The following sections contain sample script that you can use and modify:
'This script is to run at startup of the Endpoint Security Client.
'The script creates a desktop and program files shortcut that is linked to a VBScript file that the script also creates. The VBScript is located in the Endpoint Security Client installation folder. It sets a registry entry to TRUE. A second script, included in the policy, reads this registry entry. If the entry is TRUE, it launches the dialog box that allows the user to control wireless adapters.This script also disables wireless adapters at startup. Per customer request, Modems are also disabled because the 3G wireless card instantiate as modems.
'*************** Global Varialbles set WshShell = CreateObject ("WScript.Shell") Dim strStartMenu strStartMenu = WshShell.SpecialFolders("AllUsersPrograms") Dim strDesktop strDesktop = WshShell.SpecialFolders("AllUsersDesktop") '*************** Main Loop DisableWirelessAdapters() CreateStartMenuFolder() CreateStartMenuProgramFilesShortcut() CreateDesktopAllUsersShortcut() CreateVbsFileToWriteRegEntry() '*************** Functions to do each action Function DisableWirelessAdapters() Dim ret 'NOTE: 1 means this action can be undone on a location change if the policy allows ' 0 means this action can be undone on a policy update if the policy allows ret = Action.WiFiDisabledState(eDisableAccess, 1) Action.Trace("Disallow Wi-Fi = " & ret) 'Again, per the customer request, Modems will be disabled to deal with 3G wireless cards that act as modems in the network stack ret = Action.DialupDisabledState ( eDisableAccess , 1 ) Action.Trace("Disallow Modem = " & ret) End Function Function CreateStartMenuProgramFilesShortcut() 'create the Start Menu folder and then create the shortcut set oShellLinkStartMenu = WshShell.CreateShortcut (strStartMenu & "\Novell\Enable Wireless Adapter Control.lnk") oShellLinkStartMenu.TargetPath = "C:\Program Files\Novell ZENworks\Endpoint Security Client\wareg.vbs" oShellLinkStartMenu.WindowStyle = 1 oShellLinkStartMenu.Hotkey = "CTRL+SHIFT+W" oShellLinkStartMenu.IconLocation = "C:\Program Files\Novell ZENworks\Endpoint Security Client\STEngine.exe, 0" oShellLinkStartMenu.Description = "Launch Novell Wireless Adapter Control Dialog Box" oShellLinkStartMenu.WorkingDirectory = "C:\Program Files\Novell ZENworks\Endpoint Security Client" oShellLinkStartMenu.Save End Function Function CreateDesktopAllUsersShortcut() 'create the desktop folder shortcut set oShellLinkDesktop = WshShell.CreateShortcut (strDesktop & "\Enable Wireless Adapter Control.lnk") oShellLinkDesktop.TargetPath = "C:\Program Files\Novell ZENworks\Endpoint Security Client\wareg.vbs" oShellLinkDesktop.WindowStyle = 1 oShellLinkDesktop.Hotkey = "CTRL+SHIFT+W" oShellLinkDesktop.IconLocation = "C:\Program Files\Novell ZENworks\Endpoint Security Client\STEngine.exe, 0" oShellLinkDesktop.Description = "Launch Novell Wireless Adapter Control Dialog Box" oShellLinkDesktop.WorkingDirectory = "C:\Program Files\Novell ZENworks\Endpoint Security Client" oShellLinkDesktop.Save End Function Function CreateVbsFileToWriteRegEntry() 'First build the VBScript file to write the registry key Dim pathToTempVbsFile pathToTempVbsFile = "C:\Program Files\Novell ZENworks\Endpoint Security Client\wareg.vbs" Dim ofileSysObj, fileHandle set ofileSysObj = CreateObject ( "Scripting.FileSystemObject" ) set fileHandle = ofileSysObj.CreateTextFile ( pathToTempVbsFile , true ) fileHandle.WriteLine "Dim WshShell" fileHandle.WriteLine "Set WshShell = CreateObject(""WScript.Shell"")" fileHandle.WriteLine "WshShell.RegWrite ""HKLM\SOFTWARE\Novell\MSC\STUWA"", ""true"", ""REG_SZ""" fileHandle.Close Action.Trace ("Wrote the VBScript file to: " + pathToTempVbsFile ) End Function Function CreateStartMenuFolder Dim fso, f, startMenuSenforceFolder startMenuSenforceFolder = strStartMenu & "\Novell" Set fso = CreateObject("Scripting.FileSystemObject") If (fso.FolderExists(startMenuSenforceFolder)) Then Action.Trace(startMenuSenforceFolder & " Already exists, so NOT creating it.") Else Action.Trace("Creating folder: " & startMenuSenforceFolder) Set f = fso.CreateFolder(startMenuSenforceFolder) CreateFolderDemo = f.Path End If End Function
