locked
Drive Maps on IAG2007 RRS feed

  • Question

  • Hi All,

    Our active directory setup uses VBS scripts to map network drives. Is there an easy way we can use these with IAG?  We have about six different VBS scripts and we also have network connector active for all users.

    I'm hoping we can launch the existing VBS scripts over network connector?  I've tried the local drive mapping application and whilst it works fine, it would mean configuring a lot of instances of it.  If I can use the existing VBS scripts then this would be much easier. (only 6 portal apps to configure and maintain)

    I've also tried the File Access application but I don't like the way the files are accessed.  We can't seriously expect a user to download and upload a file every time they wish to modify it.  Drive maps accessible via windows explorer is the best way.

    I've found Ben Ari's blog and read the two articles "Drive them crazy" and "A little addition to drive mapping" (From this page http://blogs.technet.com/b/ben/default.aspx?PageIndex=2) but these aren't making it any clearer for me unfortunately.

     

    Can anyone assist or point me in the right direction ?

    Tuesday, April 12, 2011 4:08 PM

Answers

  • Hi Erin,

    I've done something before like what your requesting but its really difficult to explain via forums as its a pretty indepth customization.

    Basically, let me point you in the direction I think would be best for you and see if you can figure it out.

    The drive maping script works by creating, then executing the script on the fly on the users pc.  This means, you can pretty much create any script you want and have it get created and executed by the client pc.  Keep in mind they might need admin rights.

    So where do you go to do this? \von\Conf\SSLVPNTemplates.xml

    Once you created your customize application for EACH of the 6 scripts, make NC a pre-requsitis application to launch your custom application.

    Thanks, Dennis Lee

    http://celestix.com

    • Marked as answer by Erin Carter Wednesday, April 20, 2011 11:24 AM
    Friday, April 15, 2011 10:33 PM

All replies

  • Hi Erin,

    I've done something before like what your requesting but its really difficult to explain via forums as its a pretty indepth customization.

    Basically, let me point you in the direction I think would be best for you and see if you can figure it out.

    The drive maping script works by creating, then executing the script on the fly on the users pc.  This means, you can pretty much create any script you want and have it get created and executed by the client pc.  Keep in mind they might need admin rights.

    So where do you go to do this? \von\Conf\SSLVPNTemplates.xml

    Once you created your customize application for EACH of the 6 scripts, make NC a pre-requsitis application to launch your custom application.

    Thanks, Dennis Lee

    http://celestix.com

    • Marked as answer by Erin Carter Wednesday, April 20, 2011 11:24 AM
    Friday, April 15, 2011 10:33 PM
  • Dennis, thank you for your response.  I have followed this up and am nearly there I think.

    I have created custom "SSLVPNTemplates.xml" and "WizardDefaultParam.ini" files but when I try to launch the application on a remote client I get an "SSL Application Tunneling" pop-up advising;

    "Application "7D9290C054C745948DE8B3FC42B911B5" cannot be launched.  The application is not listed in the "Applications" list on the server.  Please contact you system administrator for more information."

    I've run through Ben Ari's various posts on these topics and cannot work out where I've gone wrong ... maybe Ben will happen upon this post and assist.  Anyone else come across this error?

     

    edit: Also worth noting that I have checked the application string above is the same on the Application URL.  In fact, the application URL is greyed out and cannot be changed apparently.  The application URL reads "http://localhost/WhaleSSLVpn/7D9290C054C745948DE8B3FC42B911B5/"

    Tuesday, April 19, 2011 5:00 PM
  • Hi Erin,

    Great progress given that this is pretty advanced stuff and you seem to have gotten very far.

    Here are some more tips.

    1) Make sure you didnt copy the entire wizardDefaultParam.ini file into the custom update.   You just need your 6 custom entries.

    2) Verify your application names match up between the wizard, ssl template.

    ie.

    [Application_List]
    NumOfApps=1
    App1=NetworkConnectorDetection

    [NetworkConnectorDetection]
    Name=Network Connector Dectection
    AppType=1
    WhaleApp=0

     

    <template name="NetworkConnectorDetection" userrights="2" use-with-lsp="yes" default="yes"><!--All platforms-->
    <port id="0" remoteport="0" flags="650" default="yes"/><!--All platforms-->
    <config-file flags="65" path="%hosts%" default="yes"><!--All platforms-->

     

     

    Tuesday, April 19, 2011 5:35 PM
  • Thanks Dennis, I've checked those things and they are named correctly.  Here's what I have in the SSLVPNTemplates.xml file;

    <config> 
    <templates version="3" use-lsp="1"> 
    <template name="TSLogin" userrights="562" repository-type="NT Domain,Active Directory" credvar-prefix="WhlDrvMap" use-with-lsp="yes" win="yes"><!--Windows--> 
    <port id="0" remoteport="139" flags="10" use-with-lsp="yes"/> 
    <config-file flags="1" path="%Temp%\DrvMain-%InternalAppID%.bat" use-with-lsp="yes"><![CDATA[ 
    
