Page 1 of 1

Check computer group membership

Posted: Fri Nov 02, 2012 1:54 pm
by mmacdonald
I want to have add a section to a script that will check if the machine we are logging into is a member of a group and, if so, stop the script. I have done this the other way and grabbed the machine name then used IF and Elseif to run through the machines that we don't want to run the script when logging into. That technique works fine but would require that we modify the script every time we wanted to add/delete a machine to the list of script-excluded servers.

I wanted to use the Select command to do this but am having trouble with the syntax. I have done this with user accounts and mapping drives. I figured I could do the same but I am having trouble.

Here's what I have done for user accounts. Can someone give me a little clue about how to use the same technique with the machine name?

========================================
strUserPath = "LDAP://" & objSysInfo.UserName
Set objUser = GetObject(strUserPath)

Do While objNetwork.UserName = ""
WScript.Sleep 100
Loop

For Each strGroup in objUser.MemberOf
strGroupPath = "LDAP://" & strGroup
Set objGroup = GetObject(strGroupPath)
strGroupName = objGroup.CN
Select Case UCase(strGroupName)
' HQ Default mappings
Case UCase("GROUP NAME GOES HERE")
objNetwork.MapNetworkDrive "G:", "SERVERSHARE", True
End Select
Next
========================================

I created the script below and it works but I wanted something that would work depending if the computer was a member of a certain group. That would limit the risk associated with modifying the login script.

========================================
Option Explicit
Dim wshNetwork, strComputerName

Set wshNetwork = WScript.CreateObject("WScript.Network")
strComputerName = wshNetwork.ComputerName

If strComputerName="SERVER1" Then
WScript.Quit
ElseIf strComputerName="SERVER2" Then
WScript.Quit
ElseIf strComputerName="SERVER3" Then
WScript.Quit
End If

'body of script goes here....

Set wshNetwork = Nothing
set strComputerName = Nothing
========================================

While this works, it would require a modification to the script of the list of servers ever changed.

Thank you in advance.

Check computer group membership

Posted: Thu Nov 08, 2012 12:20 pm
by jvierra
in Windows Active Directoiry we usually do this with Security FGroup Filteringt in Group Policy. Just set teh group that g3ets the scritp as teh filter on teh GPO and you can ten just add and remove computers from the group.

The way you are doing it is pretty old.

TO clarify. Create a mappoing script for each group and add the group as teh security filter for teh group in Group Policy.

If you are using WS2008 or later AD then use GPP (GroupPolicy Preferecnces for all drive and printer mappings. Iti is much easier and more reliable.

As for your question, I cannot underwstand what iti si you are try9ing to do. A computer can be a member of many groups. You do not specify any mechanism to address the issue of finding out which group to query for membership.