We are looking to replace our current Kix scripts with Powershell scripts and I was curious how to test group membership to map network drives. Our current kix script basically just does an if statement on every user group and tests if the user is a part of that group, if they are, it maps a network drive. Here is an example:
If InGroup("ADGROUP")
Use m: "\\server\share"
EndIf
I doubt this is the most efficient way to do this but I wanted to ask how I can accomplish the same thing in PowerShell and what people recommend for a proper way to map drives and printers for users in Active Directory.
If this information is needed all of our clients are on Windows Vista/7 and we are just now moving to AD 2008.
I would use group policy preferences to map drives in AD. See Using Group Policy Preferences to Map Drives Based on Group Membership for details. I also encourage user education on showing them how to add network locations to their libraries.
I spent THREE whole days trying to convert our existing Kix file (which I created) to Powershell.
What I've found, Powershell is still not fully ready to be used as a login script. Maybe in the latest version but with Powershell 2.0 right now, I've found that the commands used are mainly ported from VBS.
The "If" command in Kixtart I think is very effective because I've used it on numerous client sites and it WORKS. Plain and simple, it's quick, the command is easy to read for a System Administrator who has never used Kix before. I mean, if you compare the same drive mapping command in Kixtart with what you have to write to do the same thing in Powershell seems overly complicated.
I have written about it on my blog: http://thisishelpful.com/kix-login-script-remote-desktop-services-server-terminal-server.html. I'm going to update it with a comparison of my kix script with my modified Powershell script and you'll see what I mean.
Hope that helps.
For the AD side, you might want to look at Quest's AD cmdlets.
To check for group membership in PowerShell:
The last two lines are the pattern to follow for an inbuilt group (there are a number of these). There is also an overload of
IsInRole
that takes a string, eg. "domain\group".To map the drive executing
net use ...
is likely simplest (PowerShell can easily call console executables).