Cannot run vb script as domain user

TheMSsForum.com: The Microsoft Software Forum

Hi all:

I was wondering if anyone can help me figure out why I am getting a
"Permission denied: 'Get Object' " error message when I try to run a
logon script created using vb. Below is a copy of the script. It
seems that I'm getting this error at the very end. Can anyone tell me
exactly where the permissions need to be set and what permissions are
needed? I have the Windows 2003 default permissions and it is still
not working.


Option Explicit ' Force explicit declarations
'
' Variables
'
Dim RCKNetwork
Dim FSO
Dim strUserName ' Current user
Dim strUserDomain ' Current User's domain name
Dim strDFS ' Path to the DFS root
Dim strDepartment ' Current User's Department
Dim strLDrv ' Current user's L: Drive location
Dim strSDrv ' Current user's S: Drive location
Dim ObjGroupDict ' Dictionary of groups to which the user belongs
Dim AllDrives ' A listing of all drives that already exist
Dim MapLDrive ' Used to determine is user will have a L: Drive
Dim i

Set RCKNetwork = CreateObject("WScript.Network")
Set FSO = CreateObject("Scripting.FileSystemObject")
Set AllDrives = RCKNetwork.EnumNetworkDrives()

strUserName = RCKNetwork.UserName
strUserDomain = RCKNetwork.UserDomain
strDFS = "\\RCKDOMAIN\Shares\"
strLDrv = "\\192.168.20.15\" & strUserName

' Read the user's account "Member Of" tab info across the network
' once into a dictionary object.

' Test for L:, Q:, S:, U:, & Z: then delete them if they exist
For i = 0 To AllDrives.Count - 1 Step 2
If AllDrives.Item(i) = "L:" Then RCKNetwork.RemoveNetworkDrive "L:",
True, True
If AllDrives.Item(i) = "P:" Then RCKNetwork.RemoveNetworkDrive "P:",
True, True
If AllDrives.Item(i) = "Q:" Then RCKNetwork.RemoveNetworkDrive "Q:",
True, True
If AllDrives.Item(i) = "S:" Then RCKNetwork.RemoveNetworkDrive "S:",
True, True
If AllDrives.Item(i) = "U:" Then RCKNetwork.RemoveNetworkDrive "U:",
True, True

Next

Set ObjGroupDict = CreateMemberOfObject(strUserDomain, strUserName)
MapLDrive = TRUE
strDepartment = ""
' Admins, do not have an L: drive
If MemberOf(ObjGroupDict, "Domain Admins") Then MapLDrive = FALSE
If MemberOf(ObjGroupDict, "Help Desk Admins") Then MapLDrive = FALSE

' Find Current User's Department
If MemberOf(ObjGroupDict, "Accounting Group") Then strDepartment =
"Accounting"
If MemberOf(ObjGroupDict, "Marketing Group") Then strDepartment =
"Marketing"
If MemberOf(ObjGroupDict, "Finance Group") Then strDepartment =
"Finance"
If MemberOf(ObjGroupDict, "Research Group") Then strDepartment =
"Research"

' Map the S: Drive
strSDrv = strDFS & "Departments\" & strDepartment
If strDepartment <> "" Then RCKNetwork.MapNetworkDrive "S:", strSDr

' Now we will map all Custom Drives

If MemberOf(ObjGroupDict, "Domain Admins") Then
RCKNetwork.MapNetworkDrive "P:", strDFS & "Software\APPS"
If MemberOf(ObjGroupDict, "Help Desk Admins") Then
RCKNetwork.MapNetworkDrive "P:", strDFS & "Software\APPS"
If MemberOf(ObjGroupDict, "Audit Group") Then
RCKNetwork.MapNetworkDrive "Q:", strDFS &
"Departments\Accounting\Audit"
If MemberOf(ObjGroupDict, "Sales Group") Then
RCKNetwork.MapNetworkDrive "Q:", strDFS & "Departments\Marketing\Sales"
If MemberOf(ObjGroupDict, "Proposal Group") Then
RCKNetwork.MapNetworkDrive "T:", strDFS &
"Departments\Finance\Proposals"
If MemberOf(ObjGroupDict, "Development Group") Then
RCKNetwork.MapNetworkDrive "U:", strDFS &
"Departments\Research\Develop"