// Disable Wired and Wireless if Dialup is connection // Disable Modem and Wired if Wireless is connected // Disable Modem and Wireless if Wired is connected // Reenable all hardware (based off policy settings) if there are NO active network connections //NOTE: The order for checking sets the precedence for allowed connections // As coded below, Wired is first, then Wireless, then Modem. So if // you have both a wired and modem connection when this script is // launched, then the modem will be disabled (i.e. the wired is preferred) var CurLoc = Query.LocationName; Action.Trace("CurLoc is: " + CurLoc); if (CurLoc == "Desired Location") {//only run this script if the user is in the desired location. This MUST MATCH the exact name of the location in the policy } var Wired = Query.IsAdapterTypeConnected( eWIRED ); Action.Trace("Connect Status of Wired is: " + Wired); var Wireless = Query.IsAdapterTypeConnected( eWIRELESS ); Action.Trace("Connect Status of Wireless is: " + Wireless ); var Dialup = Query.IsAdapterTypeConnected( eDIALUPCONN ); Action.Trace("Connect Status of Dialup is: " + Dialup ); var wiredDisabled = Query.IsWiredDisabled(); Action.Trace("Query on WiredDisabled is: " + wiredDisabled ); var wifiDisabled = Query.IsWiFiDisabled(); Action.Trace("Query on WifiDisabled is: " + wifiDisabled ); var dialupDisabled = Query.IsDialupDisabled(); Action.Trace("Query on DialupDisabled is: " + dialupDisabled ); //check if there is a wired connection if (Wired) { Action.Trace ("Wired Connection Only!"); Action.DialupDisabledState ( eDisableAccess , 0 ); Action.WiFiDisabledState ( eDisableAccess , 0) ; //alternative call //Action.EnableAdapterType (false, eDIALUPCONN ); //Action.EnableAdapterType (false, eWIRELESS ); } else { Action.Trace("NO Wired connection found."); } //check if there is a wireless connection if (Wireless) { Action.Trace ("Wireless Connection Only!"); Action.WiredDisabledState ( eDisableAccess , 0); Action.DialupDisabledState ( eDisableAccess , 0); //alternative call //Action.EnableAdapterType (false, eDIALUPCONN ); //Action.EnableAdapterType (false, eWIRED ); } else { Action.Trace("NO Wireless connection found."); } //check if there is a modem connection if (Dialup) { Action.Trace ("Dialup Connection Only!"); Action.WiredDisabledState ( eDisableAccess , 0); Action.WiFiDisabledState ( eDisableAccess , 0); //alternative call //Action.EnableAdapterType (false, eWIRED ); //Action.EnableAdapterType (false, eWIRELESS ); } else { Action.Trace("NO Dialup connection found."); } if (( !Wired ) && ( !Wireless ) && ( !Dialup )) {//Apply Global settings so you don't override policy settings Action.Trace("NO connections so, enable all"); Action.DialupDisabledState ( eApplyGlobalSetting , 1); Action.WiredDisabledState ( eApplyGlobalSetting , 1); Action.WiFiDisabledState ( eApplyGlobalSetting , 1); }
The Stamp Once script enforces a single network environment save at a designated location. When users enter the desired network environment, they should be instructed to switch to the location assigned below and then perform a network environment save . After this environment has been saved, the Endpoint Security Client does not permit additional network environments to be saved at that location.
NOTE:This script works best when used for an environment that will likely not change its network parameters (for example, an end-user’s home network or a satellite office). If network identifiers change (IP or MAC addresses) the Endpoint Security Client might not be able to recognize the location and remains in the default Unknown location.
To initiate the Stamp Once Script:
Under Locations, create or select the location that will use the Stamp Once functionality.
Under User Permissions, uncheck Save Network Environment.
Associate the Stamp Once scripting rule to this policy.
Set the triggering event to Location Change: Activate when switching to. Select the configured location from the previous steps.
Open the location_locked variable and select the same location.