DrUltima Posted April 6, 2006 Share Posted April 6, 2006 Hello... First time poster, so please be patient. I am trying to set up a login script on a Windows 2003 AD. I have used the Kix scripts in the past in other companies and very much like them. It is currently set up as follows:1) Currently, I just have one person running a login script (me).2) I am calling it by adding this to my User Profile in AD:%0\..\login.bat3) The contents of login.bat is:%0\..\kix32 %0\..\login.kix4) The contents of login.kix is:? "Hello."sleep 5exit5) The script runs, but runs minimized and Windows XP Pro continues to login to the desktop.Here are my best practice questions:1) How can I get it to NOT be minimized?2) How can I prevent the rest of Windows from loading until the KiXtart script is finished?3) How can I accomplish one of those boxes that makes you sell your soul to the company or be logged out?Thanks for the assistance! Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted April 7, 2006 Share Posted April 7, 2006 (edited) Finally...someone else who uses KiX... 2) I am calling it by adding this to my User Profile in AD:%0\..\login.batChange this to just:login.bat3) The contents of login.bat is:%0\..\kix32 %0\..\login.kixThis is good. It's not necessary to copy the executable to every workstation unless you have Win9x clients...then they'll need the associated DLLs as well. Shouldn't be an issue these days though. It also helps to ensure that everyone is using the same version of KiX and gives you only one location to update the executable at when new versions come out.5) The script runs, but runs minimized and Windows XP Pro continues to login to the desktop.Here are my best practice questions:1) How can I get it to NOT be minimized?Add the following as the very first lines of your KiX script. It'll set the console height to 15 lines and then maximize the console window so you can see what it says.Shell "%COMSPEC% /C mode con lines=15"CLS$Console = SetConsole(MAXIMIZE)CLS2) How can I prevent the rest of Windows from loading until the KiXtart script is finished?I'm not sure that this can be done. I'll research this tomorrow at work since I have the better editor* installed on that machine.3) How can I accomplish one of those boxes that makes you sell your soul to the company or be logged out?You want a consent statement. Try this:$Consent = MessageBox("blah blah blah message content here blah blah blah","message title here",4116)If $Consent = 7 ? "No Selected, Logging Off" Logoff(1)EndIf4116 is the sum of selecting 4, 16, 0 and 4096 from the following options:Buttons to display0 Display OK button only.1 Display OK and Cancel buttons.2 Display Abort, Retry, and Ignore buttons.3 Display Yes, No, and Cancel buttons.4 Display Yes and No buttons.5 Display Retry and Cancel buttons.Icon to display16 Stop symbol32 Question mark48 Exclamation mark64 Information symbolDefault button0 First button is default.256 Second button is default.512 Third button is default.Modality0 Application-modal. The user must respond to the message box before continuing work in the application.4096 System-modal. All applications are suspended until the user responds to the message box.7 is the return value if they choose No:-1 User did not respond to the dialog box within the specified time-out period.1 OK button selected.2 Cancel button selected.3 Abort button selected.4 Retry button selected.5 Ignore button selected.6 Yes button selected.7 No button selected.*Now...on to editors. There are a few editors (besides Notepad, of course) that correctly color-code KiX code. My personal favorite is AdminScriptEditor. It also does VBS, BAT, CMD, XML, etc, etc...but it's original name was KiXScripts Editor so it's roots are in KiX. This is the one I have installed at work and use the most. PrimalScript 4.0 from SAPIEN is another good editor, I just don't like they way they color code KiX. It's also more expensive than AdminScriptEditor.Also, another thing I do is keep an Excel spreadsheet with script history. Basically it has what was changed, when it was change and who changed it. This way we can keep track of what was done if something breaks.If you want, I can post a cleaned up copy of my logon script. Some things my script does are:Checks C: drive space, emails admins if less than 1GB freeChecks SAV definitions, emails admins if older than 14 daysChecks SAV version, emails admins if incorrect version installedMaps drives common to each work areaMaps drives specific to an individual or individualsForces screensaver settings. Screensaver tab is hidden through group policy. Using the script allows me to easily change it (we don't have direct access to our GPO settings).Sets popup blocker settings for IE6 SP2 (sets popup blocker to High and sets allowed sites)Adds certain sites to the Trusted IE Zone (mainly required for an intranet site that uses FQDN so user credentials are automatically passed through)Enforces certain security settings on the workstation when an admin logs onThere are a few other items that I can't remember right now...but that's a quick list. Edited April 7, 2006 by nmX.Memnoch Link to comment Share on other sites More sharing options...
jyrwin Posted April 7, 2006 Share Posted April 7, 2006 http://technet2.microsoft.com/WindowsServe...c318f61033.mspxEnable: Run logon scripts synchronously Link to comment Share on other sites More sharing options...
