hi , i did it like this
[netlogon]
sharemodes = No
rootpreexec = /var/lib/samba/netlogon/login.pl %U %G
%m %L
comment = Netlogon Share
browseable = No
path = /var/lib/samba/netlogon
guestok = Yes
writelist = @ntadmin
locking = no
public = no
cscpolicy = disable
#!/usr/bin/perl
#
# login.pl
# User $ARGV[0], Group $ARGV[1], client machine $ARGV[2], server $ARGV[3]
# creation on the fly logon scripts by robowarp@gmx.de inspired by
genlogon.pl
# Log client connection
#($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
open LOG, ">>/smbmonitor/user/netlogon.txt";
print LOG "$mon/$mday/$year $hour:$min:$sec - User $ARGV[0] Group
$ARGV[1]\n
from $ARGV[2] in $ARGV[3]";
close LOG;
# Start generating logon script for user
open LOGON, ">/var/lib/samba/netlogon/$ARGV[0].bat";
print LOGON "\@ECHO OFF\r\n echo %USERNAME%\r\n call send.bat\r\n";
# Start generating logon script for machine for different security
monitoring
open LOGON, ">/var/lib/samba/netlogon/$ARGV[2].bat";
print LOGON "\@ECHO OFF\r\n call chkdir.bat\r\n call listapp.bat >
\\\\$ARGV[3]\\smbmonitor\\machines\\$ARGV[2]\\software\\$A$
# Start generating logon script for group
open LOGON, ">/var/lib/samba/netlogon/$ARGV[1].bat";
print LOGON "\@ECHO OFF\r\n";
# Connect shares for group users
if ($ARGV[1] eq "users")
{
print LOGON "NET USE X: \\\\$ARGV[3]\\files\r\n";
}
# Connect shares for group ntadmin
if ($ARGV[1] eq "ntadmin")
{
print LOGON "NET USE Y: \\\\$ARGV[3]\\smbmonitor\r\n";
}
logonscript = login.bat
login.bat
@echo off
net time \\files /set /yes
rem by robowarp@gmx.de leave to public as it is , dont think of asking me
rem created for samba 3 login, the bat files were creted on the fly by
rem genlogin.pl
rem this script is only valid for win2000/NT/XP
rem exec bat for logged in machine ( maybe software status or machine data )
echo %COMPUTERNAME%
call %COMPUTERNAME%.bat
rem exec bat for login user
echo %USERNAME%
call %USERNAME%.bat
rem exec bat for different groups
rem ifmember.exe must be in the netlogon share download it at microschrott
rem be aware that ifmember will give result in the current win language
rem unlike normal dos, positive result from ifmember will match in
errorlevel 1
ifmember /v /l "MUSI\Domain Users"
if errorlevel 1 call users.bat
ifmember /v /l "MUSI\Domain Admins"
if errorlevel 1 call ntadmin.bat
ifmember /v /l "MUSI\kids"
if errorlevel 1 call kids.bat
i advice you to study
genlogin.pl in the smb source
on ms technet load down ifmember.exe
and final sec policies are a good combination with this scripts
for a log of installed software you can use this
@echo off
regedit /a %TEMP%\filename.reg
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
for /f "Skip=1 Tokens=*" %%i in ('type %TEMP%\Filename.reg')
do set
line="%%i"&call :parse
goto :EOF
:parse
set work=%line:~2,11%
set work=%work:"=%
If NOT "%work%" EQU "DisplayName" goto :EOF
set work=%line:~16,120%
set work=%work:"=%
@echo %work%
psinfo ( load down at pstools)
PsInfo 1.34 - local and remote system information viewer
Copyright (C) 2001-2002 Mark Russinovich
Sysinternals - www.sysinternals.com
Querying information for BUERO...^M
^MSystem inf$
Uptime: Error reading uptime
Kernel version: Microsoft Windows 2000, Uniprocessor Free
Product type: Professional
Product version: 5.0
Service pack: 4
Kernel build number: 2195
Registered organization: musi
Registered owner: musi
