Logon scripts question

activedirectory

(Bogdan Costin) #34

No, it is not necessary to install a VM.
You can install RSAT on any available windows system that is connected to the network.


(Jeroen Visser) #35

…AND joined to the domain, AND using the Samba AD as DNS server, else it will still not work.


(quizhead) #37

well… every connected automaticly because I installed the RSAT on already domain joined PC
I see everything : Users, pc’s and groups I made in Nethserver.
I just don’t see the user scripts option in the properties
I only see this:
Unbenannt2


(Jeroen Visser) #38

It would seem that you are not using Active Directory Users and Computers for this task, as even without having advanced features on, there are a lot more options in my properties windows.

In order to see the unix attributes and/or edit them, you need advanced features in ADUC.

The correct way to get to the users is opening mmc.exe and adding the snap-in Microsfot Active Directory Users and Computers, and use that to edit the user properties.


(quizhead) #39

DId it and it still the same


(Markus Neuberger) #40

Did you open “Active Directory Users and Computers” with admin rights? Easiest way is to logon with NethServer “admin” or “administrator” User and just open it or open it as other user “DOMAIN\admin”(hold shift key when entering context menu):

Then just browse to “Users” and you should find the Users to edit:

If that does not work please try another client to check if it’s a client or server problem…

Which Windows version do you use?


(quizhead) #42

I can see everything - users, pc’s and groups.
I’m using Windows 10 and I downloaded a client for 10 and I opeped it with admin rights.
The only thing missing in the whole process is the Logon Script in Profile tab like some feature is missing somewhere.
Also profile and remote and joined together for some reason.
See picture above from my answer.


(Markus Neuberger) #43

Seems to be an M$ problem, if you have the possibility just try on another client.

Please check your version of RSAT and try to install actual one and do updates and don’t forget to reboot as M$ systems like it.

https://social.technet.microsoft.com/Forums/ie/en-US/99437fe2-1d6f-44e2-9654-5fd74b486c7b/rsat-windows-10-aduc-missing-normal-tabs?forum=win10itproapps

I am really sorry for you that this all happens on your first NS install…but it’s not your fault, it’s M$ (again)


(quizhead) #45

This is why I don’t want to install any crappy MS features.
It’s always a mess with these guys.
Everything has to be complicated and slow with microsoft.


Network Drive Mapping Policy & Drive Letter Assignment
(Markus Neuberger) #46

There already are some threads, feature requests and plans about improving Windows file server functions in NethServer for not beeing dependant of RSAT. Just feel free to add your opinion…


(Jeroen Visser) #47

I am sorry to say, but this is NOT a Microsoft issue NOR a NethServer issue. I have just repeated my test on a new domain with a new Win10 machine, and it just works as I have shown previously.

Which Windows 10 are you using ? As not all will work:

Remote Server Administration Tools for Windows 10 can be installed ONLY on computers that are running the full release of Windows 10 Professional, Windows 10 Enterprise, or Windows 10 Education.

Also: Remote Server Administration Tools for Windows 10 is available only in English (United States) for this release. If you are running Windows 10 in a language that is not English (United States), be sure that you have installed the English (United States) language pack before you install Remote Server Administration Tools. Move English (United States) to first.

And finally: Actually I found the solution elsewhere.

And because you can’t actually uninstall it properly you will need to re-image or perform a system restore perhaps.

I guess this is why some techs still never update ha ha

The Also and Finally parts are from mmarkus’ link, they might be key here. In short: install a new Win10, upgrade, install English, make sure you have the right version of RSAT, and try again :confused:


(quizhead) #48

My opinion is that it has to be done as soon as possible.
If i was a programmer I would help.


(Markus Neuberger) #49

You may help with testing.


(quizhead) #51

Testing is my profession - any help from me, you have it.


(Markus Neuberger) #52

I tried to push our request here. It’s on my list now but I have to collect some information and think about solutions.

