Applying Group Policies

  • Thread starter Thread starter Racer Dude
  • Start date Start date
R

Racer Dude

Ok, I have a question. I want to apply a group policy to say a set of users.
Lets call them Laptop. So I create an OU and apply the policy to that OU.
When the users are not logged on, or when they take their laptop home, I
want to turn off that group policy. How do I do that?
 
So your telling me that there is no work around....

Is there a way to apply a different gp upon logoff? Or have some script run
that would modify a setting?
 
Racer Dude said:
So your telling me that there is no work around....

Is there a way to apply a different gp upon logoff? Or have some script
run that would modify a setting?
Click to expand...

You can write a script that registers for the event that triggers when a
network connection goes live (ie. Is plugged into the network).
If they don't plug into the network the settings won't apply.


'This is where you specifiy the subnets that the PC must be a member of
before the script is triggered. If they obtain a different address the
script won't do anything.
aSubnetList = Array("10.1.4.0/255.255.255.0", "10.1.4.0/255.255.252.0")
bAllMatches = True


Set Events = GetObject("winmgmts:\\.\root\cimv2").ExecNotificationQuery
("SELECT TargetInstance.Name FROM __InstanceOperationEvent WITHIN 4 WHERE
TargetInstance ISA 'Win32_NetworkAdapterConfiguration'")


Do

Set ConnectEvent = Events.nextevent

If VarType(ConnectEvent.TargetInstance.Ipaddress(0)) = 8 Then

bFoundMatch = SubnetMatch(aSubnetList,
ConnectEvent.TargetInstance.Ipaddress(0), bAllMatches, aListofMatches)

End If

If bFoundMatch Then
'This is where you put the code you want to run when a network
connection is made
'In this example I am mapping a network drive but it could just
run regedit to apply the changes you want set.

Set oShell = Createobject("wscript.shell")
Set oNet = CreateObject("Wscript.Network")

On Error Resume Next
oNet.RemoveNetworkDrive "z:", True, True
oNet.MapNetworkDrive "z:", "\\myserver\myshare"
Err.clear
oNet.RemoveNetworkDrive "z:", True, True
Err.clear

On Error GoTo 0


bFoundMatch = False
End If
Loop

Private Function SubnetMatch(aSubnetsToMatch, IPAddress, bAllMatches,
aMatchList)
For each subnetpair in aSubnetsToMatch
pair = split(subnetpair, "/", 2)
subnetoctets = split(pair(1), ".", 4)
ipaddroctets = split(IPAddress, ".", 4)

If pair(0) = join(Array(ipaddroctets(0) and subnetoctets(0),
ipaddroctets(1) and subnetoctets(1), _
ipaddroctets(2) and subnetoctets(2), ipaddroctets(3) and
subnetoctets(3)),".") Then

SubnetMatch = True
If MatchList = "" Then
MatchList = MatchList & subnetpair
Else
MatchList = MatchList & ", " & subnetpair
End If

If not bAllMatches Then
aMatchList = Array(subnetpair)
Exit For
End If


End If
Next

If SubnetMatch Then
aMatchList = split(matchlist, ",")
End If

End Function
 
Hi,
Ok, I have a question. I want to apply a group policy to say a set of
users. Lets call them Laptop. So I create an OU and apply the policy
to that OU. When the users are not logged on, or when they take their
laptop home, I want to turn off that group policy. How do I do that?
Click to expand...

I would setup local and Domain accounts. Have them logon with the
local account when off the network and the Domain account when on the
network. Therefore you can have two different settings. You can always
map the My Documents to the same location.

Cheers,

Lara
 
Cary Shultz said:
Andrew,

Looks like someone has been doing his homework in WMI class! Great job.
Click to expand...

I was lucky and found an old script in a magazine. I just hacked it together
to do what I wanted. It's amazing what you can do to shut up a whinging user.
I had one user who like to log into his laptop (not plugged into the network)
then plug it into the LAN and wanted his network drives mapped. He didn't
want to see any errors like "mapped drive has not been restored' when he
wasn't on the network.
The only way I could think to do it was to throw together an event trap that
would detect when he got a legitimate IP address and run his login script.
I must admit that I have fallen off of the wagon in regards to WMI and
ADSI. There are just so many things that come up that I am constantly
side-tracked!
Click to expand...

Well I've only recently moved into a network admin role. My previous jobs
have been writing applications and scripts, some of which were used by
admins, so I've got a bit of a head start.........
 
Cary Shultz said:
Hope that all is well with you down under!
Click to expand...

Everything's fine down here. Nice hot weather at the moment - 35 deg C (95F)
tomorrow, then on Sunday I'm heading off to Fiji for a couple of weeks.

How's that Virginia winter going :-)
 
Andrew!

Cold and windy right now. It actually had been quite warm for awhile and
then - all of a sudden - things changed. In the last several days it has
been 'normal' ( read: cold and windy but still beautiful! ).

Have fun in Fiji! Never been there but know how beautiful it is ( and I am
sure that beautiful is not even close to an appropriate term...in fact, why
put any terms to it? ).

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 
Back
Top