Charles Gardner’s Effective IT Blog

In Alex Bakman’s recent post he says “It’s time to let your actions show just how committed you really are to securing your infrastructure”.

Time to come clean… I can’t remember not using my current “strong” password, and my online passwords wouldn’t be considered very strong!

Charles and I are quick to tell people that security is not convenient. Well, it’s time for me to be inconvenienced and develop some new strong passwords, put them to use, and devise a password changing policy for myself.

FieldNotes, Security

Today let’s start at the foundation of login scripts. Login scripts represent one of the easiest ways you can reach out and touch your users when they get on your network.

The login scripts that I have dealt with started with KiXtart (thankfully I managed to skip most of Netware). Using KiXtart we did simple automation of drive mappings and similar items. Over time I began to use KiXtart for more elaborate automation. Then in 2000 I began working with the then relatively new Windows Script Host. Since then WSH has been the basis of my login scripts for Windows clients. Using WSH you can access a wealth of external sources to draw a lot of power into your scripts.

Today my basic login script utilizes:

• Windows Script Host: WSH is the core provider for the scripting environment
• VBScript: I have written most login scripts in VBScript, although WSH can run other languages such as javascript.
• ADSI: The Active Directory Services Interface (ADSI) provides access to user and group information that drives many of the decisions within the script logic.
• WMI: The Windows Management Instrumentation (WMI) is the Microsoft flavor of WBEM which provides access to system level information about Windows hosts.

“So…” you may be saying to yourself “that’s all well and good, but how do I put this to use?” Well, for this installment, I’m going to lay out the basic setup for the scripts I use. This won’t do much, but it does set the stage for all other pieces. In later entries, we’ll look at useful things to do with it.

‘===========================
‘ Domain Login.vbs
‘ Simple Windows Script Host login script
‘===========================
On Error Resume Next

‘Get a reference to the WSH Network object
set WSHNetwork = CreateObject(“WScript.Network”)

‘Get a reference to the WSH Shell object
set WSHShell = CreateObject(“WScript.Shell”)

‘Get a reference to the FileSystemObject
Set fso = CreateObject(“Scripting.FileSystemObject”)

‘Get the user’s network ID
Username = WSHNetwork.UserName

‘Get the computer’s name
Computername = WSHNetwork.Computername

‘Bind to the user’s account on the network
Set UserObj = GetObject(“WinNT://DOMAINNAME/” & username & “,user”)

‘Build a list of all groups the user is a member of
for each grp in UserObj.Groups
GroupList = GroupList & grp.name & vbCrLf
next

‘Get local profile paths
Set WSHEnvProcess = WshShell.Environment(“Process”)
ProfileUserPath = WSHEnvProcess(“USERPROFILE”)
ProfileAllUsersPath = WSHEnvProcess(“ALLUSERSPROFILE”)

‘Login Message
‘=============
sLoginMessage = “Welcome to the network.” & vbCRLF
sLoginMessage = sLoginMessage & “—————————————” & vbCRLF
sLoginMessage = sLoginMessage & “Click OK to continue to login to your computer.” & vbCRLF
wscript.echo sLoginMessage

‘===============
‘ Script content
‘ goes here.
‘===============

This shell creates references to items we’ll need later, fetches the user name and computer name, and then connects to AD (or NT4 domain) to retrieve the user’s group membership. The paths for some local profile directories is discovered and a welcome message is displayed to the user.

That’s it so far. Nothing terribly interesting, but we’ll have much more fun with this as we go along.

FieldNotes

Over the past decade plus, Todd and I have both accumulated significant experience in everything from enterprise networks to Mom & Pop shops. While we each have our own independent consulting companies, over the past few years we have both focused on serving small business. During this time we have developed some best practices that we apply to most if not all clients. The FieldNotes series will be our way of sharing these with you.

For me (Charles), part of my background was with Microsoft SMS doing large scale control and automation. I’ve always been interested in automation, and that has spilled down into my every day operations. When Windows Script Host first appeared, I jumped at learning what could be done with WSH, ADSI, and WMI. Today I try to use login scripts whenever possible to automate routine tasks. Also, Group Policy can be an enormous asset in a Windows network. My goal is to make the PC nothing more than an appliance that provides access. At one customer network, most users can go to any system on the network, login, and work without issue. For them we’ve gotten past the PC and on to work. Other sites are not quite as far along as that, but I’d like to share with you what has worked for us.

So… please be patient, please ask questions, and most of all please apply what you may find useful.

FieldNotes