Group-Aware Logon Scripts

Ifmember and KiXtart add flexibility

Write a few logon batch scripts, and you'll soon be disappointed with their shortcomings. The basic problem with batch scripts is that they're only batch files and are no more capable than batch files.

For example, suppose you're writing a batch file and you want one kind of action to occur when an administrator runs the file and another kind of action to occur when a user runs the file. More specifically, say you have a share with some administrative tools in it called \sxl0\atools; you want to map that share to drive W when an administrator logs on but not map the drive when a nonadministrative user logs on. How do you make this distinction? How do you tell a batch file that someone's in a particular group? The command interpreter, cmd.exe, doesn't provide one simple tool, but the Microsoft Windows NT 4.0 Resource Kit includes a couple of useful tools. This month, I describe these resource kit tools that let you write more powerful batch files.

If you are an old-time NT, Windows, or DOS batch expert, you'll appreciate the resource kit's Ifmember. Many resource kit utilities run on a server, so you don't need to distribute them to workstations. But ifmember.exe is a client-side tool and needs to be present on or available to each user's workstation to work. You can put ifmember.exe on every user's hard disk, but that's too much work. An easier way is to put ifmember.exe into the same directory as the logon batch files. (The Netlogon directory is the default directory when the logon batch file is running. Ergo, putting a program into Netlogon installs the program instantly, hands-off.)

Ifmember is a simple program; it looks like

IFMEMBER groupl group2 group3...

where the groups are the names of user groups. If the group's name includes a space between letters, such as Domain Admins, enclose the name in quotation marks. If the person running Ifmember is a member of one of the groups named, Ifmember ends with return code 1. You can then use Errorlevel to test for this return code's occurrence, as in the following example:

@echo off
ifmember "domain admins"
if not errorlevel 1 goto user
echo you're an admin!
goto quit
echo just a regular user

This batch file checks your groups to see whether you're a member of the Domain Admins group. (Note that Ifmember isn't case-sensitive.) The next line, if not errorlevel 1 goto user, checks whether your return code is equal to 1. If the code isn't 1, the batch file skips ahead to the user: line. Then, the file displays the message just a regular user and ends. However, if the return code is equal to 1, the batch file runs the next line, displays you're an admin!, and jumps to the end of the batch file. You can implement the previous drive map example as follows:

@echo off
ifmember administrators "domain admins"
if not errorlevel 1 goto quit
net use w: \\sxOl\atools

However, Ifmember works on only NT workstations. For Windows 9x machines, KiXtart is your only option. Although the official name is KiXtart 95, you can use KiXtart to build very flexible batch files on NT and Win9x workstations. KiXtart is a complete programming environment, with a comprehensive programming language using If...Then...Else constructs and Goto and Select statements, and includes nearly all the program control you find in Basic programming. KiXtart also has a rich set of built-in functions, including a function named Ingroup, which lets you write program lines such as

IF INGROUP("Domain Admins") RUN "net use w: \\sxOl\atools"

Logon batch scripts might still cause you some frustration, but Ifmember and KiXtart will help you write significantly more flexible logon batch scripts.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.