我公司的 Samba 服务器没有提供可靠的方法来引入不同办公室的登录脚本。
现在我的问题是:我如何存入脚本,以便计算机为不同办公室的不同用户准确地映射驱动器。
对于每个办公室,我都已经有一个额外的 .bat 文件,其中包含其专用网络驱动器。但计算机如何知道哪个人正在登录?我的意思是用户在公司的哪个部门工作,以及我们需要哪个 .bat 文件?
答案1
使用本地组策略。
登录脚本路径:
%windir%\system32\GroupPolicy\User\Scripts\Logon\
注销脚本路径:
%windir%\system32\GroupPolicy\User\Scripts\Logoff\
启动脚本路径:
%windir%\system32\GroupPolicy\Machine\Scripts\Startup\
关机脚本路径:
%windir%\system32\GroupPolicy\Machine\Scripts\Shutdown\
添加登录注册表项:
regedit /s \\PDC-Kerberos-Server-Samba\profiles\logon.reg
登录.reg:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logon]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logon\0]
"GPO-ID"="LocalGPO"
"SOM-ID"="Local"
"FileSysPath"="C:\\WINDOWS\\System32\\GroupPolicy\\User"
"DisplayName"="Local Group Policy"
"GPOName"="Local Group Policy"
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts\Logon\0\0]
"Script"="logon.bat"
"Parameters"=""
"ExecTime"=hex(b):00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
登录脚本 GPO,GUI 方式:
最好的办法:实验室追踪器
创建一个常见的场景,该场景将确定用户的名称和环境变量(包括部门)(如果将其带入 LDAP 服务器或 Active Directory)。
之后,在此场景中根据数据调用其他脚本。以下是确定用户周围环境的示例。在这些数据上,您可以构建运行脚本所需的条件。
从用户环境调用脚本。
在我看来,最好的选择是 WSH(vbscript),但您也可以仅使用命令。
如果需要跨平台,python、perl 和 java 在所有操作系统上都表现不错。
真实查询用户 DN:
dsquery * -filter "(samAccountName=Tcheburator)" -attr distinguishedName | more +1
输出,(OU - 组织单位):
CN=Tcheburator,OU=In App,OU=View App,DC=ht,DC=local
脚本中查询用户 DN:
dsquery * -filter "(samAccountName=%username%)" -attr distinguishedName | more +1
在脚本用户组中查询:
dsquery user -samid %username% | dsget user -memberof | dsget group -sid -samid
在脚本用户嵌套组中查询:
dsquery user -samid %username% | dsget user -memberof -expand | dsget group -sid -samid
真实样本,查询用户组:
dsquery user -samid Tcheburator | dsget user -memberof | dsget group -sid -samid
输出:
samid sid
Nected Tche S-1-5-21-2191659736-2261162383-3034376108-1153
Tche S-1-5-21-2191659736-2261162383-3034376108-1152
Domain Users S-1-5-21-2191659736-2261162383-3034376108-513
dsget succeeded
真实样本,查询用户嵌套群组:
dsquery user -samid Tcheburator | dsget user -memberof -expand | dsget group -sid -samid
输出:
samid sid
Nected Tche S-1-5-21-2191659736-2261162383-3034376108-1153
Tche S-1-5-21-2191659736-2261162383-3034376108-1152
Domain Users S-1-5-21-2191659736-2261162383-3034376108-513
DHCP Administrators S-1-5-21-2191659736-2261162383-3034376108-1129
dsget succeeded
查询部门:
dsquery * -filter "(samAccountName=Tcheburator)" -attr name objectSid msNPAllowDialin adminCount whenChanged whenCreated department l telephoneNumber
输出:
name objectSid msNPAllowDialin adminCount whenChanged whenCreated department l telephoneNumber
