locked
Login Scripts RRS feed

  • Question

  • I have been using KiXart for login scripts for several years and it has been working well so far.  It is easy to use.  The problem I am having is that it is freeware (donation based) and security is a concern.  Although it is working fine, we want o use Powershell, AD policies or something else.  I have about forty different sites to support with different network mapping requirements.  Sometimes at the same site they have different mapping requirements based on group membership.  I would like to know if AD can support conditional mappings based on AD group membership, so far I have not been able to find out how to do this.  Powershell, I'm sure I will be able to use it.

    What do you guys think?  Thanks for your input.

    Wednesday, August 17, 2016 10:55 PM

Answers

  • Here is a PowerShell V1 function I wrote years ago to check group memberships, especially in a logon script. It can only be used to check security group memberships, not distribution groups. It evaluates the tokenGroups attribute of the user (or computer), so it reveals nested group memberships and even the "primary" group, but only security groups.

    http://www.rlmueller.net/PowerShell/PSIsMember4.txt

    The function evaluates the tokenGroups attribute of the user or computer the first time it is called and populates a hash table for the user/computer. This way, it only needs to evaluate the tokenGroups collection once. But the function can be called any number of times. The example simply outputs whether or not the user is a member of a group, but obviously you would have a logon script do other things, like map shares.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    • Edited by Richard MuellerMVP Thursday, August 18, 2016 12:12 AM
    • Proposed as answer by Jay Gu Wednesday, August 31, 2016 7:49 AM
    • Marked as answer by Jay Gu Monday, September 5, 2016 6:32 AM
    Thursday, August 18, 2016 12:08 AM