Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

validating logon server availability

Status
Not open for further replies.
DougInCanada

DougInCanada

Technical User
Feb 1, 2004
98
CA
Hi Folks,

I'm running a segment in my little login script for laptops to determine if they have been authenticated to a DC at that specific login.

Unfortunately, if I run

LogonServer = WSHShell.Environment("PROCESS").Item("LOGONSERVER")

it just tells me the logon server that originally authenticated that network logon, but not if the user is currently connected to the network and authenticated to a DC.

I'd like to validate if the user is connected to the same network as the domain that user is currently logging in to at each login attempt, so either I :

- check to see if the computer can connect to the DC at logon

or

- refresh WSHShell.Environment("PROCESS").Item("LOGONSERVER") every logon.

or possibly some other approach, if someone can think of one.

Help on this would be much appreciated, as it would resolve a recurring issue we're presently experiencing.

Regards,

DougInCanada

 
Sort by date Sort by votes
I'd like to validate if the user is connected to the same network as the domain that user is currently logging in to at each login attempt
Click to expand...

Compare the IP address of the host and the server

You can also check the DCName of both host and server to verify they are on the same network.

Code: 
CONST HKEY_LOCAL_MACHINE  = &H80000002
strComputer = "."

set objReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")

objReg.GetStringValue HKEY_LOCAL_MACHINE, "SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History", "DCName", strNetworkName

-Geates

"I hope I can feel and see the change - stop the bleed inside a feel again. Cut the chain of lies you've been feeding my veins; I've got nothing to say to you!"
-Infected Mushroom

"I do not offer answers, only considerations."
- Geates's Disclaimer
 
Upvote 0 Downvote
It's not so much if they are on the same network, as much as it's if they are connected to the domain / LAN or if they're disconnected / on WIFI.

This would allow me to stop the Windows Zero Config service when they're plugged into the LAN.

If the user logs onto a laptop with their domain account and they're not connected to the LAN, the logon server still comes up as the DC, but in fact they haven't actually authenticated to the DC / LAN.

I want to know when this scenario occurs so that I can stop the service autmatically at logon.
 
Upvote 0 Downvote
It's not so much if they are on the same network, as much as it's if they are connected to the domain / LAN or if they're disconnected / on WIFI.
Click to expand...

Is your WIFI VLAN considerably different from you LAN? You could collect all Physical NIC connections and cycle through them checking the IP. If at least one in on the LAN, you know they are plugged in.

Example
Code: 
CONST WIFI_VLAN = "10.40"
CONST LAN_VLAN = "10.15"

set objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
set colPhysicalNICs = objWMI.ExecQuery("Select * From Win32_NetworkAdapter")

for each objNIC in colPhysicalNICs
	if NOT (isNull(objNIC.NetConnectionID)) then
		strType = lcase(left(objNIC.NetConnectionID, inStr(objNIC.NetConnectionID, " ") - 1))
		if (strType = "local") then 'Local Area Connection #n
			set objNICcfg = objWMI.ExecQuery("Select * From Win32_NetworkAdapterConfiguration Where MACAddress = '" & objNIC.MACAddress & "'")
			for each objItem in objNICcfg
				if (left(join(objItem.IPAddress, ","), len(LAN_VLAN), = LAN_VLAN) then
					'This NIC is plugged into the LAN
				end if
			next 
		end if
	end if
next

If the user logs onto a laptop with their domain account and they're not connected to the LAN, the logon server still comes up as the DC, but in fact they haven't actually authenticated to the DC / LAN.
Click to expand...

Domain accounts are locally cached for instances just like this. When no connection to the DC is available, the account is authenticated against the cache copy. Not sure how to get around this.

-Geates


"I hope I can feel and see the change - stop the bleed inside a feel again. Cut the chain of lies you've been feeding my veins; I've got nothing to say to you!"
-Infected Mushroom

"I do not offer answers, only considerations."
- Geates's Disclaimer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Z3braa
  • Locked
  • Question
Remove specific computer name in Logon Workstation from from all users in AD, with VBScript
Replies
0
Views
179
Z3braa
Z3braa
TheEagleEyes
  • Locked
  • Question
logon script minimized to task bar
Replies
0
Views
105
TheEagleEyes
TheEagleEyes
Don Child
  • Locked
  • Question
How to check connectivity of SFTP server, get a return code, & immediately exit with the return
Replies
1
Views
166
Don Child
Don Child
Mike M
  • Locked
  • Question
Launch VBS on file server from HTML
Replies
1
Views
113
xwb
xwb
KatiS
  • Locked
  • Question
Calling Client side function from server side
Replies
0
Views
74
KatiS
KatiS

Part and Inventory Search

Sponsor

Back
Top