Logon script that map network drives failes to apply if UAC is on.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,
I have a problem with logon script in vista to map networks drive.
The logon script uses the Net use command to map network drives.
It works fine for standard users, but not to domain admin users.

After a long search I found on technet that I should use launchapp.wsf
script so also domain admin will get the network drives.

I have followed this Microsoft suggestion in article. There I found exactly
the problem I was having and the solution:

http://technet2.microsoft.com/Windo...878e-48db-a3c1-4be6ac7cf7631033.mspx?mfr=true

At the end of the article there is the launchapp.wsf script.
Unfortunately the script is faulty. I copied and paste it in notepad. and
saved it as launchapp.wsf. But every time it runs I get an error message:
---------------------------
Windows Script Host
---------------------------
Script: \\dc1\staff$\ZShadar\launchapp.wsf
Line: 114
Char: 2
Error: Syntax error
Code: 800A03EA
Source: Microsoft VBScript compilation error

---------------------------
OK
---------------------------

I get the same result if I run it from the GPO or manually.

I will appreciate any help.

Regards

Ziv Shadar
 
Hi there,

The only way i could work around this is by disabling UAC on the Vista
workstations. Currently, we cannot operate on dual ways to work our
workstations, so i turned off UAC as it was the easiest way to fix the
problem until Microsoft finds a better way.
 
Thanks Denis,

I know I could disable UAC but that is what I try to avoid.
If you look at the link I posted before you can see MS solution for it. But
the only problem is that the script they provide is faulty according to all
systems I launched it on it comes with this error in line 114.
So maybe someone in MS will be kind enough to fix the script so we can do
something as basic as maping network drives from a script, because all the
networks I know use network drives.

Thanks
 
This section need extra line breaks removed..
Found on another post somewhere..

I'm also trying to get it to work right.

'***********************************************************

call rootFolder.RegisterTaskDefinition( _
strTaskName, taskDefinition, FlagTaskCreate, _
,, LogonTypeInteractive)

WScript.Echo "Task submitted."

</script>

</job>
 
Thanks Fwicon,

The changes to the script did stop the error message but it still not working.
I have changed the logon script GPO so under script name is "launchapp.wsf"
and under script prameters is the mapDrive.cmd.
Now when I logon I get 2 messages:
1. Task definition created. about to submit the task. And I need to press OK.
2. Task submited. And I need to press again OK.

Then I still don't get the map networked drive in Computer.

What I need is no prompts and a map network drive.
Who did it worked for you?
Do you have the same problem?

Many thanks

Ziv
 
YAY!! I've figured out what's happening - unfortunately, I haven't
figured out a CURE for the problem yet.

The cause : The login script is running as "Administrator" because
you're a member of the local administrators group.

The proof : Run CMD.EXE normally, and type NET USE - you will notice
no login script mapped network drives connected. Now, run CMD.EXE as
Aministrator (right click CMD.EXE and select "Run as Administrator")
and then type NET USE. You will see all your drive mappings! The
"Run As Administrator" appears to have a separate user space from the
standard user, and both memory spaces have different environments. If
you consider for example, the SYSTEM account does not have the ability
to view the logged in user's mapped network drives - it's a similar
scenario. What's even more frustrating is if you do a WHOAMI on both
CMD windows, it returns your actual username.

The solution : I don't know (yet). I'm doing more work on this but
maybe somebody knows it now that you know what the cause of the
problem is. Turning off UAC is not a solution, it's just avoiding the
problem. I'm trying to find a GPO or something to the effect of "Run
login scripts automatically elevated" set to Disabled. I'll post a
solution if I ever find one (and if I ever find how I got here in the
first place).
 
Ziv,
1. Task definition created. about to submit the task. And I need to press OK.
2. Task submited. And I need to press again OK.
Click to expand...

Comment ' out these two lines at bottom of script.. they are your prompts.

'WScript.Echo "Task definition created. About to submit the task..."

'WScript.Echo "Task submitted."


On your script parameters don't forget full UNC path
\\myserver\mydir\mapdrive.cmd

I'm still having credential type problems.
won't map the drives for me

If I map a drive manually... with my username\password
then run the mapdrive script... it works fine.
It just won't do it on logon.
 
Oh man this has probably been one of the trickiest components of this
blasted UAC I've had to face so far.

