HowToForums.net Forum Index HowToForums.net
An Open Source of Knowledge
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

HowTo Check a Users Group and Allow / Deny Access - Win2k3

 
Post new topic   Reply to topic    HowToForums.net Forum Index -> MS Automation & Scripting
View previous topic :: View next topic  
Author Message
jacob
Site Admin
Site Admin


Joined: 16 Mar 2006
Posts: 73
Location: USA

PostPosted: Thu Apr 06, 2006 12:33 pm    Post subject: HowTo Check a Users Group and Allow / Deny Access - Win2k3 Reply with quote

I put together this script to check users at logon time for there association with groups in the Active Directory in order to provide them with certain applications.

What exactly is happening in the script below is...
1. The *.bat file is running at Logon using Group Policy <gpedit>
2. It executes the "whoami" command with the groups option and dumping the output to a temp file
3. Then it is checking for the group name in that temp file using the "find" command
4. Once the check is completed, it will either goto the "copy" section of the script or simply exit based on the Error Level in cmd.

Code:

@ECHO OFF
whoami /groups >c:\temp\%username%.txt
find "Citrix Access" c:\temp\%username%.txt
if %ERRORLEVEL% EQU 0 (
      goto copy
   ) else (
      goto finish
   )

:finish
   del c:\temp\%username%.txt
   exit

:copy
   copy "C:\Software\Citrix Access\Citrix Access - Production.lnk" "c:\Documents and Settings\%username%\desktop\" /Y
   del c:\temp\%username%.txt
   exit



** If the user matches the group "Citrix Access" it will copy the shortcut I placed in the "C:\Software\Citrix Access\" to the users desktop.
And of course that folder "C:\Software\Citrix Access\" is protected with read and execute permissions to the Citrix Access group.

So to make this work, create your *.bat file using the example above, and make sure you execute it at user logon, I recommend with GPO <gpedit>.

enjoy !
_________________
JB
--
"You only see what your eyes want you to see"
Back to top
Display posts from previous:   
Post new topic   Reply to topic    HowToForums.net Forum Index -> MS Automation & Scripting All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group