• Tag Archives Cifs
  • Logon script to migrate users to a new file server and remove and recreate mapped network drives

    I’m migrating a few hundred users over to a new file server.

    The paths will be different. It’s not just the server name that’s changing.

    1. I have run into several problems.
    2. Although I’m a domain admin, I don’t have access to most of the folders. In the worst case scenario I need to take ownership to gain access.
    3. Inheritance is disabled on some of the sub folders.
    4. Permissions are sometimes configured on the fifth or even tenth sub folder.
    5. There are drive paths distributed using group policy but 99% of the paths are mapped directly on the PC.
    6. Five minutes of down time causes untold problems.
    7. The tool that is used to replicate the files isn’t replicating the permissions in all cases. It is also having the same problem that I’m encountering in terms of access to some files and folders.
    8. Permissions aren’t given to groups. Each person is added to the folder directly.
    9. There are often eight different drive maps. Some of these are even pointing to duplicate locations.

    Here’s what I’ve tried.

    1. Section shares will be mapped to S. However, the policy is set to update. IT isn’t changing locally mapped drives. This is ok. It allows users to come to support if they can’t access their files. The benefit of this is support are noting down what S was previously mapped to.
    2. I’m using powershell to level the permissions on all sub directories.
    3. I’m talking to section heads to determine the permissions that each person needs.
    4. I’m adding these people to groups based on the section and directory name and applying access to the group.
    5. I’m marking the old files as hidden. Mainly so that if someone continues using the old path they will think the drive is empty. That will result in a call to support where they can tell the user to use the new drive and then also delete the old map.

    There are far too many manual steps in this.

    There’s also too many remaining drive maps that aren’t needed.

    Here is what the script does to automate most of these manual steps.
    This is run at log in and targets one or more groups.

    1. List the currently mapped network drives.
    2. Check the groups that the user is a member of.
    3. Remove all drive maps
    4. Map drives based on assigned groups.
    5. Show a message to the user to inform them that the migration has completed.

    The main remaining problem is that if I move Drive Q that is used by ApplicationX to the letter Y, all the users who used the old letter will probably have problems opening files. There’s nothing I can really do about this. However, so far, the instances where this has been encountered has been managed easily by support.

    One choice I also made was to remove all existing permissions from the folder and reapply the permissions on the new file server so that only groups that should have access are applied to each folder. Of course, this requires that staff speak to their section heads to in turn ask me for access but this removes the potential that people have access to folders that they no longer need. It also helps to promote a more structured method of processing access requests. I could implement a form for tracking these requests but this overhead would be justifiably resisted by section heads.

    The script follows:

    Option Explicit
    Dim objShell,grouplistD,ADSPath,userPath,listGroup,WshNetwork,objFSO,objFile,strComputer,objWMIService,IPConfigSet,strIPAddress,colItems,strDrives,mappedDrives,objNetwork,x
    dim objTS, sReadLine, bReturn, strOutputFile, RunBefore, WshShell, IPConfig,i,objItem, objOutputFile
    strOutputFile = “\\spd-adc01.spd.dcu.ie\RemainingComputer\SharedFolders.txt”
    On Error Resume Next
    Set objShell = CreateObject(“WScript.Shell”)
    Const ForAppending = 8
    Set WshShell = CreateObject(“WScript.Shell”)
    Set WshNetwork = CreateObject(“WScript.Network”)
    Set objFSO = CreateObject(“Scripting.FileSystemObject”)
    Set objFile = objFSO.OpenTextFile(strOutputFile, ForAppending)

    ScriptNotRunBefore
    if (RunBefore = “False”) Then
    objFile.WriteLine WshNetwork.ComputerName & “,” & WshNetwork.UserName & “,” & GetIpAddress & “,” & GetMappedNetworkDrives

    DeleteMappedDrives
    If isMember(“SPD President”) Then
    MapPresidentsDrive
    End If
    End If
    objFile.Close

    Function GetIPAddress
    strComputer = “.”
    Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”)
    Set IPConfigSet = objWMIService.ExecQuery _
    (“Select IPAddress from Win32_NetworkAdapterConfiguration WHERE IPEnabled = ‘True'”)

    For Each IPConfig in IPConfigSet
    If Not IsNull(IPConfig.IPAddress) Then
    For i = LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
    If Not Instr(IPConfig.IPAddress(i), “:”) > 0 Then
    strIPAddress = strIPAddress & IPConfig.IPAddress(i) & ” ”
    End If
    Next
    End If
    Next
    GetIPAddress = strIPAddress
    End Function

    Function GetMappedNetworkDrives
    On Error Resume Next
    strComputer = “.”
    Set objWMIService = GetObject(“winmgmts:” & “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)
    Set colItems = objWMIService.ExecQuery(“Select * from Win32_MappedLogicalDisk”)

    For Each objItem in colItems
    strDrives = strDrives & “,” & objItem.Name & ” ” & objItem.ProviderName
    Next
    GetMappedNetworkDrives = strDrives
    End Function

    Function DeleteMappedDrives
    On Error Resume Next
    Set objNetwork = CreateObject(“Wscript.Network”)
    Set mappedDrives = objNetwork.EnumNetworkDrives
    For x = 0 to mappedDrives.Count
    objNetwork.RemoveNetworkDrive mappedDrives.Item(x), True, True
    Next
    End Function

    Function MapPresidentsDrive
    DeleteMappedDrives
    If isMember(“SPD President”) Then
    Set objNetwork = WScript.CreateObject(“WScript.Network”)
    objNetwork.MapNetworkDrive “S:” , “\\ad.dcu.ie\data\dept\spd\college admin\President”
    MsgBox”Drive S added successfully.” & vbcrlf & “The presidents section share is available in this new location.” & vbcrlf & vbcrlf & “Please contact the helpdesk if you have any questions.”,64,”Migration successfull”
    Else
    WMsgBox”False”
    End If

    End Function

    Function IsMember(groupName)
    If IsEmpty(groupListD) then
    Set groupListD = CreateObject(“Scripting.Dictionary”)
    groupListD.CompareMode = 1
    ADSPath = EnvString(“userdomain”) & “/” & EnvString(“username”)
    Set userPath = GetObject(“WinNT://” & ADSPath & “,user”)
    For Each listGroup in userPath.Groups
    groupListD.Add listGroup.Name, “-”
    Next
    End if
    IsMember = CBool(groupListD.Exists(groupName))
    End Function

    Function EnvString(variable)
    variable = “%” & variable & “%”
    EnvString = objShell.ExpandEnvironmentStrings(variable)
    End Function
    Set objShell = Nothing

    Function ScriptNotRunBefore
    Set WshNetwork = CreateObject(“WScript.Network”)
    RunBefore = “False”
    strComputer = WshNetwork.ComputerName
    set objFSO = CreateObject(“Scripting.FileSystemObject”)
    set objOutputFile = objFSO.GetFile(strOutputFile)
    set objTS = objOutputFile.OpenAsTextStream(1)

    ‘Loop through the output file to see if “Computer name in STRComputer” is found,
    ‘if it is then the script has run before.
    do while objTs.AtEndOfStream <> true
    sReadLine = objTs.ReadLine
    if instr(sReadLine, strComputer) > 0 then
    RunBefore = “True”
    exit do
    end if
    loop

    ‘Close output file and release objects
    objTS.close
    set objTS = nothing
    set strOutputFile = nothing
    set objFSO = nothing
    end function