Basically, due to the way UAC handles permisisons during logins as
described on this page
http://technet2.microsoft.com/Windo...878e-48db-a3c1-4be6ac7cf7631033.mspx?mfr=true
We have to schedule the script to run as interactive user. BUT, this
solution now breaks your non admin users who don't have permission to
schedule anything.

I've written/modifed two scripts which are pasted below which will
hopefully solve everybody's problems. In my GPO for my scripts I have
Script Name:
\\soe.eo\NETLOGON\launchscript.wsf
Script Parameters:
drive_mapping \\soe.eo\NETLOGON\Logon\drive_mapping.vbs

The drive mapping script does all my drive mappings, so you use your
own one there.
The launchscript wsf file first determines if you are an administrator
- if you are, then it schedules the script to run as recommended by
Microsoft, otherwise it just launches it normally.
The reason I've added a second parameter to the MS suggested solution
is because if you want to run more than 1 script, then it will fail as
the original script has a hard coded scheduled task name. This change
I've made will allow you to schedule more than 1 login script provided
you give them different names.

This scenario is working for me on several scripts launched from the
same GPO and regardless of whether or not I log in as an administrator
or standard user. I use this methodology to map network drives as
well as connect network printers.

Contents of launchscript.wsf

<job>
<script language="VBScript">

If WScript.Arguments.Length <> 2 Then
WScript.Echo "Usage: wscript launcscript.wsf <ScriptName>
<ScriptPath>"
WScript.Quit
End If

On Error Resume Next

strScriptName = WScript.Arguments(0)
strScriptPath = WScript.Arguments(1)

strTestFile = "C:\test.txt"

set FileSys = CreateObject("Scripting.FileSystemObject")
Set WshShell = WScript.CreateObject("WScript.Shell")

FileSys.CreateTextFile strTestFile, Overwrite
If FileSys.FileExists (strTestFile) then
' We are an administrator - schedule the script to run
WshShell.Run "\\soe-dc\NETLOGON\schedulescript.wsf " & strScriptName
& " " & strScriptPath,1,true
else
' We are a standard user - just launch the script
WshShell.Run "wscript " & strScriptPath,1,true
end if

FileSys.DeleteFile strTestFile

</script>
</job>

Contents of schedulescript.wsf

<job>
<script language="VBScript">

'******************************************************************
' This script launches the second parameter as the interactive user.
' Written by Microsoft - Improved by Lester
'******************************************************************

' A constant that specifies a registration trigger.
const TriggerTypeRegistration = 7

' A constant that specifies an executable action.
const ActionTypeExecutable = 0

' A constant that specifies the flag in RegisterTaskDefinition.
const FlagTaskCreate = 2

' A constant that specifies an executable action.
const LogonTypeInteractive = 3

If WScript.Arguments.Length <> 2 Then
WScript.Echo "Usage: wscript schedulescript.wsf <AppName> <AppPath>"
WScript.Quit
End If

strAppName = WScript.Arguments(0)
strAppPath = WScript.Arguments(1)

'******************************************************************
' Create the TaskService object.
'******************************************************************

Set service = CreateObject("Schedule.Service")
call service.Connect()
strTaskName = "Launch " & strAppName

'******************************************************************
' Get a folder to create a task definition in.
'******************************************************************

Dim rootFolder
Set rootFolder = service.GetFolder("\")

'******************************************************************
'Delete the task if already present
'******************************************************************
On Error Resume Next
call rootFolder.DeleteTask(strTaskName, 0)
Err.Clear

'******************************************************************
' Create the new task
'******************************************************************

Dim taskDefinition
Set taskDefinition = service.NewTask(0)

'******************************************************************
' Create a registration trigger.
'******************************************************************

Dim triggers
Set triggers = taskDefinition.Triggers
Dim trigger
Set trigger = triggers.Create(TriggerTypeRegistration)

'*********************************************************************
' Create the action for the task to execute.
'*********************************************************************

' Add an action to the task. The action executes the app.

Dim Action
Set Action = taskDefinition.Actions.Create( ActionTypeExecutable )
Action.Path = strAppPath

'*********************************************************************
' Register (create) the task.
'*********************************************************************

call rootFolder.RegisterTaskDefinition( strTaskName, taskDefinition,
FlagTaskCreate, , , LogonTypeInteractive)

</script>
</job>
 
Back
Top