Script to detect if laptop on Office Lan or External Network.

We have a full AD network, remote offices connected via a wan (all offices use non-routable addresses 192.168 on varios subnets). We also have laptops that will be connecting to the LAN and possibly to home/hotspots.

I need a way, using VBScript if possible, of detecting if the system is on the LAN/WAN and not externally. Ping would be an option if it were not for the fact that I have, on occasions, hit the problem of false positives.

Thanks in advance..
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi, can you provide more detail about what 'external' means? Does this include or exclude VPN connections? Also, why do you need to do it? Bill.
This script will get you the networking information from any system (change the strComputer line to the name of the computer you querying).

' From the book "Windows XP Cookbook"
' ISBN: 0596007256
strComputer = "."
' ------ END CONFIGURATION ---------
set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
set colNAs = objWMI.InstancesOf("Win32_NetworkAdapter")
for each objNA in colNAs
 Wscript.Echo objNA.Name
 Wscript.Echo " Description: " & objNA.Description
 Wscript.Echo " Product Name: " & objNA.ProductName
 Wscript.Echo " Manufacturer: " & objNA.Manufacturer
 Wscript.Echo " Adapter Type: " & objNA.AdapterType
 Wscript.Echo " AutoSense: " & objNA.AutoSense
 Wscript.Echo " MAC Address: " & objNA.MACAddress
 Wscript.Echo " Maximum Speed:" & objNA.MaxSpeed
 Wscript.Echo " Conn Status: " & objNA.NetConnectionStatus
 Wscript.Echo " Service Name: " & objNA.ServiceName
 Wscript.Echo " Speed: " & objNA.Speed
 set colNACs = objWMI.ExecQuery(" select * from " & _
 " Win32_NetworkAdapterConfiguration " & _
 " where Index = " & objNA.Index)
 ' There should only be one item in colNACs
 for each objNAC in colNACs
 if IsArray(objNAC.IPAddress) then
 for each strAddress in objNAC.IPAddress
 Wscript.Echo " Network Addr: " & strAddress
 end if
 Wscript.Echo " IP Metric: " & objNAC.IPConnectionMetric
 Wscript.Echo " IP Enabled: " & objNAC.IPEnabled
 Wscript.Echo " Filter: " & objNAC.IPFilterSecurityEnabled
 Wscript.Echo " Port Security:" & objNAC.IPPortSecurityEnabled
 if IsArray(objNAC.IPSubnet) then
 for each strAddress in objNAC.IPSubnet
 Wscript.Echo " Subnet Mask: " & strAddress
 end if
 if IsArray(objNAC.DefaultIPGateway) then
 for each strAddress in objNAC.DefaultIPGateway
 Wscript.Echo " Gateway Addr: " & strAddress
 end if
 Wscript.Echo " Database Path:" & objNAC.DatabasePath
 Wscript.Echo " DHCP Enabled: " & objNAC.DHCPEnabled
 Wscript.Echo " Lease Expires:" & objNAC.DHCPLeaseExpires
 Wscript.Echo " Lease Obtained: " & objNAC.DHCPLeaseObtained
 Wscript.Echo " DHCP Server: " & objNAC.DHCPServer
 Wscript.Echo " DNS Domain: " & objNAC.DNSDomain
 Wscript.Echo " DNS For WINS: " & objNAC.DNSEnabledForWINSResolution
 Wscript.Echo " DNS Host Name:" & objNAC.DNSHostName
 if IsArray(objNAC.DNSDomainSuffixSearchorder) then
 for each strName in objNAC.DNSDomainSuffixSearchOrder
 Wscript.Echo " DNS Suffix Search Order: " & strName
 end if
 if IsArray(objNAC.DNSServerSearchOrder) then
 for each strName in objNAC.DNSServerSearchOrder
 Wscript.Echo " DNS Server Search Order: " & strName
 end if
 Wscript.Echo " Domain DNS Reg Enabled: " & _
 Wscript.Echo " Full DNS Reg Enabled: " & _
 Wscript.Echo " LMHosts Lookup: " & objNAC.WINSEnableLMHostsLookup
 Wscript.Echo " WINS Lookup File: " & objNAC.WINSHostLookupFile
 Wscript.Echo " WINS Scope ID: " & objNAC.WINSScopeID
 Wscript.Echo " WINS Primary Server: " & objNAC.WINSPrimaryServer
 Wscript.Echo " WINS Secondary: " & objNAC.WINSSecondaryServer

Open in new window

srstanley666Author Commented:
External is any network not our own LAN/WAN, so home network etc, this would be used before any user level activity i.e. as part of a machine level logon script. This is needed to apply different policy type configurations dependant on network conection e.g. on LAN/WAN use proxy configs, if not LAN/WAN remove proxy config.

Due to the nature of our WAn connections and the 4MB per policy we are looking at moving back to scripts.

Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Well, you can check by IP address, but you might run into false positives if a client machine connects to a network that happens to use the same addressing scheme as your corporate network. You could combine this with a ping to a network device on the corporate network, but this will also report a false positive for remote access VPN clients. If you want to go this route, here is a JScript script you can use. It will check if the current computer has an IP address in a comma-delimited list of network IDs, and if so, then it attempts to ping a specific host. Example usage:

isCorporate.js,, corpmail

What the above command does: If the current computer has an IP address in the,, or networks, AND it is able to ping a host called 'corpmail', the script will return an exit code of 1. Otherwise, it will return an exit code of zero.

However, as I said, this will likely return a false positive for remote VPN clients. Bill.
// isCorporate.js
// Written by Bill Stewart (
var WMI;
function pingHost(hostName) {
  var ping = new Enumerator(WMI.ExecQuery("select " +
    "PrimaryAddressResolutionStatus,StatusCode from " +
    "Win32_PingStatus where address='" + hostName + "'")).item();
  var result = ping.PrimaryAddressResolutionStatus;
  return result == 0 ? ping.StatusCode : result;
function networkID(address, mask) {
  var addressOctets = address.split(".");
  var maskOctets = mask.split(".");
  var result = new Array(addressOctets.length);
  for (var n = 0; n < addressOctets.length; n++)
    result[n] = addressOctets[n] & maskOctets[n];
  return result.join(".");
function networkIDs() {
  var ids = [];
  var configs = new Enumerator(WMI.ExecQuery("select " +
    "IPAddress,IPSubnet from Win32_NetworkAdapterConfiguration " +
    "where IPEnabled=true"));
  for (; ! configs.atEnd(); configs.moveNext()) {
    var config = configs.item();
    if ((config.IPAddress != null) && (config.IPSubnet != null)) {
      var addresses = config.IPAddress.toArray();
      var masks = config.IPSubnet.toArray();
      for (var n = 0; n < addresses.length; n++)
        ids.push(networkID(addresses[n], masks[n]));
  return ids;
function itemInArray(theArray, theItem) {
  for (var n = 0; n < theArray.length; n++) {
    if (theArray[n] == theItem)
      return true;
  return false;
function main() {
  var args = WScript.Arguments;
  if ((args.Unnamed.length < 2) || (args.Named.Exists("?"))) {
    WScript.Echo("Usage: isCorporate.js <networkIDs> <hostName>\n" +
      "\n" +
      "<networkIDs> is a comma-separated list of network IDs\n" +
      "<hostName> is the name of a host you want to ping\n" +
      "\n" +
      "If the current computer exists in any of the specified\n" +
      "network IDs and is able to ping the specified host, the\n" +
      "exit code will be 1. Otherwise, the exit code will be 0.");
    return 0;
  WMI = GetObject("winmgmts:{impersonationlevel=impersonate}!" +
  var result = false;
  var allIDs = networkIDs();
  var checkIDs = args.Unnamed.Item(0).split(/[ ,;]/);
  for (var n = 0; n < checkIDs.length; n++) {
    result = itemInArray(allIDs, checkIDs[n]);
    if (result)
  if (! result)
    return 0;
  var hostName = args.Unnamed.Item(1);
  return pingHost(hostName) == 0 ? 1 : 0;

Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
srstanley666Author Commented:
Cheers Bill.

It is begining to look like I may have to resign myself to the chance of false positives. I was hoping that there may be some sort of flag/query I can make to see if the machine actually authenticated against our AD controllers or used it's cached account but I am struggling to see anything. Funnily enough the only difference I can see between loggin on on the LAN and logging on else where is under the user environment where the HOMEDRIVE is set to a share when on and the c: drive when off, but not sure how reliable this is.
Regarding your comment about "actually authenticated against a domain controller": This test won't work with remote VPN clients, so I don't think that's going to be a foolproof test. As I queried earlier, everything depends on what you mean by "external." This is a tricky task to script, to be sure. Bill.
srstanley666Author Commented:
Bill a better explaination of what I am trying to achieve would be:

Before the user logs in, as the machine processes its startup I want to test if the network is our corporate network or not so that I can tweak the script dymanically. (things like blocking network traffic until VPN connected etc and in some cases bringing the VPN tunnel up prior to user authentication). Pinging would work but having no control over these other networks I get false positives.

What I was hoping for is some sort of flag to say that the machine has authenticated with an AD controller or is utilising cached authority. Short of this I will have to look at some sort of service on a server that will respond to a query in a unique way.

Thanks for your help so far
Hi, I believe the code in the script I posted will work for you -- it can test if the local computer is in one of a list of network IDs. If the computer is in a particular network ID, it can then ping a host. The ping test should work if you use a corporate/internal DNS name that won't resolve outside of your corporate network (e.g., dc01.local). You can use the script as a part of the computer's startup sequence (gpedit.msc -> Computer Configuration/Windows Settings/Scripts/Startup) to determine the machine's connectivity. Bill.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.