Here is a Powershell login script to map network drives, printers and apply application specific settings for a Windows and Remote Desktop Services environment. This script is essential a port-to-Powershell of my KIX script I wrote about in my earlier post: KIX login script to map network drives, printers and applicaton settings for Remote Desktop Services (Terminal) Server – Revised.

Firstly, there are a total of two scripts here.

  1. The Logon.bat batch file which all users have set as their login script. This script simply executes Powershell to run the logon.ps1 file
  2. The Logon.ps1 first maps company wide drives, map printers and make specific application settings (in this case, copies Microsoft Office shortcuts to users’ Start Menu and Desktop).

The logic behind why I did this is because I wanted everyone to have the SAME Logon.bat file as their login script. This keeps everyone’s Active Directory account consistent so if a user needs to have a specific drive or access to an application, we know that everyone’s settings are set in that login script.

The Logon.bat file contains only one line: powershell %0\..\logon.ps1
This simply calls Powershell to run the Logon.ps1 file.

NOTE: If you have an older Windows Operating System than Windows 7 or Windows 2008, you need to make sure you have the required Powershell file to run this login script. Have a look here to download Powershell: Download Windows PowerShell from Microsoft TechNet.

The Logon.ps1 file is the Powershell script which contains the following (which I will explain in detail):

—————————

This line queries Active Directory for user group membership. Seems abit extreme and a lot of code just to query AD for a user’s group membership. This is needed and has to be at the very TOP of the file (ie: first thing that runs) because the rest of the script is based on this code so it’s very important it’s the first code in the script.

$strName = $env:username

function get-GroupMembership($DNName,$cGroup){
 
 $strFilter = “(&(objectCategory=User)(samAccountName=$strName))”

 $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
 $objSearcher.Filter = $strFilter

 $objPath = $objSearcher.FindOne()
 $objUser = $objPath.GetDirectoryEntry()
 $DN = $objUser.distinguishedName
  
 $strGrpFilter = “(&(objectCategory=group)(name=$cGroup))”
 $objGrpSearcher = New-Object System.DirectoryServices.DirectorySearcher
 $objGrpSearcher.Filter = $strGrpFilter
 
 $objGrpPath = $objGrpSearcher.FindOne()
 
 If (!($objGrpPath -eq $Null)){
  
  $objGrp = $objGrpPath.GetDirectoryEntry()
  
  $grpDN = $objGrp.distinguishedName
  $ADVal = [ADSI]”LDAP://$DN”
 
  if ($ADVal.memberOf.Value -eq $grpDN){
   $returnVal = 1
   return $returnVal = 1
  }else{
   $returnVal = 0
   return $returnVal = 0
 
  }
 
 }else{
   $returnVal = 0
   return $returnVal = 0
 
 }
  
}

—————————

This line maps network drives based on the group membership the user is a member of. As you can see from below, if the user is part of the “Head Office” security group, the user will have the G:\drive removed, then get the G:\drive mapped to the network share: \\SERVER\general. If a user is part of the “IS” security group, the user will have the I:\drive removed, then get the I:\drive mapped to the network share: \\SERVER\IS$.

$result = get-groupMembership $strName “Head Office”
if ($result -eq ‘1’) {
 $(New-Object -ComObject WScript.Network).RemoveNetworkDrive(“G:”);
 $(New-Object -ComObject WScript.Network).MapNetworkDrive(“G:”, “\\SERVER\general”);
}

$result = get-groupMembership $strName “IS”
if ($result -eq ‘1’) {
 $(New-Object -ComObject WScript.Network).RemoveNetworkDrive(“I:”);
 $(New-Object -ComObject WScript.Network).MapNetworkDrive(“I:”, \\SERVER\IS$);
}

—————————

This part of the login script maps printers for the user. If the user is part of the “Head_Office_Printers” security group, they will get both the HeadOffice_DocuCentre_2260 and HeadOffice_HPLaserJet_5200 printers mapped for them (which is on the server called “PRINTSERVER”):

$result = get-groupMembership $strName “Head_Office_Printers”
if ($result -eq ‘1’) {
 Invoke-Expression ‘rundll32 printui.dll,PrintUIEntry /in /q /n “\\PRINT_SERVER\HeadOffice_DocuCentre_2260″‘
 #Invoke-Expression ‘rundll32 printui.dll,PrintUIEntry /in /q /n “\\PRINT_SERVER\HeadOffice_HPLaserJet_5200″‘
}

—————————

 This line copies the Microsoft Office shortcuts (Word, Excel, Powerpoint and Outlook) from the \shortcuts folder (which is located on the NETLOGON shared of the logon server) and copies them down to the user’s Desktop and Start Menu. The “Logonserver” is an actual variable and will detect the logonserver that the user has connected to (helpful if you have multiple domain controllers at multiple sites). I did this to ensure that everyone have a consistent Desktop and Start Menu. Also it gets rid of support calls asking “how do you open up Word as the icon isn’t there?”:

$result = get-groupMembership $strName “Remote_DESKTOP_USERS”
if ($result -eq ‘1’) {
 Copy-Item “$env:logonserver\netlogon\shortcuts\Microsoft Excel.lnk” “$env:UserProfile\Desktop”
 Copy-Item “$env:logonserver\netlogon\shortcuts\Microsoft Outlook.lnk” “$env:UserProfile\Desktop”
 Copy-Item “$env:logonserver\netlogon\shortcuts\Microsoft PowerPoint.lnk” “$env:UserProfile\Desktop”
 Copy-Item “$env:logonserver\netlogon\shortcuts\Microsoft Word.lnk” “$env:UserProfile\Desktop”

 Copy-Item “$env:logonserver\netlogon\shortcuts\Microsoft Excel.lnk” “$env:UserProfile\Start Menu”
 Copy-Item “$env:logonserver\netlogon\shortcuts\Microsoft Outlook.lnk” “$env:UserProfile\Start Menu”
 Copy-Item “$env:logonserver\netlogon\shortcuts\Microsoft PowerPoint.lnk” “$env:UserProfile\Start Menu”
 Copy-Item “$env:logonserver\netlogon\shortcuts\Microsoft Word.lnk” “$env:UserProfile\Start Menu”
}

—————————

You can download the two script files here: Download Powershell login script to map network drives, printers and applicaton settings

Conclusion: This Powershell port from my KIX script too me a full THREE days of research and testing to get it to work. The problem I’ve found was that there wasn’t a lot of resources available on Powershell for login scripts. At time of writing, Powershell is only in version 2.0. If you also look at some of the codes, they are essentially converted codes from a .VBS script and are not full Powershell specific commands anyway. I think that while Powershell is very powerful in some areas, it’s still in it’s early stages when it comes down to using it in a login script.

Your comments are welcome if you have any suggestions or any further improvements. I hope that this is a good stepping stone for those who want to look at using Powershell for their login scripts. However, if I have to choose, I would choose a KIX script instead.

GD Star Rating
loading...
GD Star Rating
loading...
Powershell login script to map network drives, printers and applicaton settings, 3.9 out of 5 based on 9 ratings

Related Posts: