Logon script to migrate users to a new file server and remove and recreate mapped network drives

I’m migrating a few hundred users over to a new file server.

The paths will be different. It’s not just the server name that’s changing.

  1. I have run into several problems.
  2. Although I’m a domain admin, I don’t have access to most of the folders. In the worst case scenario I need to take ownership to gain access.
  3. Inheritance is disabled on some of the sub folders.
  4. Permissions are sometimes configured on the fifth or even tenth sub folder.
  5. There are drive paths distributed using group policy but 99% of the paths are mapped directly on the PC.
  6. Five minutes of down time causes untold problems.
  7. The tool that is used to replicate the files isn’t replicating the permissions in all cases. It is also having the same problem that I’m encountering in terms of access to some files and folders.
  8. Permissions aren’t given to groups. Each person is added to the folder directly.
  9. There are often eight different drive maps. Some of these are even pointing to duplicate locations.

Here’s what I’ve tried.

  1. Section shares will be mapped to S. However, the policy is set to update. IT isn’t changing locally mapped drives. This is ok. It allows users to come to support if they can’t access their files. The benefit of this is support are noting down what S was previously mapped to.
  2. I’m using powershell to level the permissions on all sub directories.
  3. I’m talking to section heads to determine the permissions that each person needs.
  4. I’m adding these people to groups based on the section and directory name and applying access to the group.
  5. I’m marking the old files as hidden. Mainly so that if someone continues using the old path they will think the drive is empty. That will result in a call to support where they can tell the user to use the new drive and then also delete the old map.

There are far too many manual steps in this.

There’s also too many remaining drive maps that aren’t needed.

Here is what the script does to automate most of these manual steps.
This is run at log in and targets one or more groups.

  1. List the currently mapped network drives.
  2. Check the groups that the user is a member of.
  3. Remove all drive maps
  4. Map drives based on assigned groups.
  5. Show a message to the user to inform them that the migration has completed.

The main remaining problem is that if I move Drive Q that is used by ApplicationX to the letter Y, all the users who used the old letter will probably have problems opening files. There’s nothing I can really do about this. However, so far, the instances where this has been encountered has been managed easily by support.

One choice I also made was to remove all existing permissions from the folder and reapply the permissions on the new file server so that only groups that should have access are applied to each folder. Of course, this requires that staff speak to their section heads to in turn ask me for access but this removes the potential that people have access to folders that they no longer need. It also helps to promote a more structured method of processing access requests. I could implement a form for tracking these requests but this overhead would be justifiably resisted by section heads.

The script follows:

Option Explicit
Dim objShell,grouplistD,ADSPath,userPath,listGroup,WshNetwork,objFSO,objFile,strComputer,objWMIService,IPConfigSet,strIPAddress,colItems,strDrives,mappedDrives,objNetwork,x
dim objTS, sReadLine, bReturn, strOutputFile, RunBefore, WshShell, IPConfig,i,objItem, objOutputFile
strOutputFile = “\\spd-adc01.spd.dcu.ie\RemainingComputer\SharedFolders.txt”
On Error Resume Next
Set objShell = CreateObject(“WScript.Shell”)
Const ForAppending = 8
Set WshShell = CreateObject(“WScript.Shell”)
Set WshNetwork = CreateObject(“WScript.Network”)
Set objFSO = CreateObject(“Scripting.FileSystemObject”)
Set objFile = objFSO.OpenTextFile(strOutputFile, ForAppending)

if (RunBefore = “False”) Then
objFile.WriteLine WshNetwork.ComputerName & “,” & WshNetwork.UserName & “,” & GetIpAddress & “,” & GetMappedNetworkDrives

If isMember(“SPD President”) Then
End If
End If

Function GetIPAddress
strComputer = “.”
Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)
Set IPConfigSet = objWMIService.ExecQuery _
(“Select IPAddress from Win32_NetworkAdapterConfiguration WHERE IPEnabled = ‘True'”)

For Each IPConfig in IPConfigSet
If Not IsNull(IPConfig.IPAddress) Then
For i = LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
If Not Instr(IPConfig.IPAddress(i), “:”) > 0 Then
strIPAddress = strIPAddress & IPConfig.IPAddress(i) & ” ”
End If
End If
GetIPAddress = strIPAddress
End Function

Function GetMappedNetworkDrives
On Error Resume Next
strComputer = “.”
Set objWMIService = GetObject(“winmgmts:” & “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)
Set colItems = objWMIService.ExecQuery(“Select * from Win32_MappedLogicalDisk”)

For Each objItem in colItems
strDrives = strDrives & “,” & objItem.Name & ” ” & objItem.ProviderName
GetMappedNetworkDrives = strDrives
End Function

Function DeleteMappedDrives
On Error Resume Next
Set objNetwork = CreateObject(“Wscript.Network”)
Set mappedDrives = objNetwork.EnumNetworkDrives
For x = 0 to mappedDrives.Count
objNetwork.RemoveNetworkDrive mappedDrives.Item(x), True, True
End Function

Function MapPresidentsDrive
If isMember(“SPD President”) Then
Set objNetwork = WScript.CreateObject(“WScript.Network”)
objNetwork.MapNetworkDrive “S:” , “\\ad.dcu.ie\data\dept\spd\college admin\President”
MsgBox”Drive S added successfully.” & vbcrlf & “The presidents section share is available in this new location.” & vbcrlf & vbcrlf & “Please contact the helpdesk if you have any questions.”,64,”Migration successfull”
End If

End Function

Function IsMember(groupName)
If IsEmpty(groupListD) then
Set groupListD = CreateObject(“Scripting.Dictionary”)
groupListD.CompareMode = 1
ADSPath = EnvString(“userdomain”) & “/” & EnvString(“username”)
Set userPath = GetObject(“WinNT://” & ADSPath & “,user”)
For Each listGroup in userPath.Groups
groupListD.Add listGroup.Name, “-”
End if
IsMember = CBool(groupListD.Exists(groupName))
End Function

Function EnvString(variable)
variable = “%” & variable & “%”
EnvString = objShell.ExpandEnvironmentStrings(variable)
End Function
Set objShell = Nothing

Function ScriptNotRunBefore
Set WshNetwork = CreateObject(“WScript.Network”)
RunBefore = “False”
strComputer = WshNetwork.ComputerName
set objFSO = CreateObject(“Scripting.FileSystemObject”)
set objOutputFile = objFSO.GetFile(strOutputFile)
set objTS = objOutputFile.OpenAsTextStream(1)

‘Loop through the output file to see if “Computer name in STRComputer” is found,
‘if it is then the script has run before.
do while objTs.AtEndOfStream <> true
sReadLine = objTs.ReadLine
if instr(sReadLine, strComputer) > 0 then
RunBefore = “True”
exit do
end if

‘Close output file and release objects
set objTS = nothing
set strOutputFile = nothing
set objFSO = nothing
end function