A-D Integration allows the administrator to control access to the resource through Active Directory User Group membership, User OU membership, and Computer OU membership. Multiple groups and OUs can be specified in the access controls to precisely define access to a resource. Multiple levels of access control are available, including:
- Required Membership - The user must be a member of at least one of several defined groups or OUs.
- Mandatory Membership - The user must be a member of all of the specified groups.
- Excluded Membership - The user must not be a member of excluded groups or OUs. Groups and OUs can be excluded individually, and can be specified in Required or Mandatory sets.
- Reverse Action - Access to a specified resource can be granted when a user does not meet the access criteria, or denied when they do meet the criteria.
An additional authorization method allows matching on any Active Directory attribute. For example, if a user's "Manager" attribute equals "Tom Smythe", the resource will be processed. This allows very complex mapping logic to be defined without any additional programming!
Data Rewriting permits the path to the network resource to be dynamically modified based on certain environmental parameters. Imagine a customer with 200 locations, and each location maps the L: drive to a local server. This would be 200 logic blocks in a typical VBScript, but with the ULS, there is one resource to define the mapping to L: and a 200 line table that relates a site identifier (Site, Subnet, OU, etc) to a specific UNC path. The advantage is two-fold - just one logic process to parse, and a simple lookup table to define. Additions, deletions, and changes are made simply to the lookup table!
There are eleven forms of Data Rewriting, including.
- Replace a Rewrite tag with the user's login ID.
- Replace a Rewrite tag with lookup data based on the user's login ID.
- Replace a Rewrite tag with the A-D Site name.
- Replace a Rewrite tag with lookup data based on the A-D site name.
- Replace a Rewrite tag with the User's A-D OU name.
- Replace a Rewrite tag with lookup data based on the User's A-D OU name.
- Replace a Rewrite tag with with the Computer's A-D OU name.
- Replace a Rewrite tag with lookup data based on the Computer's A-D OU name.
- Replace a Rewrite tag with with the Computer's host name.
- Replace a Rewrite tag with lookup data based on the Computer's host name.
- Replace a Rewrite tag with lookup data based on the computer's network address.
By using these Rewriting features, you can eliminate dozens or even hundreds of lines of IF or CASE statements in your login scripts, replacing them with simple lookup records. This feature also lets you map to a shared resource based on sets of users that aren't in a common A-D group or OU! Data Rewriting can be applied to the PATH and Description values of all resources, and to the command and argument values of command resources for a high level of customization.
Customizable User Interface allows the script to run with simple status messages (default), silent (only errors are displayed), or a fully customized interface. A sample interface module is included which provides administrators with a starting point for creating a user interface with as much or as little information as they desire. This customization is above and beyond the standard language customization that is available.
Extensible Coding Model
Custom logic can be added to the script to provide additional authorization methods. This code is fully documented and several example script modules are provided. This has been used to accommodate unusual or specific requirements, such as allowing access when the computer name contains specific text strings. This has been used in educational environments to identify an instructor workstation.
Server-Specific Configuration Files
This feature is especially useful for RDS and Citrix farms! When a user logs on to a RDS/Citrix platform and a configuration file matching the server's name is found, the settings in that file can be used to replace, override, or merge with the settings in the standard configuration file. This helps provide a consistent user environment whether logging into a desktop or terminal server platform, with special (extra or just different) mappings on the RDS/Citrix host.