    @echo Option explicit >%temp%\test.vbs
    
    <My Other echo commands to create the on-the-fly script>
    
    @cscript %temp%\test.vbs
    
    ]]> 
    </config-file> 
    <exec exe='%Temp%\DrvMain-%InternalAppID%.bat %DrvLetter% "%WhlDrvMapPwd%" %WhlDrvMapDomain%\%WhlDrvMapUser%' flags="4" param=""/> 
    </template> 
    </templates> 
    </config>
    

    And the WizardDefaultParam.ini;

    [Application_List] 
    NumOfApps=1 
    App1=TSLogin
    
    [TSLogin] 
    Name=TS Login Script
    AppType=1 
    WhaleApp=0 
    Types=1,2 
    SSLVpnTemplate=TSLoginTemplate 
    SSLVPNNumOfElements=3 
    SSLVPNElement0ID=0 
    SSLVPNElement1ID=ShareName 
    SSLVPNElement2ID=DrvLetter 
    0Name=Server NetBIOS Name: 
    0Type=0 
    0GuiType=0 
    0Validation=IP/DNS NotEmpty 
    DrvLetterName=Drive Letter: 
    DrvLetterType=2 
    DrvLetterGuiType=3 
    DrvLetterValue=* 
    DrvLetterListValue=*;D;E;F;G;H;I;J;K;L;M;O;N;P;Q;R;S;T;U;V;W;X;Y;Z 
    DrvLetterGuiWidth=35 
    ShareNameName=Share Name: 
    ShareNameType=2 
    ShareNameGuiType=0 
    ShareNameValidation=Pattern(Exclude /:*?"<>|) NotEmpty 
    AutoLaunch=0 
    CreateEntryLink=0 
    ActivateSmugglingProtection=0 
    MaxHTTPBodySize=49152 
    ContentTypeList=application/x-www-form-urlencoded|multipart/form-data

     

    Looks ok to me ... ?  The only other thing I changed was the above entry for "SSLVpnTemplate="  I think this defaulted to "RelayUserDrive"

    Edit: I thought I'd just do 1 script for now, get it working then attempt adding the other 5

    Wednesday, April 20, 2011 8:44 AM
  • Aha!  Success!

    I started again from scratch and used Ben Ari's examples as templates, and it works!  Not sure what I did with the code above but I must have made a mistake somewhere.  The only thing I changed this time, apart from adding my own code to the  SSLVPNTemplates.xml file, was reaplacing the name value in the WizardDefaultParam.ini.

    Now to get the other 5 scripts working ...  thanks again for your assistance Dennis

    Wednesday, April 20, 2011 9:41 AM
  • An update on this for anyone who stumbles across this thread;

    I've managed to get a portal app defined which creates and runs an on-the-fly vbscript that then calls our existing login scripts directly from our domain controller, over the network connector.

    This is an excellent solution for us since it means we can have 1 portal app for mapping drives for all users, plus it will never need updating manually since when the login scripts are modified the users will automatically get the updated one.

    We have different login scripts applied to different users depending on which OU their AD account sits in, so a bit of creative VB scripting was done to query the OU before branching and calling the correct login script.

     

    Here's the SSLVPNTemplates.xml file; (I've removed our customisations and put NAME1, NAME2, etc instead.  Also there's a generic drive map command to map an O: drive for all users (common home folder for our organisation))

