Datacrash.net - Build a start-menu using Xcopy

Build a start-menu using Xcopy

Written by Hans Straat, Monday, 27 March 2006

Introduction

This howto will show you how you can build a dynamic startmenu for users logging on to a terminal server. We used certain standards to implement it and you can offcourse implement your own standards.

The standards

Every software package has it's own security group (app.notepad, app.office2003 etc)

Users are members of security groups app.notepad if they need notepad etc.

Created Robocopy user in active directory to run the script with

Created shares Logon$ on the distribution point (source) logon$ on the server (destination)

Share permissions on the logon$

Robocopy Full Control
Administrators Full Control
Authenticated Users List
System Full Control

NTFS permissions

Per folder for example Office 2003

Administrators Full Control
Robocopy Full Control
App.Office2003 Read, List and Execute
System Full Control

All users\start menu\programs added group Deny all users start menu (deny read) this way you will not see the all users start menu which is over-ruling the user start menu.

After you set this permissions you can start to fill up the logon$ source directory see example picture.

logon share

The copy script for the logon shares is as following.

Mind it is 1 string!!

robocopy \\ServerSourcename\logon$ \\servertargetname\logon$ *.* /W:3 /R:3 /COPY:DATSO /MIR /LOG:f:\robocopy.txt

This script is started with runas user or you can schedule it with that username & password with taskscheduler.

This script will copy all folders and security settings to the target server. So you have to make sure that the permissions are set good on the source directory.

What we did next was create a group called "Deny all users start menu" and added the group authenticated users to it. Then we added the group to the folder "All users\start menu\programs". If you set it on Start Menu they will get a empty programs in there start menu > all programs.

The startmenu script

The starmenu script is a script that was given to me by coworkers from the company were I work and a colega and I changed it. You can simply copy and paste it but all references to the company and servernames are removed :)

@echo off
rem ----------------------------------------------------------------------------
rem Set local variables.
rem ----------------------------------------------------------------------------
set __FILE__=startmenu
set LOG="%USERPROFILE%"\%__FILE__%.txt
set ERR="%USERPROFILE%"\%__FILE__%.err

rem ----------------------------------------------------------------------------
rem Quit if running on a domain controller.
rem ----------------------------------------------------------------------------
if /I "%COMPUTERNAME%" == "DC01" goto :EOF
if /I "%COMPUTERNAME%" == "DC02" goto :EOF

echo -------------------------------------------------------------------------------- > %LOG%
echo -------------------------------------------------------------------------------- > %ERR%
echo Date: %DATE% >> %LOG%
echo Date: %DATE% >> %ERR%
echo Time: %TIME% >> %LOG%
echo Time: %TIME% >> %ERR%
echo -------------------------------------------------------------------------------- >> %LOG%
echo -------------------------------------------------------------------------------- >> %ERR%

echo ----- Removing start menu for user: %USERNAME% >> %LOG%
echo ----- Removing start menu for user: %USERNAME% >> %ERR%
rd /s /q "%UserProfile%\Start Menu" >> %LOG% 2>> %ERR%

echo ----- Recreating start menu for user: %USERNAME% >> %LOG%
echo ----- Recreating start menu for user: %USERNAME% >> %ERR%
md "%UserProfile%\Start Menu" >> %LOG% 2>> %ERR%

echo ----- Copying start menu items. >> %LOG%
echo ----- Copying start menu items. >> %ERR%
if exist "%USERPROFILE%\Start Menu" xcopy /s /e /c /h /r "\\%COMPUTERNAME%\Logon$" "%USERPROFILE%\Start Menu\programs\" >> %LOG% 2>> %ERR%

echo ----- Hiding startup directory. >> %LOG%
echo ----- Hiding startup directory. >> %ERR%
if exist "%userprofile%\Start Menu\Programs\Startup" attrib +h +s "%userprofile%\Start Menu\Programs\Startup" >> %LOG% 2>> %ERR%

echo ----- Hiding %HOMEDRIVE%\windows >> %LOG%
echo ----- Hiding %HOMEDRIVE%\windows >> %ERR%
if exist "%homedrive%\windows" attrib +h +s "%homedrive%\windows" >> %LOG% 2>> %ERR%
:END