In the meanwhile you may have a look at the wiki (maybe contribute with testing?) or at the German chat:

https://wiki.nethserver.org/doku.php?id=de:howto:volunteering


(quizhead) #54

Thank you.
I will check this as it can improve my German as it is not fluent although my family name is Deutsch :slight_smile:


(quizhead) #55

In the end it was all about the language.
Thank you.


(Tonči Stipičević) #56

Hello to all!
I’m just about testing auto-map shares on the server (incl. home folder) . Everything seems to be pretty easy and correct so far (so good:) . I see this post is about firing scripts after login , but if this is all about just mapping the shares than we do not need scripts at all. As soon as we successfully install RSAT on domain member, GPOs are ready to be used in order to automatically map shares. Best practice would be to use OUs because then GPO usage is very well controlled.
The steps to take:

  1. install DC - this operation results in ADDC ("container"ized AD engine (i.e. nsdc-server1) with separate IP address) and FileServer (server1 - our CentOS itself) itself that is actually joined to this AD domain we just created. (I like this scenario and please correct me if this explanation is wrong)
  2. install RSAT and start managing this domain only from this tool. There is no need to create users from neth gui because it is questionable whether we need linux users with their linux home folders. (I think we don’t)
  3. Home-folders -> In MsWin world we create one share for home folders , accessible (rw) for every domain user. That is what I did here , from neth-gui (i.e. \dc01\homes
    After that I create new user with RSAT-ADUC tool and put this “key”-string here:
    image
    This %username% tells AD to make folder in \dc01\homes named by the user whose properties we edit, and generate such ntfs permissions that only domain-admin and this user can access this folder (this is actually what home-folder is about :slight_smile:
    Next time this user logs in , his home folder maps automatically .
  4. Mapping other shares -> use GPOs without risk ! :slight_smile:

    If actual user belongs to the OU which has this GPO linked, after login this share will be automatically mapped.
  5. If we want to use script for something else , it works too … just put script name here:
    image
    and create it previously in this locatin (as domain admin):
    image
    Script login1.bat run after user login.
    Afterwards , you can find it here (under the hood :slight_smile:

[root@dc01 tonci1]# find / -name login1.bat
/var/lib/machines/nsdc/var/lib/samba/sysvol/ns01dom.local/scripts/login1.bat
[root@dc01 tonci1]#

From this experience of mine I can say that RSAT itself did all the work (w/o any mistake :slight_smile: ) which is very good from my point of view… Maybe we could ask ourselves : where is the catch? :slight_smile:

Generating users from RSAT eliminates the confusion when opening network-neihgbourhood because then “linux-home” folders are not seen , 'cause there is not any. There is not too many shares visible …

I something goes wrong we can always reach our data here:
[root@dc01 tonci1]# ls -al /var/lib/nethserver/ibay/
total 0
drwxrwxr-x. 4 root root 33 Mar 16 21:50 .
drwxr-xr-x. 8 root root 89 Feb 3 21:17 …
drwxrws— 7 root domain users@ns01dom.local 76 Mar 16 23:49 homes
drwxrws—+ 3 root domain users@ns01dom.local 21 Mar 15 09:34 share1

“homes” is this global-home share that contains all user (home) folders with previously explained permissions, and “share1” is the share I mapped through GPO

So far so (very) good !!! :slight_smile:

From now on I will continue testing this scenario and other ones I find useful in MS world …

That all from me so far
Thank you for attention and cooperation
’till next post
Best regards
Tonci


(Tonči Stipičević) #57

… sorry i mixed up pictures…
at this point:
… and create it previously in this locatin (as domain admin):
comes this picture:
image


(Tonči Stipičević) #58

… I must correct myself :slight_smile:
So , yes, linux users are generated also (now I remember I read it in one other post) , and their home folders that are all visible as shares from this server , and every home share shows all home folders from other users but only own folder can be entered… Is this expected behaviour ?

Now I got answer where the users we generated from rsat are and I assume we need them (as linux ones) for other services like mail, etc…

Best regards
Tonci