' Map L: Drive
If MapLDrive = TRUE Then RCKNetwork.MapNetworkDrive "L:", strLDrv

Function MemberOf(ObjDict, strKey)
' Given a Dictionary object containing groups to which the user
' is a member of and a group name, then returns True if the group
' is in the Dictionary else return False.
'
' Inputs:
' strDict - Input, Name of a Dictionary object
' strKey - Input, Value being searched for in
' the Dictionary object
' Sample Usage:
'
' If MemberOf(ObjGroupDict, "DOMAIN ADMINS") Then
' wscript.echo "Is a member of Domain Admins."
' End If
'
'
MemberOf = CBool(ObjGroupDict.Exists(strKey))

End Function


Function CreateMemberOfObject(strUserDomain, strUserName)
' Given a domain name and username, returns a Dictionary
' object of groups to which the user is a member of.
'
' Inputs:
'
' strDomain - Input, NT Domain name
' strUserName - Input, NT username
'
Dim objUser, objGroup

Set CreateMemberOfObject = CreateObject("Scripting.Dictionary")
CreateMemberOfObject.CompareMode = vbTextCompare
Set objUser = GetObject("WinNT://" _
& strDomain & "/" _
& strUserName & ",user")
For Each objGroup In objUser.Groups
CreateMemberOfObject.Add objGroup.Name, "-"
Next
Set objUser = Nothing


I have verified that both authenticated users group and domain users
group the default permissions to include the read and apply policy
permission. Is there something I'm overlooking?

Please assit

thank you

Jerrald Noland
jnoland767@hotmail.com


End Function
Top

Re: Cannot run vb script as domain user by Richard

Richard
Tue May 09 11:00:19 CDT 2006

Hi,

I see a few errors.

The Function CreateMemberOfObject lacks a "End Function" statement (probably
copy error).
strDomain in this function should be strUserDomain (this may account for the
GetObject error).
strSDr may not be defined (maybe should be strSDrv).

I would suggest running the script at a command prompt. The error message
should indicate the line number that raises the error, which should help in
troubleshooting.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net