Install date: 13.11.2003, 14:31:32
IE version: 6.0000
System root: C:\WINNT
Processors: 1
Processor speed: 865 MHz
Processor type: Intel Pentium III
Physical memory: 640 MB
Volume Type Format Label Size Free
Free
A: Removable
0%
C: Fixed NTFS 38.2 GB 33.7 GB
88%
D: CD-ROM
0%
E: CD-ROM
0%
Z: Remote NTFS root 9.1 GB 6.1 GB
67%
OS Hot Fix Installed
KB329115 13.11.2003
KB820888 13.11.2003
KB822831 13.11.2003
KB823182 13.11.2003
KB823559 13.11.2003
KB824105 13.11.2003
KB824141 13.11.2003
KB824146 13.11.2003
KB825119 13.11.2003
KB826232 13.11.2003
KB828035 13.11.2003
KB828749 13.11.2003
also
this will produce monitor files like this
from buero in files0/29/104 14:53:40 - User lothar Group users
from buero in files0/29/104 16:4:30 - User kind Group users
from herren in files0/29/104 16:13:39 - User team Group users
from buero in files0/30/104 11:30:11 - User team Group users
from buero in files0/30/104 11:39:17 - User lothar Group users
from buero in files0/30/104 14:44:26 - User team Group users
from buero in files0/30/104 15:38:18 - User lothar Group users
and
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
AntiVir/XP
hp officejet g series
Microsoft Internet Explorer 6 SP1
Microsoft Internet Explorer Administration Kit 5
Internet Explorer Q824145
Ahead InCD
Electronic Arts Product Registration
IrfanView (remove only)
Windows 2000-Hotfix - KB329115
Windows 2000-Hotfix - KB820888
Windows 2000-Hotfix - KB822831
Windows 2000-Hotfix - KB823182
Windows 2000-Hotfix - KB823559
Windows 2000-Hotfix - KB824105
Windows 2000-Hotfix - KB824141
Windows 2000-Hotfix - KB824146
Windows 2000-Hotfix - KB825119
Windows 2000-Hotfix - KB826232
Windows 2000-Hotfix - KB828035
Windows 2000-Hotfix - KB828749
Ahead InCD EasyWrite Reader
Outlook Express Update Q330994
PuTTY version 0.53b
Windows 2000-Hotfix (SP5) Q818043
Windows Media Player-Hotfix [Weitere Informationen finden Sie in wm828026]
QuickTime
TightVNC 1.2.9
Tweak UI
UltimateZip 2.6
Winamp3 (remove only)
WinSCP 3.3
Windows Media Player-Systemupdate (9-Reihe)
Microsoft Office 2000 SR-1 Small Business
Harry Potter TM
log files can look like this
[2004/01/29 14:33:00, 2] smbd/open.c:open_file(250)
team opened file profile/Anwendungsdaten/Microsoft/Office/Zuletzt
verwendet/OLK39A.LNK read=Yes write=No (numopen=34)
[2004/01/29 14:33:00, 2] smbd/open.c:open_file(250)
so you can see , everything ,hardware,software,login,action on the server
share can be logged
and you can create logon scripts on the fly for different users groups and
machines
additional use of security policies makes the smb pdc acting nearly like (
may be better than a nt pdc )
regards
----- Original Message -----
From: "Anders Norrbring" <anders@norrbring.biz>
To: "'Samba user list'" <samba@lists.samba.org>
Sent: Sunday, February 01, 2004 4:35 PM
Subject: [Samba] Several logon script bat files?
> I simply wonder if I can have several different logon script bat files for
> MS Win users that validates through my Samba PDC?
>
> Let's say that group "users" should have logon batch
users.bat and the
> members of the group "sales" should have both users.bat and
sales.bat
> executed at logon? Or can I in some way use ONE script with parameters
that> knows about what groups the user is a member of and execute the correct
> drive mappings on their Windows workstation?
>
> Anders Norrbring
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>