Solved

Disable service or startup program based on hardware profile?

Posted on 2004-04-23
7
829 Views
Last Modified: 2010-04-13
I want to disable the VPN client for my users when they attach to the LAN.  I want it always active when they are off the LAN.
two ways stop the client.  Moving MUVPN icon out of the start menu.  OR stopping two services that are installed w/ the client.

I do not want the clients to enable/disable manually.  I am afraid they will forget to enable it and I want all traffic comeing
back to our main office for security purposes.   If the client is active while on the LAN no network resources work.

Know a way I can do this via group policy?
Or a script that can tell if the Laptop is docked or something? (maybe by hardware profile?)

I dont expect it to be able to tell if its on the network. I would be satisfied if when it is docked it would be disabled,
and enabled when not docked.

0
Comment
Question by:Eric
  • 4
  • 2
7 Comments
 
LVL 84

Expert Comment

by:oBdA
ID: 10901963
The solution is already in your subject: You can use hardware profiles. ;)
Right-click "My Computer", choose "Properties", go to the "Hardware" tab, click "Hardware Profiles".
Highlight the "Profile 1", click "Copy".
Name the old profile "LAN connection", name the new one "VPN connection" (or whatever is likely to be understood by your users).
Depending on your users again, choose a boot method (whether you want the machine to wait indefinitely for a choice to be made, or to choose a default connection after some time).
Then start services.msc, and disable the two services for the "LAN connection" profile (in the properties of the service, at the "Logon" tab).
The user will now be offered a choice of the two profiles when booting.
0
 
LVL 11

Author Comment

by:Eric
ID: 10903067
heh. See I know enough to know what to ask.  I did not know services are hardware profile dependent.  Sounds like exactly what I need.
It already has 2 proflies created by DELL.  One is "docked"  the other is "undocked"  I do not know what the differences are besides
one enables the onboard NIC and the other enables the docking stations NIC (while disableing the opposite)

I will give this a shot.   I wonder what would happen if they choose docked when its not docked :o
it does nto give you the option to choose even though it should bythe settings dictated in hardware profiles.

PS: this site needs spellchecking :)
0
 
LVL 11

Author Comment

by:Eric
ID: 10904142
This is not working for me.
I change the default status of the undocked profile to auto and docked to manual.
however which ever one I set last is true for both profiles.  As if it has nothing to do with profiles. :(

ideas?
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 7

Expert Comment

by:PaulADavis
ID: 10904476
if the vpn client runs as a  service.... make a little batch file with - net stop service_name for the users.... name it something like 'in the office'.

have the users click on that when they are in the office to disable the vpn client, or set it as a scheduled task.

a little unconventional, but it could work :-)
0
 
LVL 11

Author Comment

by:Eric
ID: 10905308
I dont want them to have to remember because they wont.  I will no longer be allowing direct internet access to people whom work on the LAN.  It has to be active when they are not in the office w/o there interaction
0
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 10913377
If I understood you correctly ("undocked profile to auto and docked to manual"), you're looking at the wrong tab in the services configuration. Don't use the "General" tab, use the "Logon" tab to enable/disable services in certain hardware profiles. You'll find a list of your available hardware profiles at the bottom; highlight the "Docked" profile and click on "Deactivate" for your services.

Maybe of use for you:

HOW TO: Create Hardware Profiles on Windows-Based Mobile Computers
http://support.microsoft.com/?kbid=225810

Service Does Not Start and Displays "Error 1058"
http://support.microsoft.com/?kbid=241584
0
 
LVL 11

Author Comment

by:Eric
ID: 10923014
Thanks.  Its working to perfection, plus i gained another useful general knowledge of windows that will help me in other situations.

0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question