I have 2 questions regarding logon scripts

1) I have a rather weird problem. I am told I do not have the proper
security access to edit my logon script thru the Group Policy MMC despite
being the Domain Admin. This only started today and has never been an issue
since I implemented AD 4 years ago. I can go thru the back door
(c:\windows\sysvol ...) to edit it this way.

Any ideas on how what caused this and how to fix it

2) As I have added faster pc's and Gigabit network switching, I found that I
had to add the Wait command into my logon script when I map network shares.
If I don't do this all I get is the "device already in use" script error. I
have older W2K systems that this never occurs on. I tried some of the
suggested Group Policy "Fixes" that did not work.

Any ideas on a better fix than doing the "Wait"

thanks

Hello Rick,

see inline

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

What do you mean , you are told? What account is trying to edit logon scripts?
Can you open \\domain\netlogon fomr the run line?


All the NIC drivers for the client and servers are up to date? Are the clients
XP and do you add the "Always wait for network...." policy for them?

Sorry about being slow replying but it has been busy

Regarding #1
I am logged in under the Domain Administrator account

When I edit my GPO that contains my logon script

User Configuration
Scripts (Logon/Logoff)
Logon Properties
Click Browse Button
Brings up Browse Window

When I right-click on the file and select edit I get the following Windows
message

Windows cannot access the specified device, path or file. You may not have
the appropriate permissions to access this item


I have rebooted the server & that made no difference, checked permissions of
the file and they appear fine

Any ideas?


Regarding # 2


I do have the Always wait for network enabled.
I also have the Run Logon Scripts Synchronously enabled.

The only pc's that this happens to are XP. It may happen for a day or 2,
then go away and then reappear. You do not know until you go to My Computer
to check for your mappings

thanks

Hello Rick,

1. Check out this one
Make sure that the server is recognized as belonging to the Local Intranet
zone (add it there, if necessary), and make sure that "Miscellaneous > Launching
Application and unsafe files" in the security setting for the Intranet zone
is enabled.

2. Please post the script you are using for the mapping. Seem's that old
mappings are not removed during shutdownand block the new connection

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

I have used this free to use logon script & modified it to suit the mappings
required.
It is the Wscript.sleep I added to slow down the execution not the Wait
statement as I previously posted.

This worked great under W2K, never a problem but as I have added faster pc's
& switching, the errors have cropped up. We do not use Vista because our
Medical software will not run with it

' Logon6.vbs
' VBScript logon script program.
'
' ----------------------------------------------------------------------
' Copyright (c) 2004 Richard L. Mueller
' Hilltop Lab web site - http://www.rlmueller.net
' Version 1.0 - March 28, 2004
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.

OptionExplicit = "On"

Dim objRootDSE, objTrans, strNetBIOSDomain, objNetwork, strNTName
Dim strUserDN, strComputerDN, objGroupList, objUser, strDNSDomain
Dim strComputer, objComputer
Dim strHomeDrive, strHomeShare
Dim objCommand, objConnection, strBase, strAttributes

' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

Set objNetwork = CreateObject("Wscript.Network")

' Loop required for Win9x clients during logon.
strNTName = ""
On Error Resume Next
Do While strNTName = ""
strNTName = objNetwork.UserName
Err.Clear
If Wscript.Version > 5 Then
Wscript.Sleep 600
End If
Loop
On Error GoTo 0

' Determine DNS domain name from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)

' Use the NameTranslate object to convert the NT user name to the
' Distinguished Name required for the LDAP provider.
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strNTName
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)

' Bind to the user object in Active Directory with the LDAP provider.
Set objUser = GetObject("LDAP://" & strUserDN)


' Map user home directory.
strHomeShare = objUser.homeDirectory
If strHomeShare <> "" Then
strHomeDrive = objUser.homeDrive
If strHomeDrive = "" Then
strHomeDrive = "J:"
End If

On Error Resume Next
objNetwork.MapNetworkDrive strHomeDrive, strHomeShare
wscript.sleep 1000
If Err.Number <> 0 Then
On Error GoTo 0
objNetwork.RemoveNetworkDrive strHomeDrive, True, True
wscript.sleep 1000
objNetwork.MapNetworkDrive strHomeDrive, strHomeShare
End If
On Error GoTo 0
End If


' Map a network drive if the user is a member of the group.
'If IsMember(objUser, "Nurse Scheduling Users") Then
' On Error Resume Next
' objNetwork.MapNetworkDrive "G:", "\\dist7fs01\apps$"
' If Err.Number <> 0 Then
' On Error GoTo 0
' objNetwork.RemoveNetworkDrive "G:", True, True
' objNetwork.MapNetworkDrive "G:", "\\dist7fs01\apps$"
' End If
' On Error GoTo 0
'End If

If IsMember(objUser, "Finance Users") or IsMember(objUser, "Payroll Users")
Then
On Error Resume Next
objNetwork.MapNetworkDrive "G:", "\\dist7fs01\apps$"
wscript.sleep 1000
If Err.Number <> 0 Then
On Error GoTo 0
objNetwork.RemoveNetworkDrive "G:", True, True
wscript.sleep 1000
objNetwork.MapNetworkDrive "G:", "\\dist7fs01\apps$"
End If
On Error GoTo 0

On Error Resume Next
objNetwork.MapNetworkDrive "I:", "\\dist7fs01\data$"
wscript.sleep 1000
If Err.Number <> 0 Then
On Error GoTo 0
objNetwork.RemoveNetworkDrive "I:", True, True
wscript.sleep 1000
objNetwork.MapNetworkDrive "I:", "\\dist7fs01\data$"
End If
On Error GoTo 0

