More and more wireless/wifi network used around us. But, some enterprise have the need to limit the access to the wireless/wifi network on the production environment for some security concern. Some of our customers only allow the wireline network, but block or limit the wireless/wifi connection.
We can use HI policy to archive this requirement. Just use VBS to query the network properties by WMI. If the enduser conenct more than one network on the endpoint, the HI check will fail.
Below is the detailed steps:
1. From SEPM, add a HI policy:
2. Add a Customized Requirement:
3. Add: Utility: Run a script:
Here is the source code of the VBS:
On Error Resume Next
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Symantec"
strValueName = "Network connects Status"
dwValue = 0
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_NetworkAdapter where AdapterType = 'Ethernet 802.3' and NetConnectionStatus = 2 ")
For Each objItem in colItems
dwValue = dwValue + 1
Next
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
4. Add: If...Then...
5. Under If, add: Registry: Registry value equals:
6. For Then, add Utility: Show message dialog:
7. Add Return: FAIL:
8. Assign this HI policy to the endpoint.
If the user connect more than one network on the endpoint, then, there will be a message as below:
END.