# Cheezy NETSH Question



## Excabus (Nov 3, 2010)

Hey Folks,

Situation is - I have many mobile clients. 9 to be exact. These clients are always moving, switching between 2 different wireless networks and constantly connected to one other. Getting the data connections to play nice and their associated programs has been quite the chore. Right now we have 802.11 when our mobile clients are in designated hot spots, Verizon Wireless Data cards for when they are on the road, and a radio connection over ethernet for some other data a program is using. The issue I am having is the fighting Verizon and 802.11 do. The VZAccess Manager Enterprise doesn't work with RADIUS for some reason, and it's real shoddy at pulling down an IP address. Our clients are Domain Clients and need that wireless connection to login. Well the VZAccess Manager likes to kill the Windows Wireless Connections and turn off auto-connect so it kills the wireless signal we are using for logins and it's just a huge pain.

So if you have any reccomendations, great!

However i've taken a different step to trying to sort out these connectivity issues. We have implemented WPA2-PSK-AES for the mobile clients insteads of RADIUS authentication. The theory here is we can write a batch script to connect to the wireless network as a service at boot up. Great!

Now what if we want to switch networks? There is a few different ones around our work area we like to utilize. For these needs I setup a Windows Gadget with buttons which fire up batch scripts to connect to various networks. Works fine. I however would like to also utilize this to allow our clients to connect to the Verizon Network. Any idea on how to batch script a connect to the Verizon Network? I have been able to connect to it before WITHOUT VZAccess Manager by connecting and disconnecting adapters and connection the the network connections manager. I was wondering if perhaps these connections could be controlled with NETSH or if perhaps there is Verizon utilities which could be run through the command prompt? This way I could make it much easier for our clients to manage their connections with a little gadget where they can click to connect and disconnect connections and the sort...

Also on the note of the gadget, is there a way to deploy the same gadget across all profiles in a Domain Environment? This way when a user logs into a different computer they will still have their connection gadget. If I got rid of VZaccess and made this gadget and then it disappeared on them when they switched computers.... I might get shot.

Right now we have our network connections band aided into working fashion, but we run into alot of little issues when a connection goes down and someone's profile is out of sync with the DC because their PC's wireless is down.

Hell does anyone have any white papers on Wireless Clients in a Domain Environment?

Thanks a *TON* guys! (and gals! :grin: )

Edit - Sorry if this is in the wrong place, I put it in programming because of the batch scripts. Not quite programming... but kinda. Wireless or Scripting I guess...

Thanks


----------



## TheOutcaste (Mar 19, 2009)

Don't have a Verizon Data connection, so can't be much help there. Is it seen my NETSH as a Wireless interface, or a LAN interface?
Run these commands when connected to see if it's seen as a wireless connection:
*netsh lan show interfaces
netsh wlan show interfaces*

If Wireless, you should be able to control it using *Netsh wlan connect* and *Netsh wlan Disconnect*.
Type *Netsh wlan connect /?* for syntax

If LAN, you can enable and disable the Verizon connection with *Netsh interface set interface Name="<name of Verizon interface>" admin=DISABLED|ENABLED*
Type *Netsh interface set interface /?* for syntax

You'd need to make sure the interface names were the same on all systems; with only 9 clients shouldn't be too hard, easier than trying to write a script to determine the interface names.

For the various wireless networks you can create a profile for each network on one system, then export them to xml files. Then use a logon script via Group Policy to import them on each system if they don't already exist, as well as copying your gadget software if needed.

Is this what your current scripts are doing to switch wireless connections?

Make sure you use a non-generic name for each profile. If the Network name is just the router brand/model, those names could be used anywhere. Something like *Acme 4th floor conference room* or *Acme Main Lobby* will make it easy to see if the correct profiles exist.

Then you can check if they are present using *netsh wlan show profile* and pipe it to *findstr* to verify if they are present.


----------



## Excabus (Nov 3, 2010)

Hey thanks a ton for the information. I'm not too familiar with Netsh so that's definitely a place to start. I will let ya know how it works out, and if everything pans out i'll share my scripts for the gadget and batches with everyone in case they would like to do the same.

