Automating new user and other stuff input

[amfony]

Hello gang,

its been a while but i still have questions.

Now it being the end of the year i have a buch (about 48) new users to put into my system (win2k AD xp clients).

What i want to know is how can i do this automated? Like having an excels or usernames where cetain scripts could run off perhaps?

Thats one issue - but i was wondering now and this is the real pain in thass part of new users.

Is that i have to go into the File server and make a new folder and name it after that user and then give full access to that folder for that user - hence creating a home folder for the user only acdesible by themself and ofcourse IT administration.

Can i do this automated? Im sure big ass companies dont sit there and do this stuf manually.

Cheers fellas

[Aaron P]

Create a share with secure permissions for users to create home folders:

How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003

http://support.microsoft.com/default.aspx?...kb;en-us;274443

Create the target folder in the user's context - you can do this with a logon script e.g:

MD \\SERVER\HOME\%USERNAME%

or via Folder Redirection - redirect My Documents to the target folder: e.g. \\SERVER\HOME\%USERNAME%\My Documents

Then in a logon script map the home drive the location created. This way you don't need to add anything to the user properties.

You can also use the same approach listed in the KB article for secure profile folders as well.

[travelcard]

Here is what we use to add pupils in our school. First is an example of the text file that is read by the batch file. The username, password and description are seperated by comma's but no spaces. The description makes it handy to find them in active directory afterwards when you sort by that column.

pupil.txt

johnsmith,password,year 10
MarkJones,megatron,year 8
JaneRussell,magic,year 9

AddPupils.bat

@echo on

for /f "tokens=1,2,3 delims=," %%1 in (pupils.txt) do (

:: Add user (net user username,password
:: comment is description - scriptpath is the logon
:: script and profile path is the location of their
:: profile. Only username and password are compulsary'

	net user "%%1" "%%2" /add /comment:%%3 /scriptpath:pupil.bat /profilepath:\\%computername%\profiles$\pupils

:: Make their home folder

	md "d:\users\pupils\%%1"

:: Set permissions on home folder

	cacls "d:\users\pupils\%%1" /G "%%1":F /e
	cacls "d:\users\pupils\%%1" /G Administrators:F /e
	cacls "d:\users\pupils\%%1" /G Managers:F /e
	cacls "d:\users\pupils\%%1" /G Staff:F /e
	cacls "d:\users\pupils\%%1" /E /R Everyone
	cacls "d:\users\pupils\%%1" /E /R Users

:: Add new user to appropriate group

	net group Pupils "%%1" /add

:: Share the user's folder and set permissions

	net share "%%1$"="d:\users\pupils\%%1" /cache:none /grant:"%%1",full /grant:"staff",full /grant:"managers",full /grant:"administrators",full
)

[semaja2.net]

wow thats a nice script that would really speed things up

[travelcard]

I've just noticed that I should have put quotes around the comment part. Without the quotes it will fail if you have a space in there - which I did in my example :blush:

So that line should be:

 net user "%%1" "%%2" /add /comment:"%%3" /scriptpath:pupil.bat /profilepath:\\%computername%\profiles$\pupils

One other thing might be worth considering. You will see that we've given the user full control to his own folder, which you might think makes sense. Unfortunately, that means they can take ownership of files and folders in there, so sometimes either deliberately or by accident they will make themselves the owner and remove the rights of the administrator etc. That is very easy to get back, of course, but it can mean that *some* types of backup will then skip the guy's files because it doesn't have access to the folder.

To solve this, we now only give the user read,write,change access to his folder so he now doesn't have the ability to take ownership OR remove other people's rights. Change the first 'cacls' line in batch file as follows if you want to make this happen

 cacls "d:\users\pupils\%%1" /G "%%1":R /e
 cacls "d:\users\pupils\%%1" /G "%%1":W /e
 cacls "d:\users\pupils\%%1" /G "%%1":C /e