一段用于ISA2004的VPN隔离的检查客户终端MAC地址的VBS脚本
/ns/wz/net/data/20060226002010.htm
一段vbs脚本,已通过实验,检查终端MAC地址,配合ISA2004的VPN访问隔离控制,用于VPN客户端的唯一终端授权。其他相关资料关于如何建立VPN,起用VPN访问隔离,可参考MS Technet孔文达先生的《使用ISA2004部署企业远程访问与VPN架构》
脚本改编自其讲座中提到的“VPN隔离实验工具”中的ICF隔离脚本
========== CheckMAC.vbs START =======================
Const RQScript_ID = "RQVersion3" 'must match AllowedSet registry value at server
Const RQScript_Title = "Remote Access Quarantine"
Const RQ_Notifier = "RQC.exe"
Const RQ_TCPport = 7250
Main
Sub Main
'-------
Dim reply, msg
if VerifyClientConfig then
reply = CallRQNotifier 'remove quarantine restrictions
select case reply
case 0 msg = "You are granted access."
case 1 msg = "ERROR - cannot contact RQS.exe."
case 2 msg = "ERROR - unknown script identifier."
case else msg = "ERROR - unknown failure."
end select
Msgbox "Security check:" & chr(13) & _
"" & chr(13) & _
"The security configuration of this computer" & chr(13) & _
"meets the remote access security policy." & chr(13) & _
"" & chr(13) & _
msg & chr(13) & _
"", vbInformation + vbOKOnly, RQScript_Title
else
Msgbox "Security check:" & chr(13) & _
"" & chr(13) & _
"The security configuration of this computer" & chr(13) & _
"does NOT meet the remote access security policy:" & chr(13) & _
"" & chr(13) & _
"- an unauthorized connection ." & chr(13) & _
"" & chr(13) & _
"The connection will be dropped." & chr(13) & _
"", vbExclamation + vbOKOnly, RQScript_Title
end if
End Sub
Function VerifyClientConfig
'--------------------------
' Returns true if client computer configuration passed all checks
Dim secure
secure = Check_MACAddress 'check 1: test if MAC is belongs to Company
VerifyClientConfig = secure
End Function
Function Check_MACAddress
'--------------------------
' Returns true if MAC Addresses are Allowed
On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")
For Each objItem in colItems
If objItem.MACAddress = "AA:AA:AA:AA:AA:AA" Then
Check_MACAddress = true
Exit For
Else
Check_MACAddress = false
End If
Next
End Function
Function CallRQNotifier
'----------------------
' CallRQNotifier calls RQC.exe to signal security policy compliance
' returns the RQC.exe return code:
' -1=rqc.exe not found / 0=success / 1=rqs.exe not found / 2=unknown script id
Const runMinimized = 7 'run in minimized window
Const runWaitOnReturn = true 'wait on return
Dim wsh, fso, ScriptPath, reply
Set wsh = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")
ScriptPath = fso.GetFile(WScript.ScriptFullname).ParentFolder
reply = wsh.Run( QQ(scriptpath & "\" & RQ_Notifier) & " " _
& QQ(GetArg(1)) & " " & QQ(GetArg(2)) & " " & RQ_TCPport & " " _
& QQ(GetArg(3)) & " " & QQ(GetArg(4)) & " " & QQ(RQScript_ID), _
runMinimized, runWaitOnReturn )
CallRQNotifier = reply
End Function
'---------------------
' Library
'---------------------
Function QQ(s)
'------------
' Returns s with double quotes "s"
QQ = chr(34) & s & chr(34)
End Function
Function GetArg(i)
'-----------------
' Returns argument i, or "" if argument i is not present
if WScript.Arguments.Count < i then
GetArg = ""
else
GetArg = WScript.Arguments(i-1)
end if
End Function
================= END ==================
一些相关连接:
TechNet 脚本中心 http://www.netscum.dk/china/technet/community/scriptcenter/default.mspx
===============================================
本文版权属20CN网络安全小组及其作者所有,如有转载,请保持文章完整性并注明出处
文章类型:原创 提交:Aoming 核查:NetDemon