Archive for the ‘Logon Script with Shell’ Category

User logon problems are sometimes hard to troubleshoot. Have you checked the Application log on the machine in question? There might be (most likely) some errors in there from source Userenv (ID’s 1053, 1054).
Turning on Userenv debug logging will also help in troubleshooting user logon problems. You can do this by adding a Registry key:

– Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
– Value: UserEnvDebugLevel
– Value Type: REG_DWORD
– Value Data: 10002 (Hex)

The log will be located in: %systemroot%\debug\usermode\userenv.log.

In the log you will exactly see what happens during logon at what time. If you see a large difference between times you’ll know what part of the logon process is causing the long delay.

Advertisements


To update your Norton antivirus files with shell scripting, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Download the latest Intelligent Updater file from http://www.symantec.com to the new directory.
  3. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

Set IUPDATER=iufile

%IUPDATER% /Q > Nul

Here, IUPDATER is a variable containing the complete path and file name of the Intelligent Updater executable.


To update your McAfee antivirus engine and/or signature files with shell scripting, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

CLS

Set SDAT=”superdat

Set DAT=”datfile

Set NAILOG=”textlog

Set DDAY=”DOTW

For /F “Tokens=1” %%I in (‘Date /T’) Do Set Day=%%I

If %DAY% EQU %DDAY% Goto UENGINE

%DAT% /F /PROMPT /REBOOT /SILENT /LOGFILE

%NAILOG%

GOTO END

:UENGINE

%SDAT% /F /PROMPT /REBOOT /SILENT /LOGFILE %NAILOG%

GOTO END

:END

Set SDAT=

Set DAT=

Set NAILOG=

Set DAY=

Here, SDAT is a variable containing the complete path and file name of the SuperDAT executable; DAT is a variable containing the complete path and file name of the DAT executable; NAILOG is a variable containing the complete path and file name of the status log text file; and DDAY is the day of the week (Mon, Tue, Wed, Thu, Fri, Sat, Sun) to run the SuperDAT as opposed to the daily DAT file.


Although it’s not essential, many administrators like to display a greeting to the user depending on the time of day. To display a time-based greeting from the command line, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

CLS

For /F “Delims=: Tokens=1” %%I in (‘Time /T’) Do Set Hour=%%I

For /F “Delims=: Tokens=2” %%I in (‘Time /T’) Do Set Min=%%I

For /F “Delims=0,1,2,3,4,5,6,7,8,9 Tokens=2” %%I in

(‘Set Min‘) Do Set AP=%%I

If %AP% EQU p Goto PM

Set Greet=Good Morning

Goto End

: PM

If %Hour% EQU 12 Set Hour=0

If %Hour% LSS 12 Set Greet=Good Evening

If %Hour% LSS 6 Set Greet=Good Afternoon

:End

Echo %Greet%

Set Hour=

Set Min=

Set AP=

Note The highlighted code above should be placed on one line.

Here, the Time /T command indicates the local system time.


Determining whether a client is logging in through the network or remote access helps you specify which parts of the script to run. CheckRAS is a command-line, SMS resource kit utility to determine whether a user is using remote access. To determine whether the current user is using remote access during a logon script, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

CLS ; Clears the screen

Set RAS=NO

fullpath\CheckRAS > Nul

If %errorlevel% EQU 1 Set RAS=YES

Here, fullpath is the full path where the CheckRAS utility is located, and RAS indicates whether the current user is using remote access or not.


Mapping printers through a logon script provides an easy method to remotely update printer connections. Con2PRT (Connect To Port) is a Windows 2000 Resource Kit utility used to control printer connections from the command line. The basic syntax of the con2PRT utility is as follows:

Con2prt /commands \\server\printer

Here, server is the name of the printer server containing the shared printer to map. The available commands are:

  • /F—Removes all printer connections
  • /C—Connects to the printer specified
  • /CD—Connects to the printer specified and marks it as the default printer

To remove all current printer connections and map a default printer using con2PRT, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

Set Pserver=server

Set DPrinter=Printer

fullpath\con2prt /F

fullpath\con2prt /CD \\%server%\%printer%

Here, pserver is the variable holding the printer server name; dprinter is the variable holding the name of the printer share; and fullpath is the full path where con2prt is located.

