automatic disabling of wireless connection while connected..

[Guest]

Archived from groups: (More info?)

I would like to (programmatically, or through a group policy) disable
the wireless interface on individual workstations iff the wired
interface is already active.

For example, we have many laptops with both wired and wireless
capability. While they are logged into the LAN at work, we want to
prevent them from connecting to the unprotected free access point in
the coffee shop next door. It's not that individuals necessarily do so

out of malice - they come in from a previous hotspot and their
operating environment automatically connects them to both, in effect
granting a split tunnel (and huge security problem).

Assuming I have some of the regular security tools available for my
workgroup (domain GPO, Norton AntiVirus), what can I do?

Thanks to you very much,
..Chu.

 

[Guest]

Archived from groups: (More info?)

In alt.internet.wireless Chu <chunews@gmail.com> wrote:
> I would like to (programmatically, or through a group policy) disable
> the wireless interface on individual workstations iff the wired
> interface is already active.

login scripts? scheduled jobs?
The technique, once you get it to run, is simple enough.

If there is a valid IP address on the wired interface, run a command to
disable the wireless adapter.

I run mine manually, when I remember.

<http://support.microsoft.com/default.aspx?scid=kb;en-us;311272> provides
an executable called DevCon for Device Control.

devcon status * > all_devices.txt
will give a text file with all of the devices and the current status.
Find the name of your WiFi card there... Mine is an SMC2435W.

PCI\VEN_104C&DEV_8400&SUBSYS_8402104C&REV_00\5&2509CBFA&0&0051F0
Name: SMC2435W 22 Mbps Wireless Cardbus Adapter

devcon status "PCI\VEN_104C&DEV_8400*"
ensure that this shows only the status from the one device that you want to
affect. (It's interesting what shows up under the same "VEN_" number.)

I made a batch file with one line:
devcon %1 "PCI\VEN_104C&DEV_8400*"

then I put two shortcuts to the bat file on my desktop, adjusting the
properties so that one has a "target" of the bat file enable, and another
shortcut for disable.
"C:\downloads\DevCon\2435.bat" enable
I even picked clever icons for the two shortcuts ;-)

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5

 

[Guest]

Archived from groups: (More info?)

"Chu" <chunews@gmail.com> wrote in message
news:1127770046.912249.285060@f14g2000cwb.googlegroups.com...
>I would like to (programmatically, or through a group policy) disable
> the wireless interface on individual workstations iff the wired
> interface is already active.
>

You could get Netswitcher for a start and have your server set up so that
whenever it detects a new device attached to the wired network that it
forces Netswitcher to that machine and runs it. Netswitcher can be
configured to only work through the desired NIC.

Also, do you have a "welcome" interface on your network? You could configure
it to force all this.