|
|
|||||||
This initially started as a way of blocking users from connecting to hotspots. user will probably need local admin, or you could run this under system acct, but that will not have access to the VPN group membership. Code: ; ; Script will not run if user is member of VPN group ; Disconnection is issued as DHCP release ; Script will provide details for network disconnections to "IT_Staff" ; All networks that are NOT in DHCP 192.92.0.0 will disconnected ; All connections, wired and wireless, are subject to disconnection ; break on if not ingroup('VPN') ; ********** To detect an existing connection prior to this script's execution $objWMIService = GetObject("winmgmts:\\.\root\cimv2") $colItems = $objWMIService.ExecQuery("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True") For Each $objItem in $colItems $arrIPAddresses = $objItem.IPAddress For Each $strAddress in $arrIPAddresses if left($strAddress,6)<>'0.0.0.' and left($strAddress,6)<>'192.92' $nul = $objItem.ReleaseDHCPLease() $err = @serror + ': Releasing ' if ingroup("IT_Staff") $nul = messagebox($objItem.Description+@crlf+$strAddress+@crlf+$err,'Network Connection Denied',0) endif $nul = messagebox("You have attempted to connect to an unauthorized network."+@crlf+"Please contact IT Helpdesk at 866-123-4567 for assistance",'Network Connection Denied',0) EndIf Next Next ; ********** To detect new connection attempts since this script's execution $Query = "SELECT * FROM __InstanceOperationEvent WITHIN 5 WHERE TargetInstance ISA 'Win32_NetworkAdapterConfiguration' and targetInstance.IPEnabled = true" $objEvents = GetObject("winmgmts:\\.\root\cimv2").ExecNotificationQuery($query) While 1 $objConnectEvent = $objEvents.nextevent $aIPAddress = $objConnectEvent.TargetInstance.IPAddress For Each $sAddress in $aIPAddress if left($sAddress,6)<>'0.0.0.' and left($sAddress,6)<>'192.92' $release = $objConnectEvent.TargetInstance.ReleaseDHCPLease() $err = @serror + ': Releasing ' if ingroup("IT_Staff") $nul = messagebox($objConnectEvent.TargetInstance.Description+@crlf+$sAddress+@crlf+$err,'Network Connection Denied',0) endif $nul = messagebox("You have attempted to connect to an unauthorized network."+@crlf+"Please contact IT Helpdesk at 866-123-4567 for assistance",'Wireless Network Connection Denied',0) endif Next loop endif |
||||||||
|
|
|||||||
Nice So how is this executed? |
||||||||
|
|
|||||||
run it with wkix at logon... I wrapped it with iexpress and call it from HKLM\...\run the second part loops and checks for new connections every 5 seconds |