End If


If IsMember(objUser, "HR Users") Then
On Error Resume Next
objNetwork.MapNetworkDrive "I:", "\\dist7fs01\data$\Human Resources"
wscript.sleep 1000
If Err.Number <> 0 Then
On Error GoTo 0
objNetwork.RemoveNetworkDrive "I:", True, True
wscript.sleep 1000
objNetwork.MapNetworkDrive "I:", "\\dist7fs01\data$\Human Resources"
End If
On Error GoTo 0
End If


If IsMember(objUser, "App Users") Then
On Error Resume Next
objNetwork.MapNetworkDrive "G:", "\\dist7fs02\apps$"
wscript.sleep 1000
If Err.Number <> 0 Then
On Error GoTo 0
objNetwork.RemoveNetworkDrive "G:", True, True
wscript.sleep 1000
objNetwork.MapNetworkDrive "G:", "\\dist7fs02\apps$"
End If
On Error GoTo 0
End If

If IsMember(objUser, "IT Dept") Then
On Error Resume Next
objNetwork.MapNetworkDrive "N:", "\\dist7fs02\data$\ITDept"
wscript.sleep 1000
If Err.Number <> 0 Then
On Error GoTo 0
objNetwork.RemoveNetworkDrive "N:", True, True
wscript.sleep 1000
objNetwork.MapNetworkDrive "N:", "\\dist7fs02\data$\ITDept"
End If
On Error GoTo 0
End If


' Use the NameTranslate object to convert the NT name of the computer to
' the Distinguished name required for the LDAP provider. Computer names
' must end with "$".
strComputer = objNetwork.computerName
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain _
& "\" & strComputer & "$"
strComputerDN = objTrans.Get(ADS_NAME_TYPE_1779)

' Bind to the computer object in Active Directory with the LDAP
' provider.
Set objComputer = GetObject("LDAP://" & strComputerDN)


' Clean up.
If IsObject(objConnection) Then
objConnection.Close
Set objCommand = Nothing
Set objConnection = Nothing
Set objGroupList = Nothing
End If
Set objRootDSE = Nothing
Set objTrans = Nothing
Set objNetwork = Nothing
Set objUser = Nothing
Set objComputer = Nothing

Function IsMember(objADObject, strGroupNTName)
' Function to test for group membership.
' objADObject is a user or computer object.
' strGroupNTName is the NT name (sAMAccountName) of the group to test.
' objGroupList is a dictionary object, with global scope.
' Returns True if the user or computer is a member of the group.
' Subroutine LoadGroups is called once for each different objADObject.

' The first time IsMember is called, setup the dictionary object
' and objects required for ADO.
If IsEmpty(objGroupList) Then
Set objGroupList = CreateObject("Scripting.Dictionary")
objGroupList.CompareMode = vbTextCompare

Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False

' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"
' Retrieve NT name of each group.
strAttributes = "sAMAccountName"

' Load group memberships for this user or computer into dictionary
' object.
Call LoadGroups(objADObject)
End If
If Not objGroupList.Exists(objADObject.sAMAccountName & "\") Then
' Dictionary object established, but group memberships for this
' user or computer must be added.
Call LoadGroups(objADObject)
End If
' Return True if this user or computer is a member of the group.
IsMember = objGroupList.Exists(objADObject.sAMAccountName & "\" _
& strGroupNTName)
End Function

Sub LoadGroups(objADObject)
' Subroutine to populate dictionary object with group memberships.
' objGroupList is a dictionary object, with global scope. It keeps track
' of group memberships for each user or computer separately. ADO is used
' to retrieve the name of the group corresponding to each objectSid in
' the tokenGroup array. Based on an idea by Joe Kaplan.

Dim arrbytGroups, k, strFilter, objRecordSet, strGroupName, strQuery

' Add user name to dictionary object, so LoadGroups need only be
' called once for each user or computer.
objGroupList(objADObject.sAMAccountName & "\") = True

' Retrieve tokenGroups array, a calculated attribute.
objADObject.GetInfoEx Array("tokenGroups"), 0
arrbytGroups = objADObject.Get("tokenGroups")

' Create a filter to search for groups with objectSid equal to each
' value in tokenGroups array.
strFilter = "(|"
If TypeName(arrbytGroups) = "Byte()" Then
' tokenGroups has one entry.
strFilter = strFilter & "(objectSid=" _
& OctetToHexStr(arrbytGroups) & ")"
ElseIf UBound(arrbytGroups) > -1 Then
' TokenGroups is an array of two or more objectSid's.
For k = 0 To UBound(arrbytGroups)
strFilter = strFilter & "(objectSid=" _
& OctetToHexStr(arrbytGroups(k)) & ")"
Next
Else
' tokenGroups has no objectSid's.
Exit Sub
End If
strFilter = strFilter & ")"

' Use ADO to search for groups whose objectSid matches any of the
' tokenGroups values for this user or computer.
strQuery = strBase & ";" & strFilter & ";" _
& strAttributes & ";subtree"
objCommand.CommandText = strQuery
Set objRecordSet = objCommand.Execute

' Enumerate groups and add NT name to dictionary object.
Do Until objRecordSet.EOF
strGroupName = objRecordSet.Fields("sAMAccountName")
objGroupList(objADObject.sAMAccountName & "\" _
& strGroupName) = True
objRecordSet.MoveNext
Loop

Set objRecordSet = Nothing
End Sub

Function OctetToHexStr(arrbytOctet)
' Function to convert OctetString (byte array) to Hex string,
' with bytes delimited by \ for an ADO filter.

Dim k
OctetToHexStr = ""
For k = 1 To Lenb(arrbytOctet)
OctetToHexStr = OctetToHexStr & "\" _
& Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
Next
End Function

These are already enabled and the server already belongs to the Local
Intranet zone