DrUltima Posted April 7, 2006 Author Share Posted April 7, 2006 Finally...someone else who uses KiX... If you want, I can post a cleaned up copy of my logon script. Some things my script does are:Checks C: drive space, emails admins if less than 1GB freeChecks SAV definitions, emails admins if older than 14 daysChecks SAV version, emails admins if incorrect version installedMaps drives common to each work areaMaps drives specific to an individual or individualsForces screensaver settings. Screensaver tab is hidden through group policy. Using the script allows me to easily change it (we don't have direct access to our GPO settings).Sets popup blocker settings for IE6 SP2 (sets popup blocker to High and sets allowed sites)Adds certain sites to the Trusted IE Zone (mainly required for an intranet site that uses FQDN so user credentials are automatically passed through)Enforces certain security settings on the workstation when an admin logs onThere are a few other items that I can't remember right now...but that's a quick list.Thanks for the offer! I would love to take you up on it. jyrwin was correct in that this GPO will take care of questions 1 and 2 and 3, so thanks! While I was hoping to be able to script this, since I have since found out all clients are on Windows 2000 or better, I will just set the two GPO settings needed to pull this off. I do want to do things like migrate printers from one server to another, establish printer lists based on both userid and computer name, may drives based on group membership, etc, so I would be very intersted to see your script! Thanks for the offer.Here is mine thus far, keeping in mind that only I and one non-IS volunteer guinea pig are running it.; ************************************************************************; * My company name KiXtart logon script for ALL Domains. *; ************************************************************************; * Author: Justin Owens *; * Created: April 6, 2006 *; *----------------------------------------------------------------------*; * Modified By: *; * Date Modified: *; * Reason for Mod: *; ************************************************************************$UID = @UserID$PT = @ProductType; ************************************************************************; * Here we are just giving the login user a welcome message. *; ************************************************************************COLOR w+/n? "Welcome to the Company Name Here Network"COLOR y+/n? "You are logging in as @userid."? "You are logging in from a @ProductType computer."? ""COLOR w/n; ************************************************************************; * Here we are shortcuting the server type operating systems so that * ; * we can use them later to make sure scripts don't run on a server. *; ************************************************************************$Win2000 = "Windows 2000 Server"$Win2000DC = "Windows 2000 Domain Controller"$Win2003 = "Windows Server 2003"$Win2003DC = "Windows Server 2003 Domain Controller"$Win2003R2 = "Windows Server 2003 R2"$Win2003R2DC = "Windows Server 2003 R2 Domain Controller";Actual Stuff goes hereif $UID = "myuserid"; will change this to group membership catch when ready to test with rest of IS ? "Hello, " + @fullname;Should be my name; You never want to run a script when logged into a server. It can cause all kinds of problems. So... if $PT = $Win2000 OR $Win2000DC OR $Win2003 OR $Win2003DC OR $Win2003R2 OR $Win2003R2DC;want a shorter way to do this ? "Bypassing the login script because you are logging in" ? "from a " + $PT + "!" GoTo end;bypassing the rest of this script else ? "I can see that you are logging in from a " + $PT + " computer." endifelse ? "I can see that you are logging in from a " + $PT + " computer, but" ? "you are not Justin! Bypassing login script." ? "How did you manage to run this script?" GoTo end;so if I add more stuff after the endif it wont run for this userendif:endsleep 15;I want to see what has runexitThanks for the assist! Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted April 7, 2006 Share Posted April 7, 2006 I knew about the syncronous/asyncronous settings but I wasn't sure if that applied to "normal" logon scripts as opposed to those specified in GPO (machine startup/shutdown scripts and user logon/logoff scripts).I got to looking at my script and cleaning it up will just remove too much of the useful information. I work on a USAF base so I can't just post the information. I can, however, help you with parts of yours. If you tell me what you're trying to do I can help.I did notice a few things in your script that can be done in much less code, namely your server check. Try this:; ----------------------------------------------------------------; Server Check Code (Do not run script if logging onto server)If InStr(@PRODUCTTYPE,"Server") Or InStr(@PRODUCTTYPE,"Domain Controller") Use X: "\\SERVER\Share1" Use Y: "\\SERVER\Share2" "Logged onto a server, skipping 12 CPTS script..." Goto endEndIfUser groups can be done in several ways. We have one group that contains all of our users within our organization (for you this would be your Domain Users group). Then we have individual groups for the different work centers. Each person is only a member of one work center group so we use Select Case statements for that. You could use If EndIf statements, but Select Case EndSelect statements are faster because it terminates once the value is true. With an If EndIf statement it'll check the users group membership each time.We use the All Users group for common drives and settings:If InGroup("All Users") Use G: "\\SERVER\Share1" Use N: "\\SERVER\Share2" $Value = WriteValue("HKCU\Control Panel\Desktop","ScreenSaveActive","1",REG_SZ) $Value = WriteValue("HKCU\Control Panel\Desktop","ScreenSaverIsSecure","1",REG_SZ) $Value = WriteValue("HKCU\Control Panel\Desktop","ScreenSaveTimeOut","300",REG_SZ) $Value = WriteValue("HKCU\Control Panel\Desktop","SCRNSAVE.EXE","ssmarque.scr",REG_SZ) $Value = WriteValue("HKCU\Control Panel\Screen Saver.Marquee","BackgroundColor","0 10 101",REG_SZ) $Value = WriteValue("HKCU\Control Panel\Screen Saver.Marquee","CharSet","0",REG_SZ) $Value = WriteValue("HKCU\Control Panel\Screen Saver.Marquee","Font","Arial Narrow",REG_SZ) $Value = WriteValue("HKCU\Control Panel\Screen Saver.Marquee","Mode","1",REG_SZ) $Value = WriteValue("HKCU\Control Panel\Screen Saver.Marquee","Size","27",REG_SZ) $Value = WriteValue("HKCU\Control Panel\Screen Saver.Marquee","Speed","2",REG_SZ) $Value = WriteValue("HKCU\Control Panel\Screen Saver.Marquee","Text","marquee text",REG_SZ) $Value = WriteValue("HKCU\Control Panel\Screen Saver.Marquee","TextColor","255 255 0",REG_SZ) $Value = WriteValue("HKCU\Control Panel\Screen Saver.Marquee","Attributes","00001",REG_SZ) If InStr(@ProductType,"XP Professional") And @CSD = "Service Pack 2" ? "Windows XP Professional Service Pack 2 Detected" ? "--Adding Allowed Popup Sites" $Value = WriteValue("HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows","PlaySound","1",REG_DWORD) $Value = WriteValue("HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows","PopupMgr","yes",REG_SZ) $Value = WriteValue("HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow","*.af.mil","",REG_BINARY) $Value = WriteValue("HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow","*.dod.mil","",REG_BINARY) $Value = WriteValue("HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow","*.disa.mil","",REG_BINARY) $Value = WriteValue("HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow","*.dla.mil","",REG_BINARY) $Value = WriteValue("HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow","*.microsoft.com","",REG_BINARY) EndIfEndIfNow for individual groups you would do something like this:Select Case InGroup("Group1") Use O: "\\SERVER\Group1Share1" Use T: "\\SERVER\Group1Share2" Case InGroup("Group2") Use O: "\\SERVER\Group2Share1" Use T: "\\SERVER\Group2Share2" Case InGroup("Group3") Use O: "\\SERVER\Group3Share1" Use T: "\\SERVER\Group3Share2" Case InGroup("Group4") Use O: "\\SERVER\Group4Share1" Use T: "\\SERVER\Group4Share2"EndSelectSelect Case EndSelect statements work like this...if a user is logging on who is a member of Group 2 then the Select statement would parse the first Case statement to see if they're a member of Group1. When it sees they're not, it'll move onto the next Case statement. It sees they're a member of Group2 so it executes the commands for Group2 and then terminates the Select Case EndSelect statement. Again, this only works if your users are only members of one work center group. And you'll obviously want to prioritize your groups (the ones with the most members should be first).You can also do shares specific to individual users with Select Case EndSelect statements:Select Case @USERID = "User1" Use T: "\\SERVER\User1Share" Case @USERID = "User2" Use T: "\\SERVER\User2Share" Case @USERID = "User3" Use T: "\\SERVER\User3Share" Case @USERID = "User4" Use T: "\\SERVER\User4Share"I have a print server migration script that I used a while back...let me dig that up and I'll post it as well. Done correctly it'll even reset the user's default printer...the move will be completely transparent. Link to comment Share on other sites More sharing options...
InTheWayBoy Posted April 7, 2006 Share Posted April 7, 2006 I too am just getting into the wonderful world of KiX...I still like AutoIt better for most things, but it doesn't have the InGroup feature that KiX does.I can't comment on the other questions, but another option for running the script is to create a GPO that does all the dirty work. Here's a nice post explaining it in more detail than I can:http://www.kixtart.org/ubbthreads/showflat...939&an=0&page=0The idea is to have one location for your kix32.exe, then use GPO's to run the various scripts you need. Even if you only have one script this is better because the GPO can be easier to handle, and when you get into needing various scripts it'll pay off big time. Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted April 7, 2006 Share Posted April 7, 2006 KiX is awesome. I use it for a lot of things, not just logon scripts. I even use it extensively on my Unattended XP CD.Going back to logon scripts...I have another one I'm working on that uses a UDF (created by someone else) that checks computer group membership. This will be used for mapping printers based on computer location (computer groups will be specific to the bldg and room number). Link to comment Share on other sites More sharing options...
fizban2 Posted April 7, 2006 Share Posted April 7, 2006 memmnoch you have been waiting a long time to get all this out on kix haven't you....loltis like a kid in a candy shop Link to comment Share on other sites More sharing options...
DrUltima Posted April 7, 2006 Author Share Posted April 7, 2006 For Users' individual shares, I use the profile in AD. If that fails, I have this as a scripted backup:IF @HOMESHR="" COLOR r+/n ? " Notice! No Homeshare Drive defined for @USERID"ELSE ? " Connecting Drive @HOMEDRIVE to @HOMESHR" USE @HOMEDRIVE /del USE @HOMEDRIVE "@HOMESHR" IF @ERROR < 0 COLOR r+/y+ ? ''+@ERROR+' - '+@SERROR SLEEP 15 COLOR w/n ENDIFENDIFI have a print server migration script that I used a while back...let me dig that up and I'll post it as well. Done correctly it'll even reset the user's default printer...the move will be completely transparent.I would love to see this. I did this once before in an old company, but all I had to do was populate a file called printers.ini.I ended up doing this for the server check, thanks to some help from the KixTart forum:IF NOT INSTR(@ProductType,'Workstation') AND NOT INSTR(@ProductType,'Professional') ? "Bypassing the login script because you are logging in from a " + @ProductType + "!" GOTO end;bypassing the rest of this script - I know I could use EXIT, but I like this more.ELSE ? "Because you are connecting from a @ProductType workstation I am continuing your login script."ENDIFI had never thought of forcing allowable pop up sites in XPSP2. Good call. On the screen saver timeout... Is that in seconds? (probably should be obvious, but I would rather check than assume)Thanks again! Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted April 8, 2006 Share Posted April 8, 2006 I got a reply coming to this but I had to leave work early today. I'll post a more detailed reply tomorrow when I have time to gather my thoughts again. The original reply wouldn't have had the printer migration example code anyway... Link to comment Share on other sites More sharing options...
