The school I work at use some software called SIMS .net. This software connects to a SQL database backend. The connection information (SQL server name, method of authentication etc) is stored in a file called connect.ini on the hard drive of each PC. Alternatively the local connect.ini can redirect to another connect.ini file located on a server to allow the administrator to easily update the settings for everyone by changing one file.
The problem with this is that if you want to have a particular group of network users who use an alternative backend database for testing purposes, or if you want a specific user to use a different authentication method (type in a username and password rather than be automatically logged on with Windows credentials) then you have to either manually update the connect.ini on the machine that they are going to use, or you have to set them up with a log in script which overwrites the connect.ini on the machine with the settings you want. You then have to give all your other users a log in script to reset the alternative connect.ini to the normal one.
It occured to me that connect.ini could be mapped using inifilemapping, which would make it possible to configure the settings that would normally be in connect.ini with a user-based GPO.
Connect.ini files contain one section called [SIMSConnection], so if you make this per-computer registry change...
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Connect.ini]
"SIMSConnection"="USR:CapitaSIMSConnection"
...then you are telling Windows that whenever it needs to see what settings are held in the [SIMSConnection] part of connect.ini then it should instead look in:
HKEY_CURRENT_USER\CapitaSIMSConnection
So you can then make this per-user registry change:
REGEDIT4
[HKEY_CURRENT_USER\CapitaSIMSConnection]
"Redirect"=-
"ServerName"="mi1"
"DatabaseName"="SIMS"
"ServerType"="SIMSSQL"
"ConnectionType"="TrustedAuto"
Here is a group policy administrative template (.adm file) for the computer-based registry settings. Just save it and load it into group policy editor as an administrative template.
CLASS MACHINE
CATEGORY !!CustomIniFileMapping
POLICY !!ConnectIni
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Connect.ini"
EXPLAIN !!ConnectIni_Explain
VALUENAME "SIMSConnection"
VALUEON "USR:CapitaSIMSConnection"
VALUEOFF DELETE
END POLICY
POLICY !!DisableAutorunInf
KEYNAME "SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf"
EXPLAIN !!DisableAutorunInf_Explain
VALUENAME ""
VALUEON "@SYS:DoesNotExist"
VALUEOFF DELETE
END POLICY
END CATEGORY
[strings]
CustomIniFileMapping="Custom Ini File Mapping"
ConnectIni="Map connect.ini"
ConnectIni_Explain="Maps SIMSConnection section of connect.ini to HKCU\CapitaSIMSConnection"
DisableAutorunInf="Map autorun.inf"
DisableAutorunInf_Explain="Maps autorun.inf to DoesNotExist"
And here is an adm file for the user settings. You could create different policies for different users to allow them to connect to different servers or have different authentication types.
CLASS USER
CATEGORY !!STP
CATEGORY !!UserMappedIniFile
POLICY !!ConnectIni
KEYNAME "CapitaSIMSConnection"
EXPLAIN !!ConnectIni_Explain
PART !!ConnectIni_ServerName EDITTEXT
VALUENAME ServerName
DEFAULT "mi1"
REQUIRED
END PART
PART !!ConnectIni_DatabaseName EDITTEXT
VALUENAME DatabaseName
DEFAULT "SIMS"
REQUIRED
END PART
PART !!ConnectIni_ServerType EDITTEXT
VALUENAME ServerType
DEFAULT "SIMSSQL"
REQUIRED
END PART
PART !!ConnectIni_ConnectionType DROPDOWNLIST
VALUENAME ConnectionType
ITEMLIST
NAME "Automatic" VALUE "TrustedAuto" DEFAULT
NAME "Choose" VALUE "Trusted"
NAME "No domain authentication" VALUE DELETE
END ITEMLIST
REQUIRED
END PART
END POLICY
END CATEGORY ;; UserMappedIniFile
[strings]
UserMappedIniFile="User mapped ini files"
ConnectIni="Connect.ini (SIMS)"
ConnectIni_Explain="Values for connect.ini"
ConnectIni_ServerName="SIMS Server name"
ConnectIni_DatabaseName="Name of SIMS database"
ConnectIni_ServerType="Server type"
ConnectIni_ConnectionType="Login/connection method"
At some point I might write a tutorial on creating ADM files if I can't find a good one to link to.
No comments:
Post a Comment