Connect drives according to user group membership?

M

Martin Schneider

Hi!

I have serveral user groups, let's say:

Standard users get drive m: from \\server\data
Office users get drive o: from \\server\office
Administrators get drive i: from \\server\netinst

User A is member of Standard User and Office User and therefore gets m:
and o:

User B: is member of Office User and therefore only gets o:

User c: is member of all threee groups and therefore gets m:, o: and i:


My problem:

I created three OUs with appropriate GPs. But the GPs work only with the
user accounts in the OU, not with the user groups in the OU.

Unfortunately a user cannot be a member of more than one OU - so how do
I do this? Do I really have to create logon scripts for all permutations
of all groups?

Thanks for your ideas.

Best regards,
Martin
 
M

Mark Heitbrink [MVP]

Hi,

Martin said:
I created three OUs with appropriate GPs. But the GPs work only with the
user accounts in the OU, not with the user groups in the OU.
Click to expand...

Which is by design. GPOcan only be applied to an objekt: user/computer
You can only use Security groups to filter "read and apply" of a GPO.
Place all your 3 OU beneeth another. Link the 3 GPOs with the scripts
to this higher level OU. Filter each GPO (Security settings/ Tab
Delegation). Remove "Authenticated Users" and only permitt read + apply
to your desired SecGroup

Mark
 
M

Mark Heitbrink [MVP]

Martin said:
I have serveral user groups, let's say:
Standard users get drive m: from \\server\data
Office users get drive o: from \\server\office
Administrators get drive i: from \\server\netinst
Click to expand...

Additionally:
Work with one single script and ifmember.exe from ResKit
e.G.

---- logon.bat ----

\\SERVER\netlogon\ifmember SecGroup1
if errorlevel 1 goto G1

\\SERVER\netlogon\ifmember SecGroup2
if errorlevel 1 goto G2

[G1]
net use M: \\server\data /p:n
goto end

[G2]
net use M: \\server\data /p:n
net use O: \\server\office /p:n
goto end

[end]
---- logon.bat ----

Mark
 
M

Martin Schneider

Mark said:
Additionally:
Work with one single script and ifmember.exe from ResKit
e.G.
Click to expand...

Hi!

Thanks for the idea. I found and use KIXtart, which works similarly.

Best regards,
Martin
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Using GPO to control local group membership 2
Mapping network drives using a vbs script 2
OU's not receiving GP 1
Policy not applied to group of users in OU 1
hide drives 1
Install msi by location 1
My docs redirection fails to update when i user moves to another O 3
Mapping drives with batch file 7

Top