tasse Posted November 24, 2020 Share Posted November 24, 2020 Hello everyone, i need a script that shoud be executed by a local user account. This script should map a domain user folder from the fileserver. Unfortunately the script runs without erros but nothing happens either. The idea is that the script asks for user and password. And then connect the user folder \\fileserver\user with the password. While there could be different user trying this script I decided for the variable $login. DriveMapDel("x:") $login=InputBox ("Benutzername", "Bitte Benutzername eingeben") $passwd=InputBox("Passwort", "Bitte Passwort eingeben", "","*") DriveMapAdd("x:", "\\fileserver\$login",0,"domain\$login" & $login,$passwd) Hope someone can give my some tips why its not working. By the way its my first contact with autoit and I just need it for this purpose only. best regards Link to comment Share on other sites More sharing options...
Developers Jos Posted November 24, 2020 Developers Share Posted November 24, 2020 Maybe you mean: ? DriveMapAdd("x:", "\\fileserver\" & $login,0,"domain\" & $login,$passwd) Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
GokAy Posted November 24, 2020 Share Posted November 24, 2020 (edited) Hey, is the domain name going to be fixed and is the domain name "domain"? Currently, as far as I can tell you are trying to authenticate with a user that would reside within a domain named "domain". Maybe just add it as a variable, and use that instead? $sDomain = "MyDomainNameHere" DriveMapAdd("x:", "\\fileserver\" & $login, 0, $sDomain & "\" & $login, $passwd) Edit: Just wondering If these users have domain user accounts, why are they working local? Business requirement of sorts? Or, if you are supplying the local user credentials, how will the server grant access? Edited November 24, 2020 by GokAy Link to comment Share on other sites More sharing options...
JockoDundee Posted November 24, 2020 Share Posted November 24, 2020 5 hours ago, tasse said: By the way its my first contact with autoit and I just need it for this purpose only. That’s what everybody thinks at first. Pretty soon though they’re mainlining the stuff Code hard, but don’t hard code... Link to comment Share on other sites More sharing options...
tasse Posted November 25, 2020 Author Share Posted November 25, 2020 12 hours ago, GokAy said: Edit: Just wondering If these users have domain user accounts, why are they working local? Business requirement of sorts? Or, if you are supplying the local user credentials, how will the server grant access? The reason is that these devices can be borred by students who are poor and cannot afford own devices. While they are stay at home due to covid19 they can work locally. Link to comment Share on other sites More sharing options...
GokAy Posted November 25, 2020 Share Posted November 25, 2020 (edited) Hmm, that raises other questions, and concerns. I believe you should first get the command to run properly before adapting a script for it. You didn't mention if you tried what I wrote. 1. Do these users have domain user credentials and not allowed to logon? Because you wouldn't need to provide credentials if logged on to the domain. 2. Did you try the "net use" command manually, first, while connected to the network locally, then while connected with the VPN? I guess you will be connecting with a VPN? 3. If you are in a domain forest, you may need to use "dotted domain name" instead. 4. If you are using fileserver name, can it be resolved while connected from outside. Tried with IP address instead? I am a bit rusty with these, but if you provide accurate info, someone should help you get the command to run successfully in the first place. Personally, I would try these in order, first locally, then from outside: net use x:\ "\\<serverIP>\<sharename>" net use x:\ "\\<servername>\<sharename>" then add the credentials part. Depending on whether you find it safe, you could add the "/PERSISTENT:YES" part to it as well which will add the credentials to the OS, and you won't be asked every log on. Check out "Control Panel\All Control Panel Items\Credential Manager" - Windows Credentials part. Edited November 25, 2020 by GokAy Link to comment Share on other sites More sharing options...
