一段用于ISA2004的VPN隔离的检查客户终端MAC地址的VBS脚本 (阅览 1166 次)

一段vbs脚本，已通过实验，检查终端MAC地址，配合ISA2004的VPN访问隔离控制，用于VPN客户端的唯一终端授权。其他相关资料关于如何建立VPN，起用VPN访问隔离，可参考MS Technet孔文达先生的《使用ISA2004部署企业远程访问与VPN架构》
脚本改编自其讲座中提到的“VPN隔离实验工具”中的ICF隔离脚本


========== CheckMAC.vbs START =======================
Const RQScript_ID = "RQVersion3" 'must match AllowedSet registry value at server

Const RQScript_Title = "Remote Access Quarantine"

Const RQ_Notifier = "RQC.exe"
Const RQ_TCPport = 7250

Main

Sub Main
'-------
Dim reply, msg

if VerifyClientConfig then

reply = CallRQNotifier 'remove quarantine restrictions

select case reply
case 0 msg = "You are granted access."
case 1 msg = "ERROR - cannot contact RQS.exe."
case 2 msg = "ERROR - unknown script. identifier."
case else msg = "ERROR - unknown failure."
end select

Msgbox "Security check:" & chr(13) & _
"" & chr(13) & _
"The security configuration of this computer" & chr(13) & _
"meets the remote access security policy." & chr(13) & _
"" & chr(13) & _
msg & chr(13) & _
"", vbInformation + vbOKOnly, RQScript_Title

else
Msgbox "Security check:" & chr(13) & _
"" & chr(13) & _
"The security configuration of this computer" & chr(13) & _
"does NOT meet the remote access security policy:" & chr(13) & _
"" & chr(13) & _
"- an unauthorized connection ." & chr(13) & _
"" & chr(13) & _
"The connection will be dropped." & chr(13) & _
"", vbExclamation + vbOKOnly, RQScript_Title
end if
End Sub


Function VerifyClientConfig
'--------------------------
' Returns true if client computer configuration passed all checks

Dim secure

secure = Check_MACAddress 'check 1: test if MAC is belongs to Company

VerifyClientConfig = secure
End Function

Function Check_MACAddress
'--------------------------
' Returns true if MAC Addresses are Allowed

On Error Resume Next
strComputer = "."
Set bjWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_NetworkAdapterConfiguration WHERE IPEnabled = True")
For Each objItem in colItems
If objItem.MACAddress = "AA:AA:AA:AA:AA:AA" Then
Check_MACAddress = true
Exit For
Else
Check_MACAddress = false
End If
Next
End Function

Function CallRQNotifier
'----------------------
' CallRQNotifier calls RQC.exe to signal security policy compliance
' returns the RQC.exe return code:
' -1=rqc.exe not found / 0=success / 1=rqs.exe not found / 2=unknown script. id

Const runMinimized = 7 'run in minimized window
Const runWaitOnReturn = true 'wait on return

Dim wsh, fso, ScriptPath, reply
Set wsh = CreateObject("WScript.Shell")
Set fso = CreateObject("Scripting.FileSystemObject")

ScriptPath = fso.GetFile(WScript.ScriptFullname).ParentFolder

reply = wsh.Run( QQ(scriptpath & "\" & RQ_Notifier) & " " _
& QQ(GetArg(1)) & " " & QQ(GetArg(2)) & " " & RQ_TCPport & " " _
& QQ(GetArg(3)) & " " & QQ(GetArg(4)) & " " & QQ(RQScript_ID), _
runMinimized, runWaitOnReturn )

CallRQNotifier = reply
End Function

'---------------------
' Library
'---------------------

Function QQ(s)
'------------
' Returns s with double quotes "s"

QQ = chr(34) & s & chr(34)
End Function

Function GetArg(i)
'-----------------
' Returns argument i, or "" if argument i is not present

if WScript.Arguments.Count < i then
GetArg = ""
else
GetArg = WScript.Arguments(i-1)
end if
End Function