LOGON.BAT / AD / Policies

All questions pertaining to Windows Active Directory Service can go here
Forum rules
We've moved! Head over to Synology Community (community.synology.com) to meet up with our team and other Synology enthusiasts!
netatap.belguim
I'm New!
I'm New!
Posts: 5
Joined: Fri May 13, 2016 8:43 am

LOGON.BAT / AD / Policies

Unread post by netatap.belguim » Wed May 09, 2018 1:08 pm

Hello,

I installed the RS818rp + model with an Active Directory / Dns Server configuration for 50 users. The installation works perfectly!

My workstation is under Windows 10 PRO with the necessary components to allow me to manage the active directory with an "administrator" account.

I created a GPO via Group Policy Management for a logon scripts (logon.bat) for all users \ User Configuration \ Policies \ Windows Settings \ Scripts (open / close).

The logon.bat file consists of the following commands:

net use * / delete / y

net use * "\\ servername \ share1"

net use * "\\ servername \ share2"

net use * "\\ servername \ share3"

net use * "\\ servername \ share4"

The user "Robert" has the following accesses:

- share1 (Read / Write)

- share2 (Lecture)

- share3 (No access)

- share4 (Read / Write)

When Robert logs on, the network connections for Share1 and Share2 are well done but NEVER for Share4!

This occurs with multiple users and always when in the timeline of the logon.bat file, one of the folders is not allowed to the user.

It blocks on the command line of the folder with the rights "no access" and does not continue its reading of the file.

Do you have an idea to help me?

Thank you

pgotze
Experienced
Experienced
Posts: 142
Joined: Thu Oct 03, 2013 8:43 am

Re: LOGON.BAT / AD / Policies

Unread post by pgotze » Wed May 09, 2018 2:09 pm

Hi,

did you try first to set the same in Active Directory Console of Synolgy for user Robert? Does this scenario work?

I use similiar logon script, but i do this

net use T: \\NAS01\Transfer
net use F: \\NAS01\Films
net use V: \\NAS01\Video
net use M: \\NAS01\Music
net use P: \\NAS01\Photo
net use H: \\NAS01\Home

And works properly.
DS918+ (4GB RAM, 2x4TB SHR, 2x256GB read/write cache) business, DS916+(8GB RAM, 3x2TB SHR) home, DS213j(512MB RAM, 1x1 TB single, 1x 500GB single) off-site backup

User avatar
Shadow771
Enlightened
Enlightened
Posts: 473
Joined: Sun Jan 28, 2018 11:48 pm
Location: the Netherlands

Re: LOGON.BAT / AD / Policies

Unread post by Shadow771 » Wed May 09, 2018 2:33 pm

I use powershell. Example:

Code: Select all

$ndriveobj = New-Object -Com wscript.network

$ndriveobj.RemoveNetworkDrive("G:", $true, $true)
$ndriveobj.MapNetworkDrive("G:", "\\NAS\share1", $true)
Last edited by Shadow771 on Fri May 11, 2018 3:37 pm, edited 1 time in total.
Synology DS216+II <--> Synology RT1900AC <--> <site-to-site VPN tunnel> <--> Synology RT1900AC <--> Synology DS118

netatap.belguim
I'm New!
I'm New!
Posts: 5
Joined: Fri May 13, 2016 8:43 am

Re: LOGON.BAT / AD / Policies

Unread post by netatap.belguim » Thu May 10, 2018 9:09 pm

Hi,
I thank for your answer.
Logon PowerShell scripts with GPO not working ?
Manually, it works perfectly!
Do you have an idea?

Merci

User avatar
Shadow771
Enlightened
Enlightened
Posts: 473
Joined: Sun Jan 28, 2018 11:48 pm
Location: the Netherlands

Re: LOGON.BAT / AD / Policies

Unread post by Shadow771 » Fri May 11, 2018 3:35 pm

netatap.belguim wrote:
Thu May 10, 2018 9:09 pm
Logon PowerShell scripts with GPO not working ?
Because the Windows OS doesn't associate .PS1 files directly with powershell.exe for security reasons I believe. Anyway, to kick off PowerShell scripts I place it in a network share every user can reach (like the NETLOGON share). Then put a little .BAT file like this in the GPO to call the PowerShell script file:

Code: Select all

@Echo Off
Call powershell -executionpolicy bypass -file "\\NAS\NETLOGON\loginscript.ps1"
As you see here the default execution policy that Windows defaultly restricts is bypassed by this method so it should work on all your Windows devices without changing any settings.
Synology DS216+II <--> Synology RT1900AC <--> <site-to-site VPN tunnel> <--> Synology RT1900AC <--> Synology DS118

McAllister
Trainee
Trainee
Posts: 17
Joined: Mon Jan 29, 2018 12:18 pm

Re: LOGON.BAT / AD / Policies

Unread post by McAllister » Sat May 12, 2018 12:01 pm

I'm using GPO for mapping my shares.

Only problem I'm facing sometimes that one of my PC is booting too fast, and after an immediate logon, the network card or the network in general, is still not properly initialized and the mapping fails.

Michael
DS916+ (8GB) - 2x3 TB WD Red SHR/Btrfs und 2x4 TB Seagate IronWolf, SHR/Btrfs
DS214+ (1GB) - 2x2 TB WD Red SHR
DS211J - 2x2 TB Seagate Constellation ES JBOD (Backup System)

User avatar
Shadow771
Enlightened
Enlightened
Posts: 473
Joined: Sun Jan 28, 2018 11:48 pm
Location: the Netherlands

Re: LOGON.BAT / AD / Policies

Unread post by Shadow771 » Sat May 12, 2018 12:07 pm

McAllister wrote:
Sat May 12, 2018 12:01 pm
I'm using GPO for mapping my shares.

Only problem I'm facing sometimes that one of my PC is booting too fast, and after an immediate logon, the network card or the network in general, is still not properly initialized and the mapping fails.
I think you should create your own topic and post your (different) problem in there and not hijack other people's topics. But your solution should be this one:

https://technet.microsoft.com/en-us/lib ... 86839.aspx

"Always wait for the network at computer startup and logon" policy setting. Of course this could potentially slow down logon speed of your clients a little, but this should solve your problem.
Synology DS216+II <--> Synology RT1900AC <--> <site-to-site VPN tunnel> <--> Synology RT1900AC <--> Synology DS118

netatap.belguim
I'm New!
I'm New!
Posts: 5
Joined: Fri May 13, 2016 8:43 am

Re: LOGON.BAT / AD / Policies

Unread post by netatap.belguim » Sat May 12, 2018 4:16 pm

Very nice.
The GPO works perfectly.
I have other questions but step by step....

Merci

McAllister
Trainee
Trainee
Posts: 17
Joined: Mon Jan 29, 2018 12:18 pm

Re: LOGON.BAT / AD / Policies

Unread post by McAllister » Sun May 13, 2018 8:56 am

Perfect!

please keep in mind that Windows reloads GPO every 30 minutes or so.

If you create those mappings with Action: Replace, your mappings will be removed for a moment and recreated.
In my case some applications noticed that change and closed files or reloaded the files from the appropriate share. Sometimes this is very annoying "feature".

To overcome this I've created my mappings with Action: Update. This way I do not see this issue anymore.
Pls see https://www.itpromentor.com/gp-crud/

Michael
DS916+ (8GB) - 2x3 TB WD Red SHR/Btrfs und 2x4 TB Seagate IronWolf, SHR/Btrfs
DS214+ (1GB) - 2x2 TB WD Red SHR
DS211J - 2x2 TB Seagate Constellation ES JBOD (Backup System)

Locked

Return to “Windows AD Domain”