Powershell - "IF NOT MEMBER OF" then EXIT
Hi guys,
We have a domain with 250 users.
I have written a very simple PS script - The script runs at login (as a Group policy login script - bit its only aimed at two departments only) the script checks for the existence of a "flag file" in a user share - if it doesn't exist, then it copies some files and folders from an "application" share down to the users local drive, and then creates a flag file into the users network share)
It all works fine, but the only snag is, it runs for everyone, and if the person doesn't have permission to the network share (not in the right security group, it still runs the script, and creates the flag file - but cant copy the files.
Now, although its not a massive problem, it would be great if the script could do a check as it launches, checking the users security group permission, to dictate if the script runs or not, something like, IF NOT MEMBER OF "domain\tax" then QUIT else proceed...
Is this easily achievable?
Many thanks for reading.
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
rileyz
8 years ago
You really should run the script with Item Level Targeting, as that is more efficient than getting than script to run for everyone. This can be set in the GPO.
But if you want to carry on with the script, see blow...
http://pastebin.com/9FDRfP1C
http://pastebin.com/9FDRfP1C
*expires in one month
ps. you could of just google this in about 10 mins.
function Check-IsGroupMember{
Param($user,$grp)
$strFilter = "(&(objectClass=Group)(name=" + $grp +"))"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"
$colResults = $objSearcher.FindOne()
$objItem = $colResults.Properties
([string]$objItem.member).contains($user)
([string]$objItem.member).contains($user)
} #https://social.technet.microsoft.com/Forums/office/en-US/ca6da384-8a9c-4f31-8e45-187e0d9a7b3c/confirming-ad-group-membership-using-powershell?forum=winserverpowershell
$Username = [Environment]::UserName
$GroupMemberName1 = "Accounting"
$GroupMemberName2 = "Technology"
$GroupMemberName1 = "Accounting"
$GroupMemberName2 = "Technology"
If ((Check-IsGroupMember "$Username" "$GroupMemberName1") -or (Check-IsGroupMember "$Username" "$GroupMemberName2"))
{Write-Output 'Put your code here to do stuff'
Write-Output 'Put your code here to do stuff'
Write-Output 'Put your code here to do stuff'
Write-Output 'Put your code here to do stuff'}
Else{Write-Output 'The user is not in the group, do nothing'}
{Write-Output 'Put your code here to do stuff'
Write-Output 'Put your code here to do stuff'
Write-Output 'Put your code here to do stuff'
Write-Output 'Put your code here to do stuff'}
Else{Write-Output 'The user is not in the group, do nothing'}
