6.5 Sample Scripts

The following sections contain sample script that you can use and modify:

6.5.1 Create Registry Shortcut (VB Script)

'This script is to run at startup of the Endpoint Security Client.

'The script creates a desktop and program files shortcut that is linked to a VBScript file that the script also creates. The VBScript is located in the Endpoint Security Client installation folder. It sets a registry entry to TRUE. A second script, included in the policy, reads this registry entry. If the entry is TRUE, it launches the dialog box that allows the user to control wireless adapters.This script also disables wireless adapters at startup. Per customer request, Modems are also disabled because the 3G wireless card instantiate as modems.

'*************** Global Varialbles
set WshShell = CreateObject ("WScript.Shell")
Dim strStartMenu
strStartMenu = WshShell.SpecialFolders("AllUsersPrograms")
Dim strDesktop
strDesktop = WshShell.SpecialFolders("AllUsersDesktop")

'*************** Main Loop
DisableWirelessAdapters()
CreateStartMenuFolder()
CreateStartMenuProgramFilesShortcut()
CreateDesktopAllUsersShortcut()
CreateVbsFileToWriteRegEntry()


'*************** Functions to do each action
Function DisableWirelessAdapters()
   Dim ret
   'NOTE:    1 means this action can be undone on a location change if
the policy allows
   '      0 means this action can be undone on a policy update if the policy allows 
   ret = Action.WiFiDisabledState(eDisableAccess, 1)
   Action.Trace("Disallow Wi-Fi = " & ret)
   'Again, per the customer request, Modems will be disabled to deal with 3G wireless cards that act as modems in the network stack
   ret = Action.DialupDisabledState ( eDisableAccess , 1 )
   Action.Trace("Disallow Modem = " & ret)
End Function

Function CreateStartMenuProgramFilesShortcut()
   'create the Start Menu folder and then create the shortcut
   set oShellLinkStartMenu = WshShell.CreateShortcut (strStartMenu & "\Novell\Enable Wireless Adapter Control.lnk")
   oShellLinkStartMenu.TargetPath = "C:\Program Files\Novell ZENworks\Endpoint Security Client\wareg.vbs"
   oShellLinkStartMenu.WindowStyle = 1
   oShellLinkStartMenu.Hotkey = "CTRL+SHIFT+W"
   oShellLinkStartMenu.IconLocation = "C:\Program Files\Novell ZENworks\Endpoint Security Client\STEngine.exe, 0"
   oShellLinkStartMenu.Description = "Launch Novell Wireless Adapter Control Dialog Box"
   oShellLinkStartMenu.WorkingDirectory = "C:\Program Files\Novell ZENworks\Endpoint Security Client"
   oShellLinkStartMenu.Save
End Function

Function CreateDesktopAllUsersShortcut()
   'create the desktop folder shortcut
   set oShellLinkDesktop = WshShell.CreateShortcut (strDesktop & "\Enable Wireless Adapter Control.lnk")
   oShellLinkDesktop.TargetPath = "C:\Program Files\Novell ZENworks\Endpoint
Security Client\wareg.vbs"
   oShellLinkDesktop.WindowStyle = 1
   oShellLinkDesktop.Hotkey = "CTRL+SHIFT+W"
   oShellLinkDesktop.IconLocation = "C:\Program
Files\Novell ZENworks\Endpoint Security Client\STEngine.exe, 0"
   oShellLinkDesktop.Description = "Launch Novell Wireless Adapter
Control Dialog Box"
   oShellLinkDesktop.WorkingDirectory = "C:\Program
Files\Novell ZENworks\Endpoint Security Client"
   oShellLinkDesktop.Save
End Function

Function CreateVbsFileToWriteRegEntry()
   'First build the VBScript file to write the registry key
   Dim pathToTempVbsFile 
   pathToTempVbsFile = "C:\Program Files\Novell ZENworks\Endpoint Security Client\wareg.vbs"
   Dim ofileSysObj, fileHandle
   set ofileSysObj = CreateObject ( "Scripting.FileSystemObject" )
   set fileHandle = ofileSysObj.CreateTextFile ( pathToTempVbsFile , true )
   fileHandle.WriteLine "Dim WshShell"
   fileHandle.WriteLine "Set WshShell = CreateObject(""WScript.Shell"")"
   fileHandle.WriteLine "WshShell.RegWrite ""HKLM\SOFTWARE\Novell\MSC\STUWA"", ""true"", ""REG_SZ""" 
   fileHandle.Close
   Action.Trace ("Wrote the VBScript file to: " + pathToTempVbsFile )
End Function

