Setting up GP correctly

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have 100 users in a Native Mode Windows 2000 domain. I am looking for the best way to distribute logon scripts to different users. I also have a few computers remote that I do not want running logon scripts becuase of their link to the office. I am sure we will be adding additional offices in the future also. Are OU's my only option so I can apply different group policies to the OU's. I know our user base is going to grow, should I start implementing OU's? Is that overkill for the size of my user base. If I do implement OU's, do all of your users and computers end up in them or can you maintain the standard out of the box domain structure and gradually move computers and users to the different OU's. We are also running Exchange 2000. Any suggestions, direction, or documentation would be greatly appreciated

Thanks
 
Hi Mike.

Please see the article below. You filter the scope of Group Policy according
to security group membership, as well you can define such within the
particular login script, I get you a sample below.

Script Code:

Dim net, DomainString, UserString, UserObj

set net = Wscript.CreateObject("Wscript.Network")

DomainString = net.UserDomain
UserString = net.UserName


Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)

For Each GroupObj In UserObj.Groups
Select Case GroupObj.Name

Case "Group1"
' *** Connect Network Drives by group

net.MapNetworkDrive "G:", "\\SERVER\Group1Share\folder"

' *** Add printers by gorup

net.AddWindowsPrinterConnection "\\PRINTSRV\PRINT01"
net.AddWindowsPrinterConnection "\\PRINTSRV\PRINT02"

' *** Set default printer

net.SetDefaultPrinter "\\PRINTSRV\PRINT02"

Case "Group2"
' *** Connect Network Drives to Group

net.MapNetworkDrive "G:", "\\SERVER\Group2Share\folder"

End Select
Next

HOW TO: Assign Scripts in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;322241

To filter the scope of Group Policy according to security group membership:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/Filter.asp

Have a nice day!
--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

Mike said:
I have 100 users in a Native Mode Windows 2000 domain. I am looking for
Click to expand...
the best way to distribute logon scripts to different users. I also have a
few computers remote that I do not want running logon scripts becuase of
their link to the office. I am sure we will be adding additional offices in
the future also. Are OU's my only option so I can apply different group
policies to the OU's. I know our user base is going to grow, should I start
implementing OU's? Is that overkill for the size of my user base. If I do
implement OU's, do all of your users and computers end up in them or can you
maintain the standard out of the box domain structure and gradually move
computers and users to the different OU's. We are also running Exchange
2000. Any suggestions, direction, or documentation would be greatly
appreciated.
 
Chris

Do I need to do both? Build the new script and do the filtering? I know how to assign the scripts. If I simply use the sample code below and build it according to my security groups will that take care of it. If a use is a member of more than one security group, what takes precedence

Thanks

Mik

----- Chriss3 wrote: ----

Hi Mike

Please see the article below. You filter the scope of Group Policy accordin
to security group membership, as well you can define such within th
particular login script, I get you a sample below

Script Code

Dim net, DomainString, UserString, UserOb

set net = Wscript.CreateObject("Wscript.Network"

DomainString = net.UserDomai
UserString = net.UserNam


Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString

For Each GroupObj In UserObj.Group
Select Case GroupObj.Nam

Case "Group1
' *** Connect Network Drives by grou

net.MapNetworkDrive "G:", "\\SERVER\Group1Share\folder

' *** Add printers by goru

net.AddWindowsPrinterConnection "\\PRINTSRV\PRINT01
net.AddWindowsPrinterConnection "\\PRINTSRV\PRINT02

' *** Set default printe

net.SetDefaultPrinter "\\PRINTSRV\PRINT02

Case "Group2
' *** Connect Network Drives to Grou

net.MapNetworkDrive "G:", "\\SERVER\Group2Share\folder

End Selec
Nex

HOW TO: Assign Scripts in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;32224

To filter the scope of Group Policy according to security group membership
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/Filter.as

Have a nice day
--
Regard
Christoffer Andersso

No email replies please - reply in the newsgrou

Mike said:
I have 100 users in a Native Mode Windows 2000 domain. I am looking fo
Click to expand...
the best way to distribute logon scripts to different users. I also have
few computers remote that I do not want running logon scripts becuase o
their link to the office. I am sure we will be adding additional offices i
the future also. Are OU's my only option so I can apply different grou
policies to the OU's. I know our user base is going to grow, should I star
implementing OU's? Is that overkill for the size of my user base. If I d
implement OU's, do all of your users and computers end up in them or can yo
maintain the standard out of the box domain structure and gradually mov
computers and users to the different OU's. We are also running Exchang
2000. Any suggestions, direction, or documentation would be greatl
appreciated
 
To filter the scope of Group Policy according to security group membership
means you can only filter out the deployment of the policy for objects
within the particular OU the GPO are linked to.

The Script Code dose the same. But you way results in many scripts if you
use security group membership method and many GPs. Lets say you want to
assign a printer to some users. You can to create a new GPO just for that
and add a script.

Can you see how them can be used most effective?

Have a nice weekend

--
Regards
Christoffer Andersson

No email replies please - reply in the newsgroup

Mike said:
Chris,

Do I need to do both? Build the new script and do the filtering? I know
Click to expand...
how to assign the scripts. If I simply use the sample code below and build
it according to my security groups will that take care of it. If a use is a
member of more than one security group, what takes precedence.
 
Chriss3 said:
Hi Mike.

Please see the article below. You filter the scope of Group Policy
according to security group membership, as well you can define such
within the particular login script, I get you a sample below.
Click to expand...

The other option is to use the 'ifmember' tool from the resource kit with
old style DOS batch files to only apply sections of the script according to
security group membership.

Andy.
 
Back
Top