Adding Printers Using the PrintUI DLL

Windows 2000/XP/2003 includes the PrintUI.dll to add and remove printers from the command line. To use the PrintUI.dll, you must call the PrintUIEntry function through the rundll32 command. To add a default printer using the PrintUI DLL, start a command prompt and enter the following:

rundll32 printui.dll,PrintUIEntry /in /y /n \\pserver\dprinter

Here, pserver is the name of the print server and dprinter is name of the printer share.


Mapping drives by group membership allows you to control which drives and resources will be available to which users. The resource kit utility IfMember allows you to determine a user’s group membership from the command line. The basic syntax of the IfMember utility is as follows:

IfMember /Commands Groups

Here, Groups are any group, separated by spaces, whose membership you want to check. An errorlevel of 1 indicates the user is a member of the specified group. The available commands are as follows:

  • /List—Lists all groups the user belongs to
  • /Verbose—Displays all group matches

To map a network drive according to group membership and display the status from the command prompt, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

CLS ; Clears the screen

Fullpath\IfMember GroupName > Nul

If Not %errorlevel% EQU 1 Goto End

Set Drive=DriveLetter

Set Share=\\server\sharename

Echo Mapping drive %Drive% to %Share%

Net Use %Drive%: /Delete && CLS

Net Use %Drive%: %Share%

If %errorlevel% EQU 0 CLS && Echo Map Successful && Goto End

CLS && Echo Error mapping drive %Drive% to %Share%

:End

Here, fullpath is the full path where the IfMember utility is located; GroupName is the name of the group to check membership; driveletter is the drive letter to map a share to; NEQ is the “not equal to” operator; EQU is the “equal to” operator; server contains the sharename you want to map to; and && allows you to run a second command after the first has completed.


Mapping common drives for all users allows you to present a central resource location for applications or data.  To map a network drive and display the status from the command prompt, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

CLS ; Clears the screen

Set Drive=DriveLetter

Set Share=\\server\sharename

Echo Mapping drive %Drive% to %Share%

Net Use %Drive%: /Delete && CLS

Net Use %Drive%: %Share%

If %errorlevel% EQU 0 CLS && Echo Map Successful && Goto End

CLS && Echo Error mapping drive %Drive% to %Share%

:End

Here, driveletter is the drive letter to map a share to, and server contains the sharename you want to map to.


Synchronizing the local system to a central time source allows you to perform enterprise-wide tasks simultaneously. The basic syntax to synchronize the local clock with a specified time source is as follows:

Net Time \\server/commands

Here, \\server is the name of the time source server to sync with. This parameter is only necessary when syncing with a specific server. If this parameter is omitted (Net Time), the system will search the local domain for a time source server. /commands are any of the following parameters:

  • /SET—Sets the local time to the time source server
  • /Y—Forces to sync the time with the server specified, regardless of whether the server is a time source server or not
  • /DOMAIN:domainname—Searches the specified domain for a time source server

The following script attempts to sync the local system time with the server named servername. If this fails, the domain will be searched for a time source to sync with. To execute this script, proceed as follows:

  1. Create a new directory to store all files included in this example.
  2. Select Start|Run and enter “scriptfile.bat.”

Here, scriptfile is the full path and file name of a script file that contains the following:

@Echo Off

CLS ; Clears the screen

Set TServer=ServerName

Echo Syncing the time with %TServer%…

Net Time \\%TServer% /set /yes

If %errorlevel% NEQ 0 CLS && Goto Domain

CLS && Echo Sync Successful

Goto End

:Domain

Echo Searching the local domain for a time-server…

Net Time /set /yes

If %errorlevel% EQU 0 CLS && Echo Sync Successful && Goto End

CLS && Echo Time Sync Error

:End

Here, tserver is a variable containing the name of the time source server; NEQ is the “not equal to” operator; and && allows you to run a second command after the first has completed.


Windows 2000/XP/2003 supports the color command to change the background and foreground in a shell prompt. The basic syntax of the color command is as follows:

COLOR BF

Here, B is the background color value and F is the foreground color value. The color command supports the following color values:

  • 0—Black
  • 1—Blue
  • 2—Green
  • 3—Aqua
  • 4—Red
  • 5—Purple
  • 6—Yellow
  • 7—White
  • 8—Gray
  • 9—Light Blue
  • A—Light Green
  • B—Light Aqua
  • C—Light Red
  • D—Light Purple
  • E—Light Yellow
  • F—Bright White

Here is an example to change the shell prompt colors to bright white text on a blue background:

IF “%OS%”= =”Windows_NT” COLOR 1F

Here, %OS% is an environment variable that indicates the operating system type.