts to do your logon scripts then there is a way to do it using certain kixscript udf scripts.

    I dont know if you can do it with any other type of logon script - let me know if you need the kixscript info
    Quote Originally Posted by DaveP View Post
    We use Kix Scripts.

    Stage one: We have a batch file: Staff Printers.BAT:

    [Staff Printers.Bat is a logon script set in Active Directory]

    Code:
    echo off
    \\DomainController.ChildDomain.ParentDomain.local\netlogon\wkix32.exe /b \\DomainController.ChildDomain.ParentDomain.local\netlogon\StaffPrinters.kix
    Staff Printers.KIX looks like this:

    Code:
    ;Classroom and administration workstations
    
    SELECT
    
    ;Rooms 1 to 5
    
    CASE LEFT(@WKSTA, 5) = "Room1"
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\Staff Room")
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\Administration Office Kyocera")
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\English Office")
    SetDefaultPrinter ("\\PrintServer.ChildDomain.ParentDomain.Local\Staff Room")
    
    CASE LEFT(@WKSTA, 5) = "Room2"
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\Staff Room")
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\Administration Office Kyocera")
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\English Office")
    SetDefaultPrinter ("\\PrintServer.ChildDomain.ParentDomain.Local\Staff Room")
    ...
    
    ...
    
    CASE LEFT(@WKSTA, 13) = "AdminOffice01"
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\Staff Room")
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\Administration Office Kyocera")
    AddPrinterConnection ("\\PrintServer.ChildDomain.ParentDomain.Local\English Office")
    SetDefaultPrinter ("\\PrintServer.ChildDomain.ParentDomain.Local\Staff Room")
    
    ENDSELECT
    So for a station called AdminOffice01 a user would get Staff Room, Admin Office Kyocera, English Office printers and the Staff Room Printer would be selected as the default for the user logging onto that station.

    For students we do something similar except that the logon script is attached to the station OU and that script only runs for students.

    HTH.
    Thansk but i dont need to deploy printers. I do this already by AD.

    Thanks

  6. #6


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,589
    Thank Post
    228
    Thanked 856 Times in 735 Posts
    Rep Power
    296
    i know this sounds a long way round but should work
    could you create a policy that was filtered by group that copied a shortcut to the scipt to the all user startup folder on the pc. I THINK and this is the bit i havnt tried that if you then set sat the permissions on the script to say pupils deny it should only run when staff(or admins) run and only on hte machines its needed on

  7. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,948
    Thank Post
    886
    Thanked 1,697 Times in 1,475 Posts
    Blog Entries
    12
    Rep Power
    447
    Quote Originally Posted by sted View Post
    i know this sounds a long way round but should work
    could you create a policy that was filtered by group that copied a shortcut to the scipt to the all user startup folder on the pc. I THINK and this is the bit i havnt tried that if you then set sat the permissions on the script to say pupils deny it should only run when staff(or admins) run and only on hte machines its needed on
    Good idea. I will probably do that. But it would be nice if i could have a more tidy way if possible

  8. #8

    bladedanny's Avatar
    Join Date
    May 2009
    Location
    Sheffield
    Posts
    1,271
    Thank Post
    189
    Thanked 298 Times in 224 Posts
    Rep Power
    130
    Quote Originally Posted by FN-GM View Post
    I dont want to use loopback either
    This is the way I do it. add to new or existing GPO put bat file in user logon script and enable user group loopback processing mode. Works and I think its quite a tidy way of doing it.

  9. #9
    box_l's Avatar
    Join Date
    May 2007
    Location
    Herefordshire
    Posts
    429
    Thank Post
    68
    Thanked 90 Times in 75 Posts
    Rep Power
    61
    Here is a script i use



    ' ************************************************** **********
    ' *** Setup Network Printers based on Group Membership ***
    ' ************************************************** **********
    on error resume next
    Set oP=objNetwork.EnumPrinterConnections
    lgCnt=oP.Count
    Do While lgCnt>0
    objNetwork.RemovePrinterConnection oP.Item(lgCnt-1),True,True
    lgCnt=lgCnt-2
    Loop


    If IsComputerMember("green_area") or (left(strComputerName, 10))="2063-GREEN" Then

    WshNetwork.AddWindowsPrinterConnection "\\2063-fs02\GREEN4650DN"
    WshNetwork.SetDefaultPrinter "\\2063-fs02\GREEN4650DN"
    End If

    If IsComputerMember("blue_area") or (left(strComputerName, 9))="2063-BLUE" Then

    WshNetwork.AddWindowsPrinterConnection "\\2063-fs02\BLUE4650DN"
    WshNetwork.SetDefaultPrinter "\\2063-fs02\BLUE4650DN"
    End If