rudi Posted December 14, 2020 Share Posted December 14, 2020 (edited) Hello, I'd like to to mention to have a look at the possibilities of mapping user specific folders by making use of GPO. and 2nd what you describe sounds like you use "one-share-per-user": IMHO the better approach would be to have *ONE* share for all users, then one Sub-Folder per user, where they store their personal data. Have a look at "ABE" (access based enumeration, Microsoft documentation) to read up howto take care, that to all the users will see their personal sub-folder *ONLY*. (all others are not displayed in Windows Explorer) For one customer I use a "three-level-structure": [drive:]\Userhome\Department\UserSamAccountName The tool doing "The-work-itself" is written by Helge Klein: SetACL.EXE, you'll find that one here: https://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/ expandcollapse popup#include <array.au3> #include <file.au3> $ADSID = "S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-" ; modify this to match the SID of your Active Directory ; wellknown SIDs - same suffix for *ANY* AD. $SIDDomainAdministrator = $ADSID & "500" ; User $SIDDomainGuest = $ADSID & "501" ; User $SIDDomainKRBTGT = $ADSID & "502" ; Key Distribution Center (KDC) service $SIDDomainAdmins = $ADSID & "512" ; Group $SIDDomainUsers = $ADSID & "513" ; Group $SIDDomainGuests = $ADSID & "514" ; Group $SIDDomainComputers = $ADSID & "515" $SIDDomainControllers = $ADSID & "516" $SIDDomainCertPublishers = $ADSID & "517" $SIDSchemaAdmins = $ADSID & "518" $SIDEnterpriseAdmins = $ADSID & "519" $SIDGroupPolicyCreatorOwners = $ADSID & "520" $root = "D:\userhome\" ; local path where the Userhome Directories are placed. Share Name = "UserHome"; trailing backslash! $aEins = _FileListToArray($root, "*", 2) ; level 1 and above: set "Traversal" ; level 2 folder: set rights for the users $ntfs = "read_execute" ; "traverse", Recht auf die übergeordneten Folder. "traverse benötigt "read_execute", dieses beinhaltet: FILE_TRAVERSE, FILE_LIST_DIRECTORY, FILE_READ_ATTRIBUTES, FILE_READ_EA, READ_CONTROL For $i = 1 To $aEins[0] $DestDir = $root & $aEins[$i] $SACLparams = ' -on "' & $DestDir & '" -ot file -actn ace -ace "n:' & $SIDDomainUsers & ';p:' & $ntfs & ';s:y;i:np;m:grant;w:dacl"' $timer = TimerInit() $result = RunWait("d:\setacl.exe " & $SACLparams, @TempDir, @SW_HIDE) If $result = 0 Then ConsoleWrite(" OK: " & $DestDir & @LF) Else ConsoleWrite("ERROR!! " & $result & " - " & $DestDir & @LF) EndIf ConsoleWrite(@TAB & @TAB & "seconds: " & Round(TimerDiff($timer) / 1000,3) & @LF) ConsoleWrite("-------------------" & @LF) Next $DestDir = $root $weiter = True While $weiter $DestDir = StringLeft($DestDir, StringInStr($DestDir, "\", 0, -1) - 1) If Not StringInStr($DestDir, "\") Then ; Root Directory ist erreicht für dieses Laufwerk $weiter = False $DestDir &= "\\" ; trailing backslash im Pfad muss für setacl.exe ge-quoted werden, sonst wird das nachfolgende " aufgehoben! ConsoleWrite("Drive's Root directory reached: This might take *EXTREMLY* long time!" & @LF) EndIf $SACLparams = ' -on "' & $DestDir & '" -ot file -actn ace -ace "n:' & $SIDDomainUsers & ';p:' & $ntfs & ';s:y;i:np;m:grant;w:dacl"' ConsoleWrite("setacl.exe " & $SACLparams & @LF) ConsoleWrite("This is close to top level dir, will take a while, please be patient!" & @LF) $timer = TimerInit() $result = RunWait("d:\setacl.exe " & $SACLparams, @TempDir, @SW_HIDE) ConsoleWrite("Time for command in minutes = " & Floor(TimerDiff($timer) / 1000) / 60 & @LF) If $result = 0 Then ConsoleWrite(" OK: " & $DestDir & @LF) Else ConsoleWrite("ERROR!! " & $result & " - " & $DestDir & "(" & SetAclReturnCodeText($result) & ")" & @LF) EndIf WEnd ConsoleWrite("--------------------------------------------------------------------------------------------------" & @LF) $ntfs = "change" For $i = 1 To $aEins[0] $aSubDirs = _FileListToArray($root & $aEins[$i], "*", 2) ; nur ORDNER If IsArray($aSubDirs) Then For $k = 1 To $aSubDirs[0] $DestDir = $root & $aEins[$i] & "\" & $aSubDirs[$k] $SACLparams = ' -on "' & $DestDir & '" -ot file -actn ace -ace "n:AD\' & $aSubDirs[$k] & ';p:' & $ntfs & ';s:n;i:so,sc;m:grant;w:dacl"' $result = RunWait("D:\setacl.exe " & $SACLparams, @TempDir, @SW_HIDE) If $result = 0 Then ConsoleWrite(" OK: " & $DestDir & @LF) Else ConsoleWrite("ERROR!! " & $result & " - " & $DestDir & @LF) EndIf Next EndIf Next Func SetAclReturnCodeText($result) ; erwartet den ReturnCode von SETACL.EXE in der Variablen $result Local $aRetCodes[51][2] = [[50], _ [0, "OK"], _ [1, "Usage instructions were printed"], _ [2, "General error"], _ [3, "Parameter(s) incorrect"], _ [4, "The object was not set"], _ [5, "The call to GetNamedSecurityInfo () failed"], _ [6, "The SID for a trustee could not be found"], _ [7, "Directory permissions specified are invalid"], _ [8, "Printer permissions specified are invalid"], _ [9, "Registry permissions specified are invalid"], _ [10, "Service permissions specified are invalid"], _ [11, "Share permissions specified are invalid"], _ [12, "A privilege could not be enabled"], _ [13, "A privilege could not be disabled"], _ [14, "No notification function was given"], _ [15, "An error occured in the list function"], _ [16, "FindFile reported an error"], _ [17, "GetSecurityDescriptorControl () failed"], _ [18, "An internal program error occured"], _ [19, "SetEntriesInAcl () failed"], _ [20, "A registry path is incorrect"], _ [21, "Connect to a remote registry failed"], _ [22, "Opening a registry key failed"], _ [23, "Enumeration of registry keys failed"], _ [24, "Preparation failed"], _ [25, "The call to SetNamedSecurityInfo () failed"], _ [26, "Incorrect list options specified"], _ [27, "A SD could not be converted to/from string format"], _ [28, "ACL listing failed"], _ [29, "Looping through an ACL failed"], _ [30, "Deleting an ACE failed"], _ [31, "Copying an ACL failed"], _ [32, "Adding an ACE failed"], _ [33, "No backup/restore file was specified"], _ [34, "The backup/restore file could not be opened"], _ [35, "A read operation from the backup/restore file failed"], _ [36, "A write operation from the backup/restore file failed"], _ [37, "The operating system is not supported"], _ [38, "The security descriptor is invalid"], _ [39, "The call to SetSecurityDescriptorDacl () failed"], _ [40, "The call to SetSecurityDescriptorSacl () failed"], _ [41, "The call to SetSecurityDescriptorOwner () failed"], _ [42, "The call to SetSecurityDescriptorGroup () failed"], _ [43, "The domain specified is invalid"], _ [44, "An error occured, but it was ignored"], _ [45, "The creation of an SD failed"], _ [46, "Memory allocation failed"], _ [47, "No action specified – nothing to do"], _ [48, "WMI permissions specified are invalid"], _ [49, "Recursion is not possible"]] If $result = 0 Then Return "OK " For $i = 1 To $aRetCodes[0][0] If $aRetCodes[$i][0] = $result Then Return "Error " & $result & ": " & $aRetCodes[$i][1] Next Return "Error " & $result & ": <unknown error>" EndFunc ;==>ReturnCodeText Edited December 15, 2020 by rudi Earth is flat, pigs can fly, and Nuclear Power is SAFE! Link to comment Share on other sites More sharing options...
rudi Posted December 14, 2020 Share Posted December 14, 2020 One more comment: I assume, that the users are logged on the laptop using their personal user account? If that's fact, then all you need is to test, if the server is available, then map the drive to the *ONE* top level share, I've mentioned above, you won't need to specify user and password, as the local windows logon session will try the "currently-logged-on-user-credentials" automatically first. Earth is flat, pigs can fly, and Nuclear Power is SAFE! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now