Joined: 16 Mar 2006
|Posted: Thu Apr 06, 2006 12:33 pm Post subject: HowTo Check a Users Group and Allow / Deny Access - Win2k3
|I put together this script to check users at logon time for there association with groups in the Active Directory in order to provide them with certain applications.
What exactly is happening in the script below is...
1. The *.bat file is running at Logon using Group Policy <gpedit>
2. It executes the "whoami" command with the groups option and dumping the output to a temp file
3. Then it is checking for the group name in that temp file using the "find" command
4. Once the check is completed, it will either goto the "copy" section of the script or simply exit based on the Error Level in cmd.
whoami /groups >c:\temp\%username%.txt
find "Citrix Access" c:\temp\%username%.txt
if %ERRORLEVEL% EQU 0 (
) else (
copy "C:\Software\Citrix Access\Citrix Access - Production.lnk" "c:\Documents and Settings\%username%\desktop\" /Y
** If the user matches the group "Citrix Access" it will copy the shortcut I placed in the "C:\Software\Citrix Access\" to the users desktop.
And of course that folder "C:\Software\Citrix Access\" is protected with read and execute permissions to the Citrix Access group.
So to make this work, create your *.bat file using the example above, and make sure you execute it at user logon, I recommend with GPO <gpedit>.
"You only see what your eyes want you to see"