Thursday, June 22, 2017

How to Write Effective Network Logon Scripts

Last week's post discussed 4 valuable reasons for using mapped network drives. The reasons included: file sharing, managing file versions, localizing storage needs and backups. This week we expand upon this idea by showing how mapped drives are created with examples on how to write an effective logon script.

How to Write Effective Network Logon Scripts

Logon scripts are most effective when they are planned out before being implemented. This is because thought needs to be put into what resources users should have access to, permissions need to be set up, and oftentimes a single logon script is not suitable for every user. It may make more sense to add additional mapped drives for specific groups. For instance, a school may map specific drives to folders for student and faculty use, while the administrators have no use for these folders and vice versa.

Multiple logon scripts can be created to map drives differently for different groups of people. This allows logon scripts to be very specific, creating only those mapped drives necessary for each unique group of users. Mapping drives provides an easy way to get to resources, but the user must also have permissions to access those files. Remember, it is best practice to protect resources by allowing the least amount of access and allowing access on an as-needed basis versus allowing full access to everyone.

To create a network logon script:
  • Log onto the domain controller running active directory.
  • Open "Notepad". NOTE: It is important to use Notepad, not Wordpad. Notepad is an ASCII text editor and does not apply any formatting to the document. 
  • Decide if you want to display the drive mapping script to users. 
    • If allowed, users are shown a black command line window showing each drive being mapped when they log into a device on the network.
    • Most commonly the script starts with an "@echo off" statement to prevent the window from being displayed to users as it is less disruptive.
  • Next choose whether or not you want to clear drive letters on the local machine before mapping drive letters. This statement is used to make sure the drive letters you are mapping are available before the mapping occurs. It is helpful in situations: when users map their own drives, when external USB drives are connected, etc.
    • To clear drive letters before mapping drives, type the statement "net use 'X': /delete /yes" for each letter corresponding to a drive you plan to map.

    • The 'X' represents the drive letter mapping to delete but can be any letter of the alphabet.
    • The /yes forces the drive letter to be deleted even if it is in use.
    • NOTE: This command is not required for the logon script to run. However, if you do not include them and users report they do not have the correct drive mappings, the drive letter was likely already in use which prevented the logon script from running correctly.
  • Lastly, create statements mapping the desired network paths. Mapped drives can point to multiple servers on the same network. Before mapping drives, be sure users have the appropriate permissions to access the files.
    • To map a drive letter, type "net use 'X': \\server/folder name".
    • The 'X" represents the drive letter being mapped.
    • Only the letters A-Z can be used for drive mapping.
      • Some letters should not be used for drive mapping. Using A - D as drive mappings is not recommended because they are commonly used by the operating system and can create horrible conflicts.
      • External USB drives and other devices create drive letters sequentially based on the next available letter. As a result, the further down the alphabet you assign mapped drive letters the less likely conflicts are to occur.
  • Name the file using a .bat extension and save it in the following location: "\Windows\SYSVOL\sysvol\domain name\scripts".
  • Add the logon script to each user profile desired on the Profile tab. If you have multiple logon scripts, enter the correct one for each user.
    • Open "Active Directory Users & Computers".
    • Right-click on a user and select "Properties".
    • Click on the "Profile" tab.
    • Under "User Profile", type the name of the script into the "logon script:" box.
    • Click "Apply" and "Ok".
    • Repeat for each user.
    • Test to be sure the drive letters are mapped and the correct files are available to users.

Mapping network drives with logon scripts provides an easy way for users to access files located on other devices on the network, like servers. Storing files on servers allows them to be accessed by multiple users on the same network which is more efficient. Creating logon scripts centrally manages mapped drives which provides consistency to all users on the same network. This reduces conflicts and provides a more seamless experience. Knowing how to effectively create mapped drives, and understanding how each part of a script is used, helps make the most effective logon scripts.

As always, knowing how to use the tools at our disposal can save time and be extremely efficient when they affect groups of users at the same time!

Enjoy this post? Subscribe to our Blog

No comments:

Post a Comment