iT邦幫忙

0

win7/10 如何透過gpo 中使用powershell 在Login script 中依照adgroup 執行條件

在公司AD 中,希望每一個用戶在單一users OU 中,透過ad group 進行分別執行 條件中的script
例如:

import-module activedirectory 
if(!($env:COMPUTERNAME -like "AA0*" -or $env:COMPUTERNAME -like "BB0*")) 
{ 
#取得 user 所有資訊 
$i = Get-ADUser -Identity $u -Properties * 
#取得 user Group 資訊
$j = $i.memberof 
#網路路徑 
$userfile1 = "\\domain.com\vdidatastore\UserData\$env:username" 
$userfile2 = "\\data11\userdatav3$\$env:username" 
$idfile = "\\ID.domain.com\ID" 
$Daily = "\\Daily.domain.com\Dailymeeting" 
#螢幕保護 
$screenREG = "HKCU:SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop" 
$screenVendor = "\\domain.com\datastore\Software\screensaver\screensaverVendor.scr" 
$screenUser = "\\domain.com\datastore\Software\screensaver\screensaver20191202.scr" 
#DeepSecurity啟動腳本
$DSPatch = "\\domain.com\sysvol\domain.com\Policies\{B1B648E3-6FE4-4D4E-81B8-605B5A39BEBC}\User\Scripts\Logon\DeepSecurity_update.bat" 
foreach ($k in $j) 
{#拆開user Group 
    if ($k -split (",")[0] -contains "CN=Vendors" -and $k -split (",")[0] -contains "CN=VDIUserGroupOAv3") 
    {#判斷 user 为Vendor 且有VDI V3 則連V3 Z槽
        if(!(Test-Path "$userfile2")) 
            { 
                New-Item $userfile2 -ItemType directory 
            } 
        net use H: "$idfile" 
        net use I: "\\file.domain.com\Public" 
        net use G: "\\file.domain.com\Project" 
        net use J: "\\file.domain.com\Department" 
        net use Z: "$userfile2" 
        #啟動Deep Security Agent 
        Start-Process $DSPatch -NoNewWindow 
        #設定螢幕保護 
        Set-ItemProperty -Path $screenREG -Name "SCRNSAVE.EXE" -Value "$screenVendor" 
        "VendorV3" 
        #Exit 
    }elseif ($k -split (",")[0] -contains "CN=Vendors" -and $k -split (",")[0] -contains "CN=VDIUserGroup") 
    { 
        if(!(Test-Path "$userfile1")) 
            { 
                New-Item $userfile1 -ItemType directory 
            } 
        net use H: "$idfile" 
        net use I: "\\file.domain.com\Public" 
        net use G: "\\file.domain.com\Project" 
        net use J: "\\file.domain.com\Department" 
        net use Z: "$userfile1" 
        #設定螢幕保護 
        Set-ItemProperty -Path $screenREG -Name "SCRNSAVE.EXE" -Value "$screenVendor" 
        "VendorV1" 
        #Exit 
    } 
    
} 
} 

以上這樣的條件下,在Win7/Win10 下無法執行,因為無法判斷adgroup
不曉得這邊有沒有人有經驗可以協助?

froce iT邦大師 3 級 ‧ 2020-01-13 22:27:16 檢舉
https://stackoverflow.com/questions/5072996/how-to-get-all-groups-that-a-user-is-a-member-of
empiresx iT邦新手 5 級 ‧ 2020-01-14 22:07:18 檢舉
看不太懂此文章裡的解釋QQ

尚未有邦友回答

立即登入回答