    <config> 
    <templates version="3" use-lsp="1"> 
    <template name="DoMyBiddingTemplate" userrights="562" repository-type="NT Domain,Active Directory" credvar-prefix="WhlDrvMap" use-with-lsp="yes" win="yes"><!--Windows--> 
    <port id="0" remoteport="139" flags="10" use-with-lsp="yes"/> 
    <config-file flags="1" path="%Temp%\DrvMain-%InternalAppID%.bat" use-with-lsp="yes"><![CDATA[ 
    @echo Set sysinfo = CreateObject("ADSystemInfo") >%temp%\MapDrives.vbs
    @echo Set objShell = CreateObject("WScript.Shell") >>%temp%\MapDrives.vbs
    @echo Set wshnetwork=createobject("wscript.network") >>%temp%\MapDrives.vbs
    @echo. >>%temp%\MapDrives.vbs
    @echo strDN = sysinfo.username >>%temp%\MapDrives.vbs
    @echo strUserName = wshnetwork.UserName >>%temp%\MapDrives.vbs
    @echo. >>%temp%\MapDrives.vbs
    @echo If instr(strDN, "OU=OU_Name1") Then >>%temp%\MapDrives.vbs
    @echo         objShell.run("cscript \\domain_name\SysVol\domain_name\Policies\{A5784D13-BEBF-47DB-9B39-4AACDBFDECFA}\User\Scripts\Logon\Name1.vbs") >>%temp%\MapDrives.vbs
    @echo End If >>%temp%\MapDrives.vbs        
    @echo. >>%temp%\MapDrives.vbs
    @echo If instr(strDN, "OU=OU_Name2") Then >>%temp%\MapDrives.vbs
    @echo         objShell.run("cscript \\domain_name\SysVol\domain_name\Policies\{3E336CCB-D430-4106-9194-33DD9340B7E6}\User\Scripts\Logon\Name2.vbs") >>%temp%\MapDrives.vbs
    @echo End If >>%temp%\MapDrives.vbs
    @echo. >>%temp%\MapDrives.vbs
    @echo If instr(strDN, "OU=OU_Name3") Then >>%temp%\MapDrives.vbs
    @echo         objShell.run("cscript \\domain_name\SysVol\domain_name\Policies\{7E707D3D-0FD2-47C9-A577-D5F4EE399C82}\User\Scripts\Logon\Name3.vbs") >>%temp%\MapDrives.vbs
    @echo End If >>%temp%\MapDrives.vbs
    @echo. >>%temp%\MapDrives.vbs
    @echo If instr(strDN, "OU=Name4") Then >>%temp%\MapDrives.vbs
    @echo         objShell.run("cscript \\domain_name\SysVol\domain_name\Policies\{A1C825A3-329C-49FD-A029-7380BC23DD6F}\User\Scripts\Logon\Name4.vbs") >>%temp%\MapDrives.vbs
    @echo End If >>%temp%\MapDrives.vbs
    @echo. >>%temp%\MapDrives.vbs
    @echo If instr(strDN, "OU=Name5") Then >>%temp%\MapDrives.vbs
    @echo         objShell.run("cscript \\domain_name\SysVol\domain_name\Policies\{DCED1060-7AF2-4FEF-A9B3-F24E26F9D5E2}\User\Scripts\Logon\Name5.vbs") >>%temp%\MapDrives.vbs
    @echo End If >>%temp%\MapDrives.vbs
    @echo. >>%temp%\MapDrives.vbs
    @echo If instr(strDN, "OU=Name6") Then >>%temp%\MapDrives.vbs
    @echo         objShell.run("cscript \\domain_name\SysVol\domain_name\Policies\{597BE664-A62E-4944-A0EA-D5BB90916D93}\User\Scripts\Logon\Name6.vbs") >>%temp%\MapDrives.vbs
    @echo End If >>%temp%\MapDrives.vbs
    @echo. >>%temp%\MapDrives.vbs
    @echo strUNC = "\\SERVER_NAME\users\" >>%temp%\MapDrives.vbs
    @echo wshnetwork.mapnetworkdrive "O:", strUNC + strUserName >>%temp%\MapDrives.vbs
    @echo. >>%temp%\MapDrives.vbs
    @echo wscript.quit >>%temp%\MapDrives.vbs
    @cscript %temp%\MapDrives.vbs
    ]]> 
    </config-file> 
    <exec exe='%Temp%\DrvMain-%InternalAppID%.bat %DrvLetter% "%WhlDrvMapPwd%" %WhlDrvMapDomain%\%WhlDrvMapUser%' flags="4" param=""/> 
    </template> 
    </templates> 
    </config>

    And the WizardDefaultParam.ini file;

    [Application_List] 
    NumOfApps=1 
    App1=DoMyBidding
    
    [DoMyBidding] 
    Name=MapNetworkDrives
    AppType=1 
    WhaleApp=0 
    Types=1,2 
    SSLVpnTemplate=DoMyBiddingTemplate 
    SSLVPNNumOfElements=3 
    SSLVPNElement0ID=0 
    SSLVPNElement1ID=ShareName 
    SSLVPNElement2ID=DrvLetter 
    0Name=Server NetBIOS Name: 
    0Type=0 
    0GuiType=0 
    0Validation=IP/DNS NotEmpty 
    DrvLetterName=Drive Letter: 
    DrvLetterType=2 
    DrvLetterGuiType=3 
    DrvLetterValue=* 
    DrvLetterListValue=*;D;E;F;G;H;I;J;K;L;M;O;N;P;Q;R;S;T;U;V;W;X;Y;Z 
    DrvLetterGuiWidth=35 
    ShareNameName=Share Name: 
    ShareNameType=2 
    ShareNameGuiType=0 
    ShareNameValidation=Pattern(Exclude /:*?"<>|) NotEmpty 
    AutoLaunch=0 
    CreateEntryLink=0 
    ActivateSmugglingProtection=0 
    MaxHTTPBodySize=49152 
    ContentTypeList=application/x-www-form-urlencoded|multipart/form-data

     

    When adding the portal app (from under Client/Server and Legacy Applications) it needs given a bogus server name and share name.

    Works a treat when you set its pre-requisite applications to include Network Connector.  I hope this is useful to someone!

     

    Wednesday, April 27, 2011 11:31 AM