An often-missed feature of IAG is the ability to let users access shares on internal servers when connecting to the IAG portal. This is done using the drive mapping application, which activates the SSL-VPN component of IAG and performs a NET USE command to pre-defined shares. It is particularly useful to create such a mapping to a company-wide file share and set this to launch automatically upon portal logon, but it does require some attention to work properly.

The 1st thing one should know is that this mapping only works on Windows 2000, XP and 2003. It does not work on Vista or Server 2008 clients. Secondly, for this feature to work, the computer needs to have NetBios’ SmbDeviceEnabled registry key set to 0. The easiest way to set this is to create the “Drive Mapping Setup” application, which creates this registry key when launched. This application needs to be launched only once on each client, and requires the computer the be rebooted afterwards. To create this application, follow these steps:

  1. Open the IAG configuration console.
  2. Go to the relevant trunk
  3. Click Add and check Client/Server and Legacy Applications
  4. From the drop-down, select Local Drive Mapping Setup (Windows XP/2003)
  5. Give the application a name and set the access policy
  6. If you’d like, set the application to launch automatically on start, but keep in mind that it will always prompt the user to reboot the computer even if the settings are already in place and a reboot is not necessary.

another way to set this registry key is by simply editing the registry. To do this, open the registry editor on the client computer and create the DWORD value SmbDeviceEnabled under the key HKLM\System\CurrentControlSet\Services\NetBT\Parameters (the value's data should be 0, which is the default). This also requires a reboot of the client, which can be done using a script. The following VB Script detects if the key already exists, and only if it does not it creates it and reboots the computer:

 

on error resume next
Set WshShell = WScript.CreateObject("WScript.Shell")
iSMB = WshShell.RegRead("HKLM\System\CurrentControlSet\Services\NetBT\Parameters\SmbDeviceEnabled")
if err.number <> 0 then 'key does not exist, write it and reboot
    iSMBWrite = WshShell.RegWrite("HKLM\System\CurrentControlSet\Services\NetBT\Parameters\SmbDeviceEnabled","00000000", "REG_DWORD")
    strWinDir = WshShell.ExpandEnvironmentStrings("%windir%")
    WshShell.Run  strWinDir  & "\system32\shutdown.exe -r -t 0"
end if

To use this script, paste the code into a file with the extension .VBS, and have your users run it.

The local drive mapping application can be created as many times as needed, thereby mapping several drives. Another interesting thing that can be done is customizing the template file to perform other batch commands. The file that performs the mapping is located here:
c:\whale-com\e-gap\von\conf\sslvpntemplates.xml

At line 270 in this file, you can find the dos batch commands that are performed, and additional commands can be added – for example, to run some script or execute a program. Just be sure not to edit the file directly, but to copy it into the CustomUpdate folder and then edit the copy, as is the standard procedure with all IAG customizations. After the modifications has been done, the configuration needs to be activated, with “Apply changes made to external configuration files” checked.