Function CreateStartMenuFolder
     Dim fso, f, startMenuSenforceFolder
    startMenuSenforceFolder = strStartMenu & "\Novell" 
   Set fso = CreateObject("Scripting.FileSystemObject")
   If (fso.FolderExists(startMenuSenforceFolder)) Then
      Action.Trace(startMenuSenforceFolder & " Already exists, so NOT creating it.")
   Else
      Action.Trace("Creating folder: " & startMenuSenforceFolder)
         Set f = fso.CreateFolder(startMenuSenforceFolder)
         CreateFolderDemo = f.Path
   End If
End Function

6.5.2 Allow Only One Connection Type (JScript)

// Disable Wired and Wireless if Dialup is connection
// Disable Modem and Wired if Wireless is connected
// Disable Modem and Wireless if Wired is connected
// Reenable all hardware (based off policy settings) if there are NO active network connections

//NOTE:  The order for checking sets the precedence for allowed connections
//    As coded below, Wired is first, then Wireless, then Modem.  So if
//    you have both a wired and modem connection when this script is
//    launched, then the modem will be disabled (i.e. the wired is preferred)

var CurLoc = Query.LocationName;
Action.Trace("CurLoc is: " + CurLoc);
if (CurLoc ==  "Desired Location")
{//only run this script if the user is in the desired location.  This MUST MATCH the exact name of the location in the policy
}

var Wired = Query.IsAdapterTypeConnected( eWIRED );
Action.Trace("Connect Status of Wired is: " + Wired);
var Wireless = Query.IsAdapterTypeConnected( eWIRELESS );
Action.Trace("Connect Status of Wireless is: " + Wireless );
var Dialup = Query.IsAdapterTypeConnected( eDIALUPCONN );
Action.Trace("Connect Status of Dialup is: " + Dialup );

var wiredDisabled = Query.IsWiredDisabled();
Action.Trace("Query on WiredDisabled is: " + wiredDisabled );

var wifiDisabled = Query.IsWiFiDisabled();
Action.Trace("Query on WifiDisabled is: " + wifiDisabled );

var dialupDisabled = Query.IsDialupDisabled();
Action.Trace("Query on DialupDisabled is: " + dialupDisabled );

//check if there is a wired connection
if (Wired)
{
   Action.Trace ("Wired Connection Only!");
   Action.DialupDisabledState ( eDisableAccess , 0 );
   Action.WiFiDisabledState ( eDisableAccess , 0) ;
   //alternative call
   //Action.EnableAdapterType (false, eDIALUPCONN );
   //Action.EnableAdapterType (false, eWIRELESS );
}
else
{
   Action.Trace("NO Wired connection found.");
}

//check if there is a wireless connection
if (Wireless)
{
   Action.Trace ("Wireless Connection Only!");
   Action.WiredDisabledState ( eDisableAccess , 0);
   Action.DialupDisabledState ( eDisableAccess , 0);
   //alternative call
   //Action.EnableAdapterType (false, eDIALUPCONN );
   //Action.EnableAdapterType (false, eWIRED );
}
else
{
   Action.Trace("NO Wireless connection found.");
}

//check if there is a modem connection
if (Dialup)
{
   Action.Trace ("Dialup Connection Only!");
   Action.WiredDisabledState ( eDisableAccess , 0);
   Action.WiFiDisabledState ( eDisableAccess , 0);
   //alternative call
   //Action.EnableAdapterType (false, eWIRED );
   //Action.EnableAdapterType (false, eWIRELESS );
}
else
{
   Action.Trace("NO Dialup connection found.");
}
if (( !Wired ) && ( !Wireless ) && ( !Dialup ))
{//Apply Global settings so you don't override policy settings
   Action.Trace("NO connections so, enable all");
   Action.DialupDisabledState ( eApplyGlobalSetting , 1);
   Action.WiredDisabledState ( eApplyGlobalSetting , 1);
   Action.WiFiDisabledState ( eApplyGlobalSetting , 1);
}

6.5.3 Stamp Once Script

The Stamp Once script enforces a single network environment save at a designated location. When users enter the desired network environment, they should be instructed to switch to the location assigned below and then perform a network environment save . After this environment has been saved, the Endpoint Security Client does not permit additional network environments to be saved at that location.

NOTE:This script works best when used for an environment that will likely not change its network parameters (for example, an end-user’s home network or a satellite office). If network identifiers change (IP or MAC addresses) the Endpoint Security Client might not be able to recognize the location and remains in the default Unknown location.

To initiate the Stamp Once Script:

  1. Under Locations, create or select the location that will use the Stamp Once functionality.

  2. Under User Permissions, uncheck Save Network Environment.

  3. Associate the Stamp Once scripting rule to this policy.

  4. Set the triggering event to Location Change: Activate when switching to. Select the configured location from the previous steps.

  5. Open the location_locked variable and select the same location.