We use a logon script to map drives for our domain users based on their security group membership.
Here is an excerpt from the script, showing how anyone in the "_development (W)" group automatically gets the "\servername\development" share mapped when they log on:
If (IsMember(objUser, "_development") = True) Then
If (MapDrive("W:", "\\servername\development") = False) Then
MsgBox "Unable to map Development share"
End If
End If
This works as intended for all domain users who are members of the various different security groups; however, no drives are mapped for the domain administrator account as it is not currently a member of any of the security groups (and I feel it would be redundant adding it to them, just for the sake of mapping drives).
What I want to do is to have an additional entry in the logon script which maps network drives specifically for the domain administrator account.
Our workstations are Windows 7 and the domain controller is SBS 2003.
What would be the correct syntax for this?
Best Answer
Group Policy Preferences allows you to set settings such as printer and drive mappings, and filter based on a myriad of settings. This includes computer names, WMI queries, and yes, user name or group membership.
Be aware that going this route may cause login delays, as the group policy accesses AD to determine group membership. Just something to keep an eye on.
I know you're running SBS 2003, there are articles online for running GPP on 2003. If it's something you want to pursue, I can't testify to the effectiveness of it.
As far as VBScript goes, perhaps:
As you can see, I don't VBScript much, especially since PS has came on the scene, but the key here is grabbing the current user name and testing against your domain admin name in the script, and acting accordingly, which should be easy enough to implement.
Another alternative that is easy enough:
Use a single gpo with User Config login script with simple drive mappings, and target it at the OU the "domain administrator" account is in, and remove "authenticated users" from the GPO and just add "Domain Administrator" back. That will cause that account to run the login script, and no need to get fancy with the script...