[Samba] Several logon script bat files?

rruegner robowarp at gmx.de
Sun Feb 1 23:59:14 GMT 2004

hi , i did it like this
        sharemodes                = No
        rootpreexec               = /var/lib/samba/netlogon/login.pl %U %G
%m %L
        comment                   = Netlogon Share
        browseable                = No
        path                      = /var/lib/samba/netlogon
        guestok                   = Yes
        writelist                 = @ntadmin
        locking                   = no
        public                    = no
        cscpolicy                 = disable

# login.pl
# User $ARGV[0], Group $ARGV[1], client machine $ARGV[2], server $ARGV[3]
# creation on the fly logon scripts by robowarp at gmx.de inspired by
# Log client connection
#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
open LOG, ">>/smbmonitor/user/netlogon.txt";
print LOG "$mon/$mday/$year $hour:$min:$sec - User $ARGV[0] Group $ARGV[1]\n
from $ARGV[2] in $ARGV[3]";
close LOG;

# Start generating logon script for user
open LOGON, ">/var/lib/samba/netlogon/$ARGV[0].bat";
print LOGON "\@ECHO OFF\r\n echo %USERNAME%\r\n call send.bat\r\n";

# Start generating logon script for machine for different security
open LOGON, ">/var/lib/samba/netlogon/$ARGV[2].bat";
print LOGON "\@ECHO OFF\r\n call chkdir.bat\r\n call listapp.bat >

# Start generating logon script for group
open LOGON, ">/var/lib/samba/netlogon/$ARGV[1].bat";
print LOGON "\@ECHO OFF\r\n";

# Connect shares for group users
if ($ARGV[1] eq "users")
print LOGON "NET USE X: \\\\$ARGV[3]\\files\r\n";

# Connect shares for group ntadmin
if ($ARGV[1] eq "ntadmin")
print LOGON "NET USE Y: \\\\$ARGV[3]\\smbmonitor\r\n";

logonscript               = login.bat

@echo off
net time \\files /set /yes
rem by robowarp at gmx.de leave to public as it is , dont think of asking me
rem  created for samba 3 login, the bat files were creted on the fly by
rem genlogin.pl
rem  this script is only valid for win2000/NT/XP
rem exec bat for logged in machine ( maybe software status or machine data )
rem exec bat for login user
call %USERNAME%.bat
rem exec bat for different groups
rem ifmember.exe must be in the netlogon share download it at microschrott
rem be aware that ifmember will give result in the current win language
rem unlike normal dos, positive result from ifmember will match in
errorlevel 1
ifmember /v /l "MUSI\Domain Users"
if errorlevel 1 call users.bat
ifmember /v /l "MUSI\Domain Admins"
if errorlevel 1 call ntadmin.bat
ifmember /v /l "MUSI\kids"
if errorlevel 1 call kids.bat

i advice you to study
genlogin.pl in the smb source
on ms technet load down ifmember.exe
and final sec policies are a good combination with this scripts

for a log of installed software you can use this
@echo off
regedit /a %TEMP%\filename.reg
for /f "Skip=1 Tokens=*" %%i in ('type %TEMP%\Filename.reg') do set
line="%%i"&call :parse
goto :EOF
set work=%line:~2,11%
set work=%work:"=%
If NOT "%work%" EQU "DisplayName" goto :EOF
set work=%line:~16,120%
set work=%work:"=%
@echo %work%

psinfo ( load down at pstools)

PsInfo 1.34 - local and remote system information viewer
Copyright (C) 2001-2002 Mark Russinovich
Sysinternals - www.sysinternals.com