    If IsComputerMember("red_area") or (left(strComputerName, 8))="2063-RED" Then

    WshNetwork.AddWindowsPrinterConnection "\\2063-fs02\RED4650DN"
    WshNetwork.SetDefaultPrinter "\\2063-fs02\RED4650DN"
    End If

    If IsComputerMember("Staff") or (left(strComputerName, 9))="2063-TLAP" Then

    WshNetwork.AddWindowsPrinterConnection "\\2063-fs02\RED4650DN"
    WshNetwork.AddWindowsPrinterConnection "\\2063-fs02\BLUE4650DN"
    WshNetwork.AddWindowsPrinterConnection "\\2063-fs02\lib3600n"
    WshNetwork.AddWindowsPrinterConnection "\\2063-fs02\6F2600n"
    WshNetwork.AddWindowsPrinterConnection "\\2063-fs02\6M2600n"
    WshNetwork.AddWindowsPrinterConnection "\\2063-fs02\REC3600n"
    WshNetwork.AddWindowsPrinterConnection "\\2063-fs02\GREEN4650DN"

    End If

    End If


    ' *********************************
    ' *** End Printer Mappings ***
    ' *********************************



    Function IsMember(strGroup)
    ' Function to test for group membership,
    ' returns True If the user or computer is a member of the group.
    If IsEmpty(objGroupList) Then
    Call LoadGroups
    End If
    IsMember = objGroupList.Exists(strGroup)
    End Function

    Function IsComputerMember(sGroup)
    Dim oGroup
    on error resume next
    Set oGroup = GetObject("WinNT://" & strDomain & "/" & sGroup & ",group")
    IsComputerMember = CBool(oGroup.IsMember(objComputer2.ADsPath & "$"))
    Set oGroup = Nothing
    If not Err.Number = 0 Then
    'isComputerMember could not locate group
    end if
    on error goto 0
    End Function

    Sub LoadGroups() '------------------------------------------------
    ' Subroutine to populate dictionary object with group memberships.
    ' objUser is the user or computer object, with global scope.
    ' objGroupList is a dictionary object, with global scope.

    Dim arrbytGroups, j, arrstrGroupSids(), objGroup

    Set objGroupList = CreateObject("Scripting.Dictionary")
    objGroupList.CompareMode = vbTextCompare

    objUser.GetInfoEx Array("tokenGroups"), 0
    arrbytGroups = objUser.Get("tokenGroups")
    If TypeName(arrbytGroups) = "Byte()" Then
    ReDim arrstrGroupSids(0)
    arrstrGroupSids(0) = OctetToHexStr(arrbytGroups)
    Set objGroup = GetObject("LDAP://<SID=" & arrstrGroupSids(0) _
    & ">")
    objGroupList(objGroup.sAMAccountName) = True
    Set objGroup = Nothing
    Exit Sub
    End If
    If UBound(arrbytGroups) = -1 Then
    Exit Sub
    End If
    ReDim arrstrGroupSids(UBound(arrbytGroups))
    For j = 0 To UBound(arrbytGroups)
    arrstrGroupSids(j) = OctetToHexStr(arrbytGroups(j))
    Set objGroup = GetObject("LDAP://<SID=" & arrstrGroupSids(j) _
    & ">")
    objGroupList(objGroup.sAMAccountName) = True
    Next
    Set objGroup = Nothing
    End Sub '------------------------------------------------------------

    I have stripped out loads from this script as it is part of a whole logon.

    I think everything you need is there.

    BoX

    Hope this helps

    Edit:--- you say you dont need to deploy printers, but that is what the question looks like.

    However this is a way of runnong part of the script based on user or computer groups

    BoX
    Last edited by box_l; 6th October 2010 at 03:38 PM. Reason: read additional posts

  10. #10
    browolf's Avatar
    Join Date
    Jun 2005
    Location
    Mars
    Posts
    1,525
    Thank Post
    106
    Thanked 89 Times in 75 Posts
    Blog Entries
    46
    Rep Power
    40
    messy but you could do
    Code:
    dsget computer "cn=%computername%,ou=computers,dc=etc,dc=etc" -memberof | find "groupname"
    if %errorlevel%=0  rundll32 printui.dll,PrintUIEntry /y /n "\\KP-Print\V213Mono"
    assuming your ad structure can handle it, you would have to have 2 lines per printer assignment.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 8
    Last Post: 19th April 2012, 04:29 PM
  2. Looking for a command Reporter based Apllication
    By actionsms in forum MIS Systems
    Replies: 1
    Last Post: 3rd December 2009, 06:06 PM
  3. [Arch] Run a command on the host
    By Arcath in forum *nix
    Replies: 1
    Last Post: 6th July 2009, 11:43 AM
  4. Replies: 21
    Last Post: 11th July 2006, 07:37 PM
  5. Replies: 0
    Last Post: 23rd May 2006, 10:03 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •