Sample Quarantine Script

Back to MS-2824   Back to Students' Resources   Training Home

The following is an example quarantine script written as a batch file named Script.bat that provides a framework for testing network policy compliance. From the CM profile, Script.bat is run as a post-connect action using the following command line (as configured from the New Connect Action dialog box of the CMAK Wizard):

script.bat %DialRasEntry% %TunnelRasEntry% %Domain% %UserName%

The value of the %DialRasEntry% CM variable becomes the %1 variable in the batch file. The value of the %TunnelRasEntry% CM variable becomes the %2 variable in the batch file. The value of the %Domain% CM variable becomes the %3 variable in the batch file. The value of the %UserName% CM variable becomes the %4 variable in the batch file.

 

@echo off

 

echo    RAS Connection = %1

echo Tunnel Connection = %2

echo            Domain = %3

echo         User Name = %4

 

set MYSTATUS=

 

REM

REM  Network policy compliance tests

REM

 

REM

REM  Check if Internet Connection Firewall is enabled.

REM  Set ICFCHECK to 1 if it is (pass).

REM  Set ICFCHECK to 2 if it is not (fail).

REM

 

REM

REM  Check if Virus checker is running and has correct signature file installed.

REM  Set VIRCHECK to 1 if it is (pass).

REM  Set VIRCHECK to 2 if it is not (fail).

REM

 

REM

REM  Based on the test results, run Rqc.exe.

REM

 

if "%ICFCHECK%" == "2" goto :TESTFAIL

if "%VIRCHECK%" == "2" goto :TESTFAIL

 

rqc.exe %1 %2 7250 %3 %4 Version1

 

REM %1 = %DialRasEntry%

REM %2 = %TunnelRasEntry%

REM 7250 is the TCP port on which Rqs.exe is listening

REM %3 = %Domain%

REM %4 = %UserName%

REM Version1 is the script version string

 

REM

REM  Print out the status

REM

 

if "%ERRORLEVEL%" == "0" (

      set MYERRMSG=Success!

) else if "%ERRORLEVEL%" == "1" (

      set MYERRMSG=Unable to contact remote access gateway. Quarantine support may be disabled.

) else if "%ERRORLEVEL%" == "2" (

      set MYERRMSG=Access denied. Please install the Connection Manager profile from http://www.corpnet.example.com/remote_access_tshoot.asp and reconnect.

) else (

      set MYERRMSG=Unknown failure. The client will remain in quarantine mode.

)

echo %MYERRMSG%

goto :EOF

 

:TESTFAIL

echo

echo Your computer has failed network compliance tests. Either

echo Internet Connection Firewall is not enabled or you do not

echo have the correct virus-checking program with the current

echo signature file loaded. For information about how to configure

echo or install these components, see

echo http://www.corpnet.example.com/remote_access_tshoot.asp.

echo

 

:EOF

For additional script examples, see the free Sample Scripts for verifying client configuration for VPN Quarantine download.

Source: Microsoft Whitepaper