Querying information for BUERO...^M
^MSystem inf$
Uptime:                    Error reading uptime
Kernel version:            Microsoft Windows 2000, Uniprocessor Free
Product type:              Professional
Product version:           5.0
Service pack:              4
Kernel build number:       2195
Registered organization:   musi
Registered owner:          musi
Install date:              13.11.2003, 14:31:32
IE version:                6.0000
System root:               C:\WINNT
Processors:                1
Processor speed:           865 MHz
Processor type:            Intel Pentium III
Physical memory:           640 MB
Volume Type       Format     Label                      Size       Free
    A: Removable
    C: Fixed      NTFS                               38.2 GB    33.7 GB
    D: CD-ROM
    E: CD-ROM
    Z: Remote     NTFS       root                     9.1 GB     6.1 GB
OS Hot Fix    Installed
KB329115      13.11.2003
KB820888      13.11.2003
KB822831      13.11.2003
KB823182      13.11.2003
KB823559      13.11.2003
KB824105      13.11.2003
KB824141      13.11.2003
KB824146      13.11.2003
KB825119      13.11.2003
KB826232      13.11.2003
KB828035      13.11.2003
KB828749      13.11.2003

this will produce monitor files like this

from buero in files0/29/104 14:53:40 - User lothar Group users
 from buero in files0/29/104 16:4:30 - User kind Group users
 from herren in files0/29/104 16:13:39 - User team Group users
 from buero in files0/30/104 11:30:11 - User team Group users
 from buero in files0/30/104 11:39:17 - User lothar Group users
 from buero in files0/30/104 14:44:26 - User team Group users
 from buero in files0/30/104 15:38:18 - User lothar Group users

Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
hp officejet g series
Microsoft Internet Explorer 6 SP1
Microsoft Internet Explorer Administration Kit 5
Internet Explorer Q824145
Ahead InCD
Electronic Arts Product Registration
IrfanView (remove only)
Windows 2000-Hotfix - KB329115
Windows 2000-Hotfix - KB820888
Windows 2000-Hotfix - KB822831
Windows 2000-Hotfix - KB823182
Windows 2000-Hotfix - KB823559
Windows 2000-Hotfix - KB824105
Windows 2000-Hotfix - KB824141
Windows 2000-Hotfix - KB824146
Windows 2000-Hotfix - KB825119
Windows 2000-Hotfix - KB826232
Windows 2000-Hotfix - KB828035
Windows 2000-Hotfix - KB828749
Ahead InCD EasyWrite Reader
Outlook Express Update Q330994
PuTTY version 0.53b
Windows 2000-Hotfix (SP5) Q818043
Windows Media Player-Hotfix [Weitere Informationen finden Sie in wm828026]
TightVNC 1.2.9
Tweak UI
UltimateZip 2.6
Winamp3 (remove only)
WinSCP 3.3
Windows Media Player-Systemupdate (9-Reihe)
Microsoft Office 2000 SR-1 Small Business
Harry Potter TM

log files can look like this
[2004/01/29 14:33:00, 2] smbd/open.c:open_file(250)
  team opened file profile/Anwendungsdaten/Microsoft/Office/Zuletzt
verwendet/OLK39A.LNK read=Yes write=No (numopen=34)
[2004/01/29 14:33:00, 2] smbd/open.c:open_file(250)

so you can see , everything ,hardware,software,login,action on the server
share can be logged
and you can create logon scripts on the fly for different users groups and
additional use of security policies makes the smb pdc acting nearly like (
may be better than a nt pdc )

----- Original Message ----- 
From: "Anders Norrbring" <anders at norrbring.biz>
To: "'Samba user list'" <samba at lists.samba.org>
Sent: Sunday, February 01, 2004 4:35 PM
Subject: [Samba] Several logon script bat files?

> I simply wonder if I can have several different logon script bat files for
> MS Win users that validates through my Samba PDC?
> Let's say that group "users" should have logon batch users.bat and the
> members of the group "sales" should have both users.bat and sales.bat
> executed at logon?  Or can I in some way use ONE script with parameters
> knows about what groups the user is a member of and execute the correct
> drive mappings on their Windows workstation?
> Anders Norrbring
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list