Tcheburator S-1-5-21-2191659736-2261162383-3034376108-1151 06/12/2013 14:53:08 06/12/2013 10:18:36 View IT New Vasyki (322) 223-322
查询全部:
dsquery * -filter "(samAccountName=Tcheburator)" -attr *
获取操作系统、服务包、计算机名称:
wmic OS get Caption, Version, BuildNumber, CSDVersion, CodeSet, CSName, LocalDateTime
输出:
BuildNumber Caption CodeSet CSDVersion CSName LocalDateTime Version
3790 Microsoft(R) Windows(R) Server 2003 Enterprise x64 Edition 1251 Service Pack 2 W2K3R2VIRT-2ECA 20130612191856.656000+240 5.2.3790
获取操作系统、服务包、计算机名称...安装日期、系统磁盘:
wmic os get BootDevice,BuildNumber,CSDVersion,Version,CSName,InstallDate,LastBootUpTime,OSLanguage,Locale,SystemDevice,SystemDirectory,SystemDrive
获取 IP 地址、MAC 地址、GW...:
wmic nicconfig get MACAddress, IPAddress, IPSubnet, DefaultIPGateway, Index, ServiceName, Description, SettingID
输出:
DefaultIPGateway Description Index IPAddress IPSubnet MACAddress ServiceName SettingID
RAS Async Adapter 1 AsyncMac {06CDF9C4-7DFE-4CF0-8DF4-08D86275188F}
WAN Miniport (L2TP) 2 Rasl2tp {2F53E6CE-FE90-41FF-9346-7FE854731431}
WAN Miniport (PPTP) 3 50:50:54:50:30:30 PptpMiniport {FA6F7372-8CCB-4DAC-9B74-51501B322F83}
WAN Miniport (PPPOE) 4 33:50:6F:45:30:30 RasPppoe {075EB914-2B27-42AA-8176-7A58987C7FA9}
Direct Parallel 5 Raspti {F992BAE1-1E06-4069-A8AE-6FFA487BC9CC}
WAN Miniport (IP) 6 NdisWan {61EC9DB7-4374-4917-B7DA-A9182B6332DE}
{"10.120.10.1"} Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller 7 {"10.120.10.100"} {"255.255.240.0"} 6В:77:C7:7A:79:BB L1e {4EB8AC6D-15EE-4922-94F6-3FB0CED90635}
Broadcom 802.11g Network Adapter 8 BCM43XX {A245F36E-6EAA-4880-9CE1-A536C2F2A000}
Packet Scheduler Miniport 9 34:B3:20:52:41:53 {CE21D017-A6B3-4275-9BC5-3060B4F017A0}
VMware Virtual Ethernet Adapter for VMnet1 10 {"192.168.18.1"} {"255.255.255.0"} 00:50:56:C0:00:01 VMnetAdapter {EB270DB9-E2B1-4689-86BF-4CBC4E30A93B}
VMware Virtual Ethernet Adapter for VMnet8 11 {"192.168.232.1"} {"255.255.255.0"} 00:50:56:C0:00:08 VMnetAdapter {90EDFB26-FF76-4FF8-8E25-A847F7179F34}
Packet Scheduler Miniport 12 {A95F18B8-8423-4DDF-84C0-240BEF25B647}
1394 Net Adapter 13 NIC1394 {9C5F9D9E-9BA5-4C2F-AB8C-6A7EDC7A1C78}
TAP-Win32 Adapter V9 14 tap0901 {63D6E2AA-FDC6-41A4-B3CD-B3460D63A5E8}
Packet Scheduler Miniport 15 {7F4D8138-D586-4511-B737-7E05168430AB}
Windows Mobile-based Internet Sharing Device 16 usb_rndisx {3E7051D2-8097-4986-8EE3-E88F028C9E07}
Packet Scheduler Miniport 17 {3909CC6A-B904-4BEA-9CEE-E6801BFF4694}
Windows Mobile-based Internet Sharing Device 18 usb_rndisx {284F5467-6DE8-4398-9881-C22AEB44A0B7}
Packet Scheduler Miniport 19 {27EED4EC-0B03-4D39-B120-45C24E8BB0CE}