一段用于ISA2004的VPN隔离的检查客户终端MAC地址的VBS脚本
一段vbs脚本,已通过实验,检查终端MAC地址,配合ISA2004的VPN访问隔离控制,用于VPN客户端的唯一终端授权。其他相关资料关于如何建立VPN,起用VPN访问隔离,可参考MS Technet孔文达先生的《使用ISA2004部署企业远程访问与VPN架构》# p7 \& |" s7 B: Z1 y" l
脚本改编自其讲座中提到的“VPN隔离实验工具”中的ICF隔离脚本
5 y" B% O( Z2 F _) B' X# l
+ M: i0 ]' s$ k$ H1 I, H; _( f* g* o2 @! t6 H+ X2 ]* y
========== CheckMAC.vbs START =======================, Q7 W) Z5 r. |$ q' _7 g
Const RQScript_ID = "RQVersion3" 'must match AllowedSet registry value at server5 j; ^: H" k1 i' h
* R* _1 A6 n! mConst RQScript_Title = "Remote Access Quarantine"* R2 q- I3 A! r2 ]9 B7 ?
4 e% m1 M7 U* g6 V8 s7 v$ j5 h+ UConst RQ_Notifier = "RQC.exe"; Q- M5 Z w4 K* N; T
Const RQ_TCPport = 7250
* L/ Y4 q( \: H/ d. ]0 n1 n! D! M, ]) T' j
Main1 h, d5 F1 R1 {) e' a( E
, t4 J. u6 H" V b# [Sub Main
; O; E! V1 I0 r'-------& n" V/ @% U* \) o; Z: ]
Dim reply, msg
* |- _$ U' E' d' {2 m; r) S- s$ ?8 }8 z% P& c7 j
if VerifyClientConfig then
$ r! [2 y' d2 K' v; e
4 }5 `5 W% N# zreply = CallRQNotifier 'remove quarantine restrictions
" I# D$ |2 \4 a& w8 i) ~$ ]* m
7 R& W h4 I0 q: yselect case reply
8 u& E" R1 _# B Y" Y" Qcase 0 msg = "You are granted access."* G9 ]' C7 |+ I! J+ A- w- ]
case 1 msg = "ERROR - cannot contact RQS.exe."# c, G2 F5 H6 d; v- ]$ {
case 2 msg = "ERROR - unknown script identifier."$ G# V8 y+ m# i& J! h8 N
case else msg = "ERROR - unknown failure."
( D( q- [1 D! G) X+ c7 e3 z5 r# |& T9 s: Cend select
! @* K0 e! J3 Y, }! |! M1 T: N
' }& i7 ?0 K5 M/ H" fMsgbox "Security check:" & chr(13) & _
$ M9 R" h# U2 w0 I4 [3 T, ^3 Q"" & chr(13) & _% g1 b6 O6 u) M9 o3 V( _! n
"The security configuration of this computer" & chr(13) & _- |! z) N: a( s( y/ e! ~
"meets the remote access security policy." & chr(13) & _8 \( \# O- M: z3 c8 _
"" & chr(13) & _
1 @( J. V# i+ R- s: v/ Imsg & chr(13) & _. }. a& f+ e$ G, j1 L( ~
"", vbInformation + vbOKOnly, RQScript_Title
3 s r* n5 U0 T" z$ @1 P6 Y9 o( j* W/ H; O( z) ?& p }
else6 ^# W8 r" g% B( }+ H1 |
Msgbox "Security check:" & chr(13) & _
! j9 l, D6 S6 u! Z"" & chr(13) & _/ Q; {! [9 ^' n* j! y& ?1 `6 H
"The security configuration of this computer" & chr(13) & _* c: B8 r- v' X. q' ?
"does NOT meet the remote access security policy:" & chr(13) & _
; n' T7 d/ r; P3 F"" & chr(13) & _
- x$ v0 [" r9 e! u6 B9 \"- an unauthorized connection ." & chr(13) & _5 x8 F3 G7 e) N( i# B3 H
"" & chr(13) & _
+ Y( l$ j. P$ y8 W$ H: X"The connection will be dropped." & chr(13) & _1 N6 d2 P: }1 @) W7 Z( W" d \
"", vbExclamation + vbOKOnly, RQScript_Title \3 p5 Y+ Z# j) \9 e* B" T4 I
end if( R) a7 Q- k$ d- B! A8 l
End Sub
6 J5 G3 ~5 ]; G4 O$ ^# c1 C. m' N; p' I
, P4 |- ]: J' c* s2 s ~& dFunction VerifyClientConfig
: p, U6 [! Y1 ]: `0 [) d'--------------------------
, J( O- m! f. J* A, B' Returns true if client computer configuration passed all checks; |. I3 t! [4 E3 H- k! U
# b) k- n( ]& n. v* k4 X
Dim secure# [) ]# \5 [( ^9 ]. {. a) ^
' l( X5 t- a% \& h! @' O5 ysecure = Check_MACAddress 'check 1: test if MAC is belongs to Company/ s, l% d& `4 n
O4 e4 |- t& W% g" h& o9 M2 PVerifyClientConfig = secure
X/ I0 M. ?% _$ mEnd Function6 S1 p. O4 b9 T$ f! b
6 Q2 d* v, K% E& u0 o/ G5 `
Function Check_MACAddress
, [5 ^0 u9 x; Z1 K/ h7 v'--------------------------- V: a# k# s- z# I! w, x$ h q) Y
' Returns true if MAC Addresses are Allowed) A. Z& H2 y9 F
+ y' S! o* e. E
On Error Resume Next! P- D- F( x7 N( m2 g2 s8 v" w
strComputer = "."
6 P# k# g- u8 MSet objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")" f8 x6 }0 d- z# W- m7 g
Set colItems = objWMIService.ExecQuery("Select * from Win32_NetworkAdapterConfiguration WHERE IPEnabled = True"), s9 e# h; a' n7 x ^
For Each objItem in colItems# r, J4 D2 }6 }/ G& n1 e, l
If objItem.MACAddress = "AA:AA:AA:AA:AA:AA" Then# B/ {% t4 p9 q' x3 C
Check_MACAddress = true
" k$ @8 z! T2 n dExit For4 g8 ?) i2 _. N
Else
4 c' a/ K% I1 tCheck_MACAddress = false2 c2 N( }4 I! [* v# r9 I
End If $ Q4 d4 _& I/ {* A; ?8 m
Next
: | C$ X4 `; S0 T9 \* T+ I% [7 tEnd Function
, f$ \ _4 K- \
0 e+ _$ q0 w. ~; ]Function CallRQNotifier
1 i. y2 h6 D9 l' O3 W0 U'----------------------
; B4 a' j0 t' m; u% I' CallRQNotifier calls RQC.exe to signal security policy compliance
) s2 H; a8 J) h2 |' returns the RQC.exe return code:/ ^! W( Q5 u% i6 T$ N4 h; b* R
' -1=rqc.exe not found / 0=success / 1=rqs.exe not found / 2=unknown script id; C, K6 ]$ k* G/ k- F$ n1 k( v
& G, f! R d" l6 p
Const runMinimized = 7 'run in minimized window2 p- N* K6 @# B8 I: V# b0 t
Const runWaitOnReturn = true 'wait on return+ O+ P$ ~9 {) {- q# H' r+ v+ A
% u; a' i8 A- x, f0 s+ E4 D7 I, d
Dim wsh, fso, ScriptPath, reply
! @' F( I( Z. `% y3 O2 `- QSet wsh = CreateObject("WScript.Shell")
* J! N! r$ E1 ~7 uSet fso = CreateObject("Scripting.FileSystemObject")
8 a1 [! ~# X0 C
o; e4 ?' I& _; n4 {2 q3 W5 A6 \ScriptPath = fso.GetFile(WScript.ScriptFullname).ParentFolder
' I; E# G6 u ^0 ^/ b
I+ ]$ u0 Y0 ^7 R& ]; g- D: M8 breply = wsh.Run( QQ(scriptpath & "\" & RQ_Notifier) & " " _) k% r! X X& C4 A4 }
& QQ(GetArg(1)) & " " & QQ(GetArg(2)) & " " & RQ_TCPport & " " _0 ]" g6 o4 Z7 V% O7 F, n( h
& QQ(GetArg(3)) & " " & QQ(GetArg(4)) & " " & QQ(RQScript_ID), _
: X! z/ U; @+ K) Y( t orunMinimized, runWaitOnReturn )
; m0 c9 b+ H0 k1 r" A, S# u2 h v6 k h! c! N$ R$ m, S0 M; K
CallRQNotifier = reply
7 l7 n+ |9 [9 H% I+ uEnd Function8 d7 E3 s W8 f+ k# o/ q
/ {& r5 v) a6 M) T+ P c'---------------------- |2 n. X3 s& [! N
' Library
# G" w2 N( w+ i- w/ g" w7 _'---------------------
" x. j" ^* C8 V0 ~ O; Z" B* R) U# b) n
Function QQ(s)7 ~1 D/ j; }' A& u3 Q7 W. f
'------------! k8 ?2 ~1 i; U% M
' Returns s with double quotes "s"
3 p, N% K* s" v' U# }0 p- Q: D. M* [1 w' V9 c% L- Q, r
QQ = chr(34) & s & chr(34)
- a9 I: Z' L8 S; E5 N& cEnd Function# p! a. A! Y- @4 q. ~9 H
5 K- `6 u2 K3 m# j7 t& z
Function GetArg(i)
9 ~/ ~& F6 s f4 z'-----------------7 s( Y: D6 z- k1 \5 K, g
' Returns argument i, or "" if argument i is not present
3 w& ^" O* o k4 L$ }: L; {1 A5 A, @) ~+ Z# L, ?0 @0 x
if WScript.Arguments.Count < i then
3 L# q) B/ k" W4 r2 F6 UGetArg = ""2 c& a0 ]; s( S$ R
else
/ w9 }0 h9 M5 ?. FGetArg = WScript.Arguments(i-1)
4 w9 n: w0 e7 E4 a8 q; L1 z: yend if
4 _7 V5 z. y" ^+ a6 _5 {/ P! H" ~End Function
. V7 S4 `$ \: c, s8 f* r' {; _ Y/ R% u( D. S# K+ W3 e
4 \' ]4 S; L! X7 u
================= END ==================