amfony Posted April 8, 2006 Share Posted April 8, 2006 off the topic but relevant,why would we use kix opposed to vbscript/cmd? It seems to be more felixible then cmd, but what is the plus over vbscript?wscript.echo "Thanks" Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted April 9, 2006 Share Posted April 9, 2006 For Users' individual shares, I use the profile in AD. If that fails, I have this as a scripted backup:IF @HOMESHR="" COLOR r+/n ? " Notice! No Homeshare Drive defined for @USERID"ELSE ? " Connecting Drive @HOMEDRIVE to @HOMESHR" USE @HOMEDRIVE /del USE @HOMEDRIVE "@HOMESHR" IF @ERROR < 0 COLOR r+/y+ ? ''+@ERROR+' - '+@SERROR SLEEP 15 COLOR w/n ENDIFENDIFThat's fine for their home drive...and that's the way it should be done. I use the individual part if there's a share specifically for something that only one or two users require access to it.BTW, you can use local groups, or server-side groups for the InGroup check, it doesn't have to be a domain group.If InGroup("@WKSTA\Administrators")orIf InGroup("\\SERVER\group")I have a print server migration script that I used a while back...let me dig that up and I'll post it as well. Done correctly it'll even reset the user's default printer...the move will be completely transparent.I would love to see this. I did this once before in an old company, but all I had to do was populate a file called printers.ini.I ended up doing this for the server check, thanks to some help from the KixTart forum:It's actually quite simple once you get into it. Everything is done with registry checks to see what they currently have set as a default printer, and then what printers they are currently mapping. The script will automatically remap any currently connected printers from the current server to the new server, and then reset the default printer if necessary.The following code assumes the printer names and share names will stay the same...you're just migrating them from one server to another. If you're renaming the full name or the share name all you have to do is match up the old name with the new name.Printer 1 = HP LaserJet 8100DTN with a full name of "HR01 (HP 8100DTN)" and a shared name of "HR01" on the current server. Printer name staying the same on the new server.Printer 2 = HP LaserJet 4250DN with a full name of "LAB01 (HP 4250DN)" and a shared name of "LAB01" on the current server. Printer being renamed on the new server to a full name of "LAB02 (HP 4250DN") and a shared name of "LAB02".; Read the value for the default printer$DefPrn = ReadValue("HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","Device"); If HR01 is mapped on the current print server, remap it to the new print serverIf KeyExist("HKCU\Printers\Connections\,,CURRENT_SERVER,HR01 (HP 8100DTN)") DelPrinterConnection("\\CURRENT_SERVER,HR01 (HP 8100DTN)") AddPrinterConnection("\\NEW_SERVER\HR01") ; If HR01 was the default printer, reset it as the default printer If InStr($DefPrn,"\\CURRENT_SERVER\HR01 (HP 8100DTN)") SetDefaultPrinter("\\NEW_SERVER\HR01 (HP 8100DTN)") EndIfEndIf; If LAB01 is mapped on the current print server, remap it to the new print serverIf KeyExist("HKCU\Printers\Connections\,,CURRENT_SERVER,LAB01 (HP 4250DN)") DelPrinterConnection("\\CURRENT_SERVER,LAB01 (HP 4250DN)") AddPrinterConnection("\\NEW_SERVER\LAB02") ; If LAB01 was the default printer, reset it as the default printer If InStr($DefPrn,"\\CURRENT_SERVER\LAB01 (HP 4250DN)") SetDefaultPrinter("\\NEW_SERVER\LAB02 (HP 4250DN)") EndIfEndIfIF NOT INSTR(@ProductType,'Workstation') AND NOT INSTR(@ProductType,'Professional') ? "Bypassing the login script because you are logging in from a " + @ProductType + "!" GOTO end;bypassing the rest of this script - I know I could use EXIT, but I like this more.ELSE ? "Because you are connecting from a @ProductType workstation I am continuing your login script."ENDIFThe code I posted is exactly the opposite of that. It checks to see if you're logging onto a Member Server or Domain Controller, instead of checking to see if you're logging onto a workstation. I find that a direct check instead of an indirect (NOT) check usually works better.I had never thought of forcing allowable pop up sites in XPSP2.Keep in mind that since you have direct access to your group policy settings you can do a lot of this in a GPO. I don't have direct access to the group policy settings for my users (I'm not a domain admin, but I am an admin for one of the organizations on base). I have to get a little more creative when I want to force settings. I do Trusted Sites settings on our logon script as well...but again, you could do this in a GPO.On the screen saver timeout... Is that in seconds? (probably should be obvious, but I would rather check than assume)Yep, that's in seconds. 300 seconds is 5 minutes. We're required to have our screensavers set to between 5 and 20 minutes. We're a Customer Service oriented organization and most of our workstations are in high-traffic areas so we went with 5 minutes. This is another setting you could force via Group Policy.Thanks again!Sure thing!off the topic but relevant,why would we use kix opposed to vbscript/cmd? It seems to be more felixible then cmd, but what is the plus over vbscript?wscript.echo "Thanks"With some things it's just a personal preference. KiX was originally designed from the ground up for logon script usage. For a long time it was the only real alternative to CMD. It's grown since then so that you can use it for lots of other things.For the longest time it was the only real option if you wanted real logon scripts so a lot of people were using it. KiX also has a lot of built-in functionality for doing things such as reading registry values, connecting printers, mapping drives, etc. I know VBScript has these same things, but sometimes it takes less code to do it in KiX. Just for instance:wscript.echo "Thanks"vs.? "Thanks"To do the same exact thing.KiX can also do most of the same COM automations calls that VBScript can do. KiX can do WMI calls/reads, read/write text files, Excel Spreadsheets, Access DBs, SQL DBs, etc, etc. Link to comment Share on other sites More sharing options...
