Connect drives according to user group membership?

  • Thread starter Thread starter Martin Schneider
  • Start date Start date
M

Martin Schneider

Hi!

I have serveral user groups, let's say:

Standard users get drive m: from \\server\data
Office users get drive o: from \\server\office
Administrators get drive i: from \\server\netinst

User A is member of Standard User and Office User and therefore gets m:
and o:

User B: is member of Office User and therefore only gets o:

User c: is member of all threee groups and therefore gets m:, o: and i:


My problem:

I created three OUs with appropriate GPs. But the GPs work only with the
user accounts in the OU, not with the user groups in the OU.

Unfortunately a user cannot be a member of more than one OU - so how do
I do this? Do I really have to create logon scripts for all permutations
of all groups?

Thanks for your ideas.

Best regards,
Martin
 
Hi,

Martin said:
I created three OUs with appropriate GPs. But the GPs work only with the
user accounts in the OU, not with the user groups in the OU.
Click to expand...

Which is by design. GPOcan only be applied to an objekt: user/computer
You can only use Security groups to filter "read and apply" of a GPO.
Place all your 3 OU beneeth another. Link the 3 GPOs with the scripts
to this higher level OU. Filter each GPO (Security settings/ Tab
Delegation). Remove "Authenticated Users" and only permitt read + apply
to your desired SecGroup

Mark
 
Martin said:
I have serveral user groups, let's say:
Standard users get drive m: from \\server\data
Office users get drive o: from \\server\office
Administrators get drive i: from \\server\netinst
Click to expand...

Additionally:
Work with one single script and ifmember.exe from ResKit
e.G.

---- logon.bat ----

\\SERVER\netlogon\ifmember SecGroup1
if errorlevel 1 goto G1

\\SERVER\netlogon\ifmember SecGroup2
if errorlevel 1 goto G2

[G1]
net use M: \\server\data /p:n
goto end

[G2]
net use M: \\server\data /p:n
net use O: \\server\office /p:n
goto end

[end]
---- logon.bat ----

Mark
 
Mark said:
Additionally:
Work with one single script and ifmember.exe from ResKit
e.G.
Click to expand...

Hi!

Thanks for the idea. I found and use KIXtart, which works similarly.

Best regards,
Martin
 
Back
Top