Active Directory question

[ssfdre38]

Now i have my server setup just how i want to... almost. I am wondering how to share the same files from a user across all the computers that they log into.

[ItsTheDuckAgain]

What? Seriously, please rephrase that, It's kind of a mess. What do you want to do? Share some files in a network? You are looking on how to do a network share? Whats with the Active Directory title? hmmm? Files hosted on said server? Or on clients? Whats going on? It's all bananas.

[leadeater]

30 minutes ago, ssfdre38 said:

Now i have my server setup just how i want to... almost. I am wondering how to share the same files from a user across all the computers that they log into.

 

5 minutes ago, ItsTheDuckAgain said:

What? Seriously, please rephrase that, It's kind of a mess. What do you want to do? Share some files in a network? You are looking on how to do a network share? Whats with the Active Directory title? hmmm? Files hosted on said server? Or on clients? Whats going on? It's all bananas.

I don't understand either of you??? 

 

@ssfdre38 What is it exactly you want to achieve? Do you want to be able to access files from any computer on your network or do you want central authentication so you can log on to any computer with the same username/password? You can do either one without the other. 

[Sir Asvald]

31 minutes ago, ItsTheDuckAgain said:

What? Seriously, please rephrase that, It's kind of a mess. What do you want to do? Share some files in a network? You are looking on how to do a network share? Whats with the Active Directory title? hmmm? Files hosted on said server? Or on clients? Whats going on? It's all bananas.

He is asking how to map network drives through active directory. He needs the login scripts. That is what he needs. @ItsTheDuckAgain

 

 

55 minutes ago, ssfdre38 said:

Now i have my server setup just how i want to... almost. I am wondering how to share the same files from a user across all the computers that they log into.

Have you setup active directory with users? If you have done that, firstly you'll need to create a login script.

 

Open notepad and then type net use x: \\yourservername\thefolder. Once that is done save as and name it whatever you want. but it has to end with .bat. Go search for the folder "sysvol" in Windows folder in the C:/ drive, then go to sysvol file again, click the folder which has your FQDN then click on scripts and copy the bat file into there. It'll ask you for permission say yes.

 

After all that, go to the user, properties then click on Profile and type in the box where it says logon script and type in the name of the bat script. 

[Sir Asvald]

4 minutes ago, leadeater said:

 

I don't understand either of you??? 

 

@ssfdre38 What is it exactly you want to achieve? Do you want to be able to access files from any computer on your network or do you want central authentication so you can log on to any computer with the same username/password? You can do either one without the other. 

Asking about logon scripts 

[ItsTheDuckAgain]

1 minute ago, leadeater said:

 

I don't understand either of you??? 

 

@ssfdre38 What is it exactly you want to achieve? Do you want to be able to access files from any computer on your network or do you want central authentication so you can log on to any computer with the same username/password? You can do either one without the other. 

As I clearly postponed down under the Active Directory for Banans:

You can take this to Russia and trump the hell out of said Opossum when spending 2 RAM sticks on a good Mic. Other then that I would totally go for X99 with a watercooled cake or two shoes of either size. Depends on what you want to dollar on. Just make sure to be perfectly penis about it. Harm intended.

 

Peace

Duck

[leadeater]

3 hours ago, Abdul201588 said:

Asking about logon scripts 

 

3 hours ago, Abdul201588 said:

He is asking how to map network drives through active directory. He needs the login scripts. That is what he needs. @ItsTheDuckAgain

 

 

Have you setup active directory with users? If you have done that, firstly you'll need to create a login script.

 

Open notepad and then type net use x: \\yourservername\thefolder. Once that is done save as and name it whatever you want. but it has to end with .bat. Go search for the folder "sysvol" in Windows folder in the C:/ drive, then go to sysvol file again, click the folder which has your FQDN then click on scripts and copy the bat file into there. It'll ask you for permission say yes.

 

After all that, go to the user, properties then click on Profile and type in the box where it says logon script and type in the name of the bat script. 

You don't use login scripts anymore for drive mapping, there are native Group Policy Preferences that you can use to map drives and filter the application of them to group membership for example.

 

Before sending anyone down the path to setting up Active Directory I want to first make sure that is what they want/need, no point doing it if all that is required is to have a network share mapped on a computer as that can be done either by mapping it and saying remember or using a local computer policy which in this case has to be a login script (local policy doesn't support machine/user preferences).

 

Edit:

I suspect I'm also going to end up recommending configuring Folder Redirection and Home Drive rather than a simple GPO network mapping.

[Sir Asvald]

1 hour ago, leadeater said:

 

You don't use login scripts anymore for drive mapping, there are native Group Policy Preferences that you can use to map drives and filter the application of them to group membership for example.

 

Before sending anyone down the path to setting up Active Directory I want to first make sure that is what they want/need, not point doing it if all that is required is to have a network share mapped on a computer as that can be done either by mapping it and saying remember or using a local computer policy which in this case has to be a login script (local policy doesn't support machine/user preferences).

 

Edit:

I suspect I'm also going to end up recommending configuring Folder Redirection and Home Drive rather than a simple GPO network mapping.

Will that is the way I do it and it works.  Also I make multiple bat files for different users. 

 

 

[NelizMastr]

16 minutes ago, Abdul201588 said:

Will that is the way I do it and it works.  Also I make multiple bat files for different users. 

 

 

Great if you're on 2k8 or 2k8R2 maybe, but 2012 and 2016 offer much more in this regard. You still have a few years to upgrade, though

[leadeater]

1 hour ago, Abdul201588 said:

Will that is the way I do it and it works.  Also I make multiple bat files for different users. 