DrUltima Posted April 10, 2006 Author Share Posted April 10, 2006 nmX.Memnoch,I tried your printer migration script and it works very well. Thank you. I was wondering how I could bypass the 00 that shows up after each migration? I want to see an error message if any exists, but if any does not, I want to not see the 0.Thanks for your thoughts. Link to comment Share on other sites More sharing options...
jftuga Posted April 10, 2006 Share Posted April 10, 2006 We have a folder under \\domain.com\netlogon called LogonStatus. It is shared out a LogonStatus$ and users can write to this directory.Then we have code like this in our GPO logon script:$REWT = "\\example.com\LogonStatus$\@WKSTA.LOG" WRITEPROFILESTRING($REWT, "LAST LOGON", "Date", "@DATE") WRITEPROFILESTRING($REWT, "LAST LOGON", "Time", "@TIME") WRITEPROFILESTRING($REWT, "LAST LOGON", "IP Address", "@IPADDRESS0") WRITEPROFILESTRING($REWT, "LAST LOGON", "MAC Address", "@ADDRESS") WRITEPROFILESTRING($REWT, "LAST LOGON", "Host Name", "@HOSTNAME") WRITEPROFILESTRING($REWT, "LAST LOGON", "Uptime", "@TICKS") WRITEPROFILESTRING($REWT, "LAST LOGON", "User ID", "@LDOMAIN\@WUSERID") WRITEPROFILESTRING($REWT, "LAST LOGON", "Full Name", "@FULLNAME") WRITEPROFILESTRING($REWT, "LOGON SERVER", "LOGONSERVER", "@LSERVER") WRITEPROFILESTRING($REWT, "LOGON SERVER", "LOGONDRIVE", "@LDRIVE") WRITEPROFILESTRING($REWT, "LOGON SERVER", "LOGONHOMEDIR", "@LONGHOMEDIR") WRITEPROFILESTRING($REWT, "LOGON SERVER", "SCRIPTDIR", "@SCRIPTDIR")Regardless of which of our 3 DCs a user logs on with, all of these log files will be synchronized across the DCs with the built-in file replication functionality. If one of our DCs happens to be down, the script still works without any problems.In times like this, I think it is better to use \\domain.com instead of \\server in case that server is not up & running.-John Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted April 10, 2006 Share Posted April 10, 2006 I tried your printer migration script and it works very well. Thank you. I was wondering how I could bypass the 00 that shows up after each migration? I want to see an error message if any exists, but if any does not, I want to not see the 0.Modify it as such:; Read the value for the default printer$DefPrn = ReadValue("HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows","Device"); If HR01 is mapped on the current print server, remap it to the new print serverIf KeyExist("HKCU\Printers\Connections\,,CURRENT_SERVER,HR01 (HP 8100DTN)") $X = DelPrinterConnection("\\CURRENT_SERVER,HR01 (HP 8100DTN)") If @ERROR > 0 ? "Old printer connection 'HR01' was NOT deleted successfully" EndIf $X = AddPrinterConnection("\\NEW_SERVER\HR01") If @ERROR > 0 ? "New printer connection 'HR01' was NOT added successfully" EndIf ; If HR01 was the default printer, reset it as the default printer If InStr($DefPrn,"\\CURRENT_SERVER\HR01 (HP 8100DTN)") $X = SetDefaultPrinter("\\NEW_SERVER\HR01 (HP 8100DTN)") If @ERROR > 0 ? "Printer 'HR01' was NOT reset as the default printer" EndIf EndIfEndIf; If LAB01 is mapped on the current print server, remap it to the new print serverIf KeyExist("HKCU\Printers\Connections\,,CURRENT_SERVER,LAB01 (HP 4250DN)") $X = DelPrinterConnection("\\CURRENT_SERVER,LAB01 (HP 4250DN)") If $X > 0 ? "Old printer connection 'LAB01' was NOT deleted successfully" EndIf $X = AddPrinterConnection("\\NEW_SERVER\LAB02") If $X > 0 ? "New printer connection 'LAB02' was NOT added successfully" EndIf ; If LAB01 was the default printer, reset it as the default printer If InStr($DefPrn,"\\CURRENT_SERVER\LAB01 (HP 4250DN)") $X = SetDefaultPrinter("\\NEW_SERVER\LAB02 (HP 4250DN)") If $X > 0 ? "Printer 'LAB02' was NOT reset as the default printer" EndIf EndIfEndIfBasically you're using the "$X = " part to "trap" the @ERROR return code, which it from being displayed in the console. The value of $X will be the return code (@ERROR) of the operation. Anything greater than 0 (for these particular commands) is a failure.We have a folder under \\domain.com\netlogon called LogonStatus. It is shared out a LogonStatus$ and users can write to this directory.Then we have code like this in our GPO logon script:$REWT = "\\example.com\LogonStatus$\@WKSTA.LOG" WRITEPROFILESTRING($REWT, "LAST LOGON", "Date", "@DATE") WRITEPROFILESTRING($REWT, "LAST LOGON", "Time", "@TIME") WRITEPROFILESTRING($REWT, "LAST LOGON", "IP Address", "@IPADDRESS0") WRITEPROFILESTRING($REWT, "LAST LOGON", "MAC Address", "@ADDRESS") WRITEPROFILESTRING($REWT, "LAST LOGON", "Host Name", "@HOSTNAME") WRITEPROFILESTRING($REWT, "LAST LOGON", "Uptime", "@TICKS") WRITEPROFILESTRING($REWT, "LAST LOGON", "User ID", "@LDOMAIN\@WUSERID") WRITEPROFILESTRING($REWT, "LAST LOGON", "Full Name", "@FULLNAME") WRITEPROFILESTRING($REWT, "LOGON SERVER", "LOGONSERVER", "@LSERVER") WRITEPROFILESTRING($REWT, "LOGON SERVER", "LOGONDRIVE", "@LDRIVE") WRITEPROFILESTRING($REWT, "LOGON SERVER", "LOGONHOMEDIR", "@LONGHOMEDIR") WRITEPROFILESTRING($REWT, "LOGON SERVER", "SCRIPTDIR", "@SCRIPTDIR")Regardless of which of our 3 DCs a user logs on with, all of these log files will be synchronized across the DCs with the built-in file replication functionality. If one of our DCs happens to be down, the script still works without any problems.In times like this, I think it is better to use \\domain.com instead of \\server in case that server is not up & running.-JohnThe NETLOGON share is also replicated to each DC. In the case where you're calling items from the NETLOGON share then you should be using the @LDRIVE variable (or @LSERVER variable if you're referencing a common share on each DC). However, when mapping shares that aren't on the domain controller(s) then you have no choice but to use the server name. Most people don't run file and print services on their domain controllers. BTW, just so you know, @TICKS has problems. Once you get past a certain number of days it'll start counting backwards. I prefer to use a command line utility to write the information to a text file and then parse the information from there. For example...using the built in systeminfo command:Shell '%COMSPEC% /C systeminfo > "%USERPROFILE%\sysinfo.txt"'If Open(1,"%USERPROFILE%\sysinfo.txt",2) = 0 $LINE = ReadLine(1) While @ERROR = 0 If InStr($LINE,"System Up Time") $UPTIME = Trim(SubStr($LINE,28)) EndIf $LINE = ReadLine(1) LoopEndIfDel "%USERPROFILE%\sysinfo.txt"It'll take a little longer to run because systeminfo parses quite a bit of information. There's a utility in the resource kit called uptime.exe that runs pretty quick. I use systeminfo because it has lots of other information I need at the same time so I can do it with just one dump (and it's not something that we're running in our logon script). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now