As for the profile names it should be fine. We have unique names for our profiles for our networks.

I will report back soon, thanks!


----------



## Excabus (Nov 3, 2010)

Hey sorry for the double. Finally got around here at work to look at this a bit more. It looks like netsh doesn't recognize these as wired or wireless connections. I guess my next option is either find a propietary suite of tools for either my mobile broadband chip in my computer or from Verizon for managing their connections.

I will dig more and come up with my results. I see that people are able to do similar things with scripts in Linux. However all of my clients are Windows 7 x32 Pro.

Another trick is going to be deploying the gadget for all user profiles. Apparently you can do it with Unattend.xml in a WDS deployment or something of the sort but all of our mobile client licenses are OEM and I doubt I can make the brass spring for enterprise licensing to allow me to build custom images. Plus the 50+ hours i'm sure it would take to test the image for successful deployment after each application is added...

It's a **** shoot either way I guess. Our clients for the most part aren't tech savvy given the nature of their job. Not a bad thing, but I have to apply the KISS standard to everything I push out to these guys. Thus the gadget idea. Never thought managing three dynamic wireless connections in a mobile environment using Win 7 would be such a bear...

I'll keep plugging away! When I get it done, if I find some good advice or suggestions to help me alleviate my problems, I will definitely share all my crappy scripts 

Any suggestions on a packager so I can .exe/.msi install the gadget into it's directory and all the connection scripts into the directory they need to go?

Thanks a ton guys!


----------



## TheOutcaste (Mar 19, 2009)

How odd, you'd think it would have to be classed as LAN or WLAN, at least when it's connected. Might not appear if it's not being used I guess; you did check while that connection was active?

I've not used any install packagers, but have heard NSIS mentioned a few times, which can be downloaded from SourceForge:
Nullsoft Scriptable Install System

If it's just a matter of copying some files, a 7-zip/WinRar/Winzip Self Extracting archive might work. Not sure if any of them can easily copy files into system folders like Program Files on Vista/Win 7 though.


----------



## Excabus (Nov 3, 2010)

Hey thanks for the input. Nope it doesn't show up as either LAN or WLAN whether it is on or off. It would have to show up when it's off regardless in order for me to make some kind of script to connect it to the network while it is disconnected.

The reason if I have outlined it already, too lazy to scroll up, is that our clients were constantly being booted from our Wireless network in our lot which they park in. Because of this active directory settings like changed passwords, folders and files, etc etc weren't getting to or showing up on their computers. The wireless was being disconnected by VZAccess manager which is why I was aiming for a scriptable solution to manage that Mobile Broadband Connection. One thing VZAccess did was disconnect it, AND turn of auto-connect so it wouldn't connect back up. So a client would get in their car, connect to VZAccess Connection and their VPN and then they would lose the wireless, never notice it, turn off the PC and end their shift. Then another user who was using a different computer then switched to that one, would be missing things they may have changed. Primarily passwords, or if it was a PC they never logged into before they couldnt log in because the PC couldn't reach the DC.

HOWEVER, we use Radius for wireless authentication. One of our guys in our team found a gem digging around in group policies while setting up some RSA stuff. We can force a system level connection using the policies and active directory OU's. So far it seems good and consistent, now we have to test it with VZAccess. The hope is, that VZAccess won't be able to get rid of the auto-connect or manipulate the connection because it is managed by a higher privelage or however you want to word it. So the theory is now, AD Policy tells computers to always connect when in range to this network, the connection can't be fudged with by the clients so VZAccess won't be able to fudge with it, everyone's happy. The RADIUS is authenticated by machine so I think it should work well? I will be testing today.

As for the installer I used InstallJammer. Open-Source installer with a great GUI for building installers. I would really recommend it. All it does it take the batch scripts which the gadget runs and put them in the directory they should be in (the root of C) and put the gadget folder in the gadget directory. Works like a champ.

Thanks for all the valued input OutCaste! I hope other people find valuable information in here because i've been banging my head against this for a little bit. I guess it wouldn't hurt to read some sort of white papers before working on these projects but... who has time to do that? haha.

Rock on!


----------