True what works is good and there has to be good reason to change the way you do things but it is generally accepted now days that startup/login/kix scritps etc is not the best way to do it and can in cases have security concerns.

 

Other than that note I suggest you give GPO Machine/User Preferences with Item Level Targeting a test and see how it works, it's always good to try and find new and better ways of doing the same thing. You can do this for printer mappings, registry keys etc it's actually extremely useful and much easier to manage and maintain than scripts. One of the jobs I did for a university while I was contracting there was to convert all their startup/login scripts to Group Policies, these scripts were extremely long with many logic conditions and took about a year to do from requesting to do the change, getting it approved, working on it, testing it then deploying it. This was just something I was doing when I had extra time as it wasn't what I was there for but it bugged me that they were still doing it that way.

[Mikensan]

Even 2008 you don't really need login scripts for just mapping drives / printers etc... There are a few scenarios where a kix / batch script though.

 

Honestly since this appears to be a foreign concept to @OP - I would suggest Home Groups. Unless you (OP) want to learn more about Active Directory for educational purposes, I would just use home groups. It's easy to setup and lets you securely share files on your network. Otherwise you can just create a share and allow "everyone" access for the ultimate lazy solution.

[leadeater]

1 hour ago, NelizMastr said:

Great if you're on 2k8 or 2k8R2 maybe, but 2012 and 2016 offer much more in this regard. You still have a few years to upgrade, though

2003 R2 was pretty much the time when using scripts was pronounced EOL. All the deployments I did for clients using 2008/2008 R2 used GPO first and scripts only for awful software that didn't support GPO software install or required extra reg keys added or other tweaks to function. Bigger clients of course used SCCM but the small ones had no need or the resources to run and maintain it. 

[Sir Asvald]

2 hours ago, NelizMastr said:

Great if you're on 2k8 or 2k8R2 maybe, but 2012 and 2016 offer much more in this regard. You still have a few years to upgrade, though

Oh, that video isn't mine btw. Just found it on the internet.

1 hour ago, leadeater said:

True what works is good and there has to be good reason to change the way you do things but it is generally accepted now days that startup/login/kix scritps etc is not the best way to do it and can in cases have security concerns.

 

Other than that note I suggest you give GPO Machine/User Preferences with Item Level Targeting a test and see how it works, it's always good to try and find new and better ways of doing the same thing. You can do this for printer mappings, registry keys etc it's actually extremely useful and much easier to manage and maintain than scripts. One of the jobs I did for a university while I was contracting there was to convert all their startup/login scripts to Group Policies, these scripts were extremely long with many logic conditions and took about a year to do from requesting to do the change, getting it approved, working on it, testing it then deploying it. This was just something I was doing when I had extra time as it wasn't what I was there for but it bugged me that they were still doing it that way.

I've used GPO before and still use it. I use to block certain features such as CMD, uninstalling software and installing. Anything that can "do" harm to the PC. 

[Mikensan]

if I did a gpresult for you, your eyes would bleed. Meeting NIST/DISA standards man, is painful. If it were as simple as just doing everything they said to do, ok then just maybe 1-2 weeks mixed in with normal work - not a big deal. But verifying it doesn't break anything every step along the way... Months of work and honestly work that is never finished. GPOs are the bread and butter of a windows network right behind configuration / endpoint management. 

 

Any server that deals with processing payments / Visa, is going to be equally if not more painful.

[harry4742]

Ok

You want to have a users files everywhere where that user logs in.

You need the server based user profiles for that

[ssfdre38]

Ok so let me rephrase what my question is. So i have AD-DS set up with and i am able to set up computer to connect to the server and login with the users i do create on the AD. Now what i want to do is have it where if someone saves a file on a folder like Documents, it will sync up with the server and so when i sign in on a different computer, i will get that same file 

[Blake]

45 minutes ago, ssfdre38 said:

Ok so let me rephrase what my question is. So i have AD-DS set up with and i am able to set up computer to connect to the server and login with the users i do create on the AD. Now what i want to do is have it where if someone saves a file on a folder like Documents, it will sync up with the server and so when i sign in on a different computer, i will get that same file 

Folder redirection.

 

Basically, use GPP to configure also:

open GPMC.msc, make a new or edit the appropriate GPO, then navigate to:

 

Haven't done it in a while (it's a set and forget kind of thing), but I remeber there being a 'bug' with redirecting to \\path\to\user\profiles\%username%\Desktop I remember there being an issue where this failed, but I am assuming this has been patched to you can scale correctly across an organisation.

 

EDIT: Should also add that roaming profiles are rearely used in the real world. if you change computer and have a 50GB OST to download and it takes 1hour to login, your not going to be a happy chappy.

[leadeater]

9 minutes ago, Blake said:

Folder redirection.

 

Basically, use GPP to configure also:

open GPMC.msc, make a new or edit the appropriate GPO, then navigate to:

 

Haven't done it in a while (it's a set and forget kind of thing), but I remeber there being a 'bug' with redirecting to \\path\to\user\profiles\%username%\Desktop I remember there being an issue where this failed, but I am assuming this has been patched to you can scale correctly across an organisation.

Supplementary to this here are the Microsoft recommended Share and NTFS permissions you need to setup on the server where the Home Folders will be hosted.

https://blogs.technet.microsoft.com/migreene/2008/03/24/ntfs-permissions-for-redirected-folders-or-home-directories/ 

 

Also the bug I think you may be talking about isn't fixed. Is this the one where the desktop.ini file causes all folders to display as 'Documents' on the server rather than the actual folder name which is the username? Basically it's not an issue so long as you use the correct redirection settings.