<jnoland767@hotmail.com> wrote in message
news:1147122019.220257.234320@y43g2000cwc.googlegroups.com...
> Hi all:
>
> I was wondering if anyone can help me figure out why I am getting a
> "Permission denied: 'Get Object' " error message when I try to run a
> logon script created using vb. Below is a copy of the script. It
> seems that I'm getting this error at the very end. Can anyone tell me
> exactly where the permissions need to be set and what permissions are
> needed? I have the Windows 2003 default permissions and it is still
> not working.
>
>
> Option Explicit ' Force explicit declarations
> '
> ' Variables
> '
> Dim RCKNetwork
> Dim FSO
> Dim strUserName ' Current user
> Dim strUserDomain ' Current User's domain name
> Dim strDFS ' Path to the DFS root
> Dim strDepartment ' Current User's Department
> Dim strLDrv ' Current user's L: Drive location
> Dim strSDrv ' Current user's S: Drive location
> Dim ObjGroupDict ' Dictionary of groups to which the user belongs
> Dim AllDrives ' A listing of all drives that already exist
> Dim MapLDrive ' Used to determine is user will have a L: Drive
> Dim i
>
> Set RCKNetwork = CreateObject("WScript.Network")
> Set FSO = CreateObject("Scripting.FileSystemObject")
> Set AllDrives = RCKNetwork.EnumNetworkDrives()
>
> strUserName = RCKNetwork.UserName
> strUserDomain = RCKNetwork.UserDomain
> strDFS = "\\RCKDOMAIN\Shares\"
> strLDrv = "\\192.168.20.15\" & strUserName
>
> ' Read the user's account "Member Of" tab info across the network
> ' once into a dictionary object.
>
> ' Test for L:, Q:, S:, U:, & Z: then delete them if they exist
> For i = 0 To AllDrives.Count - 1 Step 2
> If AllDrives.Item(i) = "L:" Then RCKNetwork.RemoveNetworkDrive "L:",
> True, True
> If AllDrives.Item(i) = "P:" Then RCKNetwork.RemoveNetworkDrive "P:",
> True, True
> If AllDrives.Item(i) = "Q:" Then RCKNetwork.RemoveNetworkDrive "Q:",
> True, True
> If AllDrives.Item(i) = "S:" Then RCKNetwork.RemoveNetworkDrive "S:",
> True, True
> If AllDrives.Item(i) = "U:" Then RCKNetwork.RemoveNetworkDrive "U:",
> True, True
>
> Next
>
> Set ObjGroupDict = CreateMemberOfObject(strUserDomain, strUserName)
> MapLDrive = TRUE
> strDepartment = ""
> ' Admins, do not have an L: drive
> If MemberOf(ObjGroupDict, "Domain Admins") Then MapLDrive = FALSE
> If MemberOf(ObjGroupDict, "Help Desk Admins") Then MapLDrive = FALSE
>
> ' Find Current User's Department
> If MemberOf(ObjGroupDict, "Accounting Group") Then strDepartment =
> "Accounting"
> If MemberOf(ObjGroupDict, "Marketing Group") Then strDepartment =
> "Marketing"
> If MemberOf(ObjGroupDict, "Finance Group") Then strDepartment =
> "Finance"
> If MemberOf(ObjGroupDict, "Research Group") Then strDepartment =
> "Research"
>
> ' Map the S: Drive
> strSDrv = strDFS & "Departments\" & strDepartment
> If strDepartment <> "" Then RCKNetwork.MapNetworkDrive "S:", strSDr
>
> ' Now we will map all Custom Drives
>
> If MemberOf(ObjGroupDict, "Domain Admins") Then
> RCKNetwork.MapNetworkDrive "P:", strDFS & "Software\APPS"
> If MemberOf(ObjGroupDict, "Help Desk Admins") Then
> RCKNetwork.MapNetworkDrive "P:", strDFS & "Software\APPS"
> If MemberOf(ObjGroupDict, "Audit Group") Then
> RCKNetwork.MapNetworkDrive "Q:", strDFS &
> "Departments\Accounting\Audit"
> If MemberOf(ObjGroupDict, "Sales Group") Then
> RCKNetwork.MapNetworkDrive "Q:", strDFS & "Departments\Marketing\Sales"
> If MemberOf(ObjGroupDict, "Proposal Group") Then
> RCKNetwork.MapNetworkDrive "T:", strDFS &
> "Departments\Finance\Proposals"
> If MemberOf(ObjGroupDict, "Development Group") Then
> RCKNetwork.MapNetworkDrive "U:", strDFS &
> "Departments\Research\Develop"
>
> ' Map L: Drive
> If MapLDrive = TRUE Then RCKNetwork.MapNetworkDrive "L:", strLDrv
>
> Function MemberOf(ObjDict, strKey)
> ' Given a Dictionary object containing groups to which the user
> ' is a member of and a group name, then returns True if the group
> ' is in the Dictionary else return False.
> '
> ' Inputs:
> ' strDict - Input, Name of a Dictionary object
> ' strKey - Input, Value being searched for in
> ' the Dictionary object
> ' Sample Usage:
> '
> ' If MemberOf(ObjGroupDict, "DOMAIN ADMINS") Then
> ' wscript.echo "Is a member of Domain Admins."
> ' End If
> '
> '
> MemberOf = CBool(ObjGroupDict.Exists(strKey))
>
> End Function
>
>
> Function CreateMemberOfObject(strUserDomain, strUserName)
> ' Given a domain name and username, returns a Dictionary
> ' object of groups to which the user is a member of.
> '
> ' Inputs:
> '
> ' strDomain - Input, NT Domain name
> ' strUserName - Input, NT username
> '
> Dim objUser, objGroup
>
> Set CreateMemberOfObject = CreateObject("Scripting.Dictionary")
> CreateMemberOfObject.CompareMode = vbTextCompare
> Set objUser = GetObject("WinNT://" _
> & strDomain & "/" _
> & strUserName & ",user")
> For Each objGroup In objUser.Groups
> CreateMemberOfObject.Add objGroup.Name, "-"
> Next
> Set objUser = Nothing
>
>
> I have verified that both authenticated users group and domain users
> group the default permissions to include the read and apply policy
> permission. Is there something I'm overlooking?
>
> Please assit
>
> thank you
>
> Jerrald Noland
> jnoland767@hotmail.com
>
>
> End Function
>


Top

Re: Cannot run vb script as domain user by jnoland767

jnoland767
Tue May 30 09:13:06 CDT 2006

I've made all the necessary changes that was suggested and still I'm
getting the permission denied message. The thing that I can't seem to
get is where to do I go to check the permission level? Is it in Active
Directory? Is it on a particular domain controller?

I seemed to be getting the error at this part of the script.

Set CreateMemberOfObject = CreateObject("Scripting.Dictionary")
CreateMemberOfObject.CompareMode = vbTextCompare
Set objUser = GetObject("WinNT://" _
& strDomain & "/" _
& strUserName & ",user")
For Each objGroup In objUser.Groups
CreateMemberOfObject.Add objGroup.Name, "-"
Next
Set objUser = Nothing

Domain Admins have no problems what so ever...domain users, get the
'permisson denied:' "GetObject" error code is 800A0046.

With this, domain users need so sort of read or exeucte right but I
just don't know where the rights need to be set

Top