srstanley666
asked on
Script to detect if laptop on Office Lan or External Network.
We have a full AD network, remote offices connected via a wan (all offices use non-routable addresses 192.168 on varios subnets). We also have laptops that will be connecting to the LAN and possibly to home/hotspots.
I need a way, using VBScript if possible, of detecting if the system is on the LAN/WAN and not externally. Ping would be an option if it were not for the fact that I have, on occasions, hit the problem of false positives.
Thanks in advance..
I need a way, using VBScript if possible, of detecting if the system is on the LAN/WAN and not externally. Ping would be an option if it were not for the fact that I have, on occasions, hit the problem of false positives.
Thanks in advance..
Hi, can you provide more detail about what 'external' means? Does this include or exclude VPN connections? Also, why do you need to do it? Bill.
This script will get you the networking information from any system (change the strComputer line to the name of the computer you querying).
' From the book "Windows XP Cookbook"
' ISBN: 0596007256
' ------ SCRIPT CONFIGURATION ------
strComputer = "."
' ------ END CONFIGURATION ---------
set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
set colNAs = objWMI.InstancesOf("Win32_NetworkAdapter")
for each objNA in colNAs
Wscript.Echo objNA.Name
Wscript.Echo " Description: " & objNA.Description
Wscript.Echo " Product Name: " & objNA.ProductName
Wscript.Echo " Manufacturer: " & objNA.Manufacturer
Wscript.Echo " Adapter Type: " & objNA.AdapterType
Wscript.Echo " AutoSense: " & objNA.AutoSense
Wscript.Echo " MAC Address: " & objNA.MACAddress
Wscript.Echo " Maximum Speed:" & objNA.MaxSpeed
Wscript.Echo " Conn Status: " & objNA.NetConnectionStatus
Wscript.Echo " Service Name: " & objNA.ServiceName
Wscript.Echo " Speed: " & objNA.Speed
set colNACs = objWMI.ExecQuery(" select * from " & _
" Win32_NetworkAdapterConfiguration " & _
" where Index = " & objNA.Index)
' There should only be one item in colNACs
for each objNAC in colNACs
if IsArray(objNAC.IPAddress) then
for each strAddress in objNAC.IPAddress
Wscript.Echo " Network Addr: " & strAddress
next
end if
Wscript.Echo " IP Metric: " & objNAC.IPConnectionMetric
Wscript.Echo " IP Enabled: " & objNAC.IPEnabled
Wscript.Echo " Filter: " & objNAC.IPFilterSecurityEnabled
Wscript.Echo " Port Security:" & objNAC.IPPortSecurityEnabled
if IsArray(objNAC.IPSubnet) then
for each strAddress in objNAC.IPSubnet
Wscript.Echo " Subnet Mask: " & strAddress
next
end if
if IsArray(objNAC.DefaultIPGateway) then
for each strAddress in objNAC.DefaultIPGateway
Wscript.Echo " Gateway Addr: " & strAddress
next
end if
Wscript.Echo " Database Path:" & objNAC.DatabasePath
Wscript.Echo " DHCP Enabled: " & objNAC.DHCPEnabled
Wscript.Echo " Lease Expires:" & objNAC.DHCPLeaseExpires
Wscript.Echo " Lease Obtained: " & objNAC.DHCPLeaseObtained
Wscript.Echo " DHCP Server: " & objNAC.DHCPServer
Wscript.Echo " DNS Domain: " & objNAC.DNSDomain
Wscript.Echo " DNS For WINS: " & objNAC.DNSEnabledForWINSResolution
Wscript.Echo " DNS Host Name:" & objNAC.DNSHostName
if IsArray(objNAC.DNSDomainSuffixSearchorder) then
for each strName in objNAC.DNSDomainSuffixSearchOrder
Wscript.Echo " DNS Suffix Search Order: " & strName
next
end if
if IsArray(objNAC.DNSServerSearchOrder) then
for each strName in objNAC.DNSServerSearchOrder
Wscript.Echo " DNS Server Search Order: " & strName
next
end if
Wscript.Echo " Domain DNS Reg Enabled: " & _
objNAC.DomainDNSRegistrationEnabled
Wscript.Echo " Full DNS Reg Enabled: " & _
objNAC.FullDNSRegistrationEnabled
Wscript.Echo " LMHosts Lookup: " & objNAC.WINSEnableLMHostsLookup
Wscript.Echo " WINS Lookup File: " & objNAC.WINSHostLookupFile
Wscript.Echo " WINS Scope ID: " & objNAC.WINSScopeID
Wscript.Echo " WINS Primary Server: " & objNAC.WINSPrimaryServer
Wscript.Echo " WINS Secondary: " & objNAC.WINSSecondaryServer
next
WScript.Echo
next
ASKER
External is any network not our own LAN/WAN, so home network etc, this would be used before any user level activity i.e. as part of a machine level logon script. This is needed to apply different policy type configurations dependant on network conection e.g. on LAN/WAN use proxy configs, if not LAN/WAN remove proxy config.
Due to the nature of our WAn connections and the 4MB per policy we are looking at moving back to scripts.
Due to the nature of our WAn connections and the 4MB per policy we are looking at moving back to scripts.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cheers Bill.
It is begining to look like I may have to resign myself to the chance of false positives. I was hoping that there may be some sort of flag/query I can make to see if the machine actually authenticated against our AD controllers or used it's cached account but I am struggling to see anything. Funnily enough the only difference I can see between loggin on on the LAN and logging on else where is under the user environment where the HOMEDRIVE is set to a share when on and the c: drive when off, but not sure how reliable this is.
It is begining to look like I may have to resign myself to the chance of false positives. I was hoping that there may be some sort of flag/query I can make to see if the machine actually authenticated against our AD controllers or used it's cached account but I am struggling to see anything. Funnily enough the only difference I can see between loggin on on the LAN and logging on else where is under the user environment where the HOMEDRIVE is set to a share when on and the c: drive when off, but not sure how reliable this is.
Regarding your comment about "actually authenticated against a domain controller": This test won't work with remote VPN clients, so I don't think that's going to be a foolproof test. As I queried earlier, everything depends on what you mean by "external." This is a tricky task to script, to be sure. Bill.
ASKER
Bill a better explaination of what I am trying to achieve would be:
Before the user logs in, as the machine processes its startup I want to test if the network is our corporate network or not so that I can tweak the script dymanically. (things like blocking network traffic until VPN connected etc and in some cases bringing the VPN tunnel up prior to user authentication). Pinging would work but having no control over these other networks I get false positives.
What I was hoping for is some sort of flag to say that the machine has authenticated with an AD controller or is utilising cached authority. Short of this I will have to look at some sort of service on a server that will respond to a query in a unique way.
Thanks for your help so far
Before the user logs in, as the machine processes its startup I want to test if the network is our corporate network or not so that I can tweak the script dymanically. (things like blocking network traffic until VPN connected etc and in some cases bringing the VPN tunnel up prior to user authentication). Pinging would work but having no control over these other networks I get false positives.
What I was hoping for is some sort of flag to say that the machine has authenticated with an AD controller or is utilising cached authority. Short of this I will have to look at some sort of service on a server that will respond to a query in a unique way.
Thanks for your help so far
Hi, I believe the code in the script I posted will work for you -- it can test if the local computer is in one of a list of network IDs. If the computer is in a particular network ID, it can then ping a host. The ping test should work if you use a corporate/internal DNS name that won't resolve outside of your corporate network (e.g., dc01.local). You can use the script as a part of the computer's startup sequence (gpedit.msc -> Computer Configuration/Windows Settings/Scripts/Startup) to determine the machine's connectivity. Bill.