diff --git a/MachineAuth/$PLUGINSDIR/System.dll b/MachineAuth/$PLUGINSDIR/System.dll
new file mode 100644
index 0000000..57c84d5
Binary files /dev/null and b/MachineAuth/$PLUGINSDIR/System.dll differ
diff --git a/MachineAuth/$PLUGINSDIR/nsExec.dll b/MachineAuth/$PLUGINSDIR/nsExec.dll
new file mode 100644
index 0000000..1daa13c
Binary files /dev/null and b/MachineAuth/$PLUGINSDIR/nsExec.dll differ
diff --git a/MachineAuth/8021x.xml b/MachineAuth/8021x.xml
new file mode 100644
index 0000000..9e8373c
--- /dev/null
+++ b/MachineAuth/8021x.xml
@@ -0,0 +1,14 @@
+
+
+
+
+ false
+ true
+
+ true
+ machine
+ 2500025false71 bf 35 6d d6 a5 08 45 22 f7 0d 68 5a 8b e0 71 be ba da a4 18 ad d0 34 a2 ef 3e 6d c8 8b a2 3f 65 b9 0b d5 0f fe 08 b0 fd 92 c4 c7 cd 49 d2 8d dd 08 55 1c e2 f0 8b 33 c8 db c4 55 2b 8f 1b 57 33 0d bb a2 d0 7a 6c 51 f7 0e e9 0d da b9 ad 8e truefalse26truefalsefalsetruefalse
+
+
+
+
diff --git a/MachineAuth/AESFMA.xml b/MachineAuth/AESFMA.xml
new file mode 100644
index 0000000..b991be3
--- /dev/null
+++ b/MachineAuth/AESFMA.xml
@@ -0,0 +1,27 @@
+
+
+ AESFMA
+
+
+ 414553464D41
+ AESFMA
+
+ false
+
+ ESS
+ auto
+ false
+
+
+
+ WPA2
+ AES
+ true
+
+
+ machine
+ 1300013truefalse27 f0 c9 a2 2b 28 ce 76 87 b1 15 a2 9e 31 bf 4b 3a bb 18 0f falsetruefalse
+
+
+
+
diff --git a/MachineAuth/MA3NetworkConfigv4.bat b/MachineAuth/MA3NetworkConfigv4.bat
new file mode 100644
index 0000000..525c967
--- /dev/null
+++ b/MachineAuth/MA3NetworkConfigv4.bat
@@ -0,0 +1,125 @@
+@ECHO OFF
+setlocal EnableDelayedExpansion
+REM Machine Authentication Network Configuration Batch file to configure shop floor PC for connection to machine VLAN via 802.1x.
+REM Connectivity is via standard tech - 802.1x, ACS, and AD group membership (for wired connections) or Device Issued Certificates (for AESFMA)
+REM This file needs to be executed with admin privilege from C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01\
+REM These files must exist in C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01\
+REM - MA3NetworkConfigv4.bat (this file)
+REM - 8021x.xml
+REM - AESFMA.xml
+REM No reboot is required.
+REM Script can be run multiple times with no detrimental impact to the machine.
+REM This will not remove the connection to GESFMA. It will not change the wired network from the MA 2.0 settings.
+REM Machine will experience temporary loss of network as the service is cycled.
+REM Works for both wired and wireless machines.
+REM Script usually runs to completion in under 30 seconds.
+REM Upon completion, machine will have 'native' vault access. Test to confirm.
+REM ASSUMPTION THAT WIRED OR WIRELESS INTERFACE FOLLOW STANDARD CONVENTION - Local Area Connection, Local Area Connection 2, Wireless Network Connection, Wireless Network Connection 2 etc
+
+ECHO:
+ECHO Configuring machine for Machine Authentication 3.0 VLAN connectivity
+ECHO:
+
+REM SEED DEFAULT INTERFACES
+REM THE * FOR WIRELESS TREATS THE MACHINE AS WIRED. AESFMA PROFILE IS ADDED TO ALL WIRELESS INTERFACES. THIS ENSURES WIRELESS WORKS SHOULD THE MACHINE MIGRATE FROM WIRED > WIRELESS
+SET sf_LNWLC=
+SET sf_NW=
+SET sf_WNWLC=
+SET sf_WinVer=
+SET sf_ExecPath=C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01
+
+REM GET WINDOWS VERSION - 7 OR 10. IF NOT WIN10, ASSUME WIN7
+FOR /f "tokens=4-5 delims=[.] " %%i in ('ver') DO (
+ SET sf_WinVer=%%i.%%j
+)
+IF %sf_WinVer%==10.0 (
+ goto CONFIGWIN10
+)
+IF %sf_WinVer%==6.1 (
+ goto CONFIGWIN7
+)
+
+:CONFIGWIN7
+REM WIRED OR WIRELESS?
+REM CHECK IF CURRENTLY CONNECTED TO WIRED OR WIRELESS
+REM FIND CONNECTED LAN INTERFACE THAT STARTS WITH "Local ..." AND WLAN STARTING WITH "Wireless ..." WHICH IS STANDARD CONVENTION
+SET sf_LNWLC=Local Area Connection
+SET sf_WNWLC=Wireless Network Connection
+FOR /f "skip=2 tokens=5*" %%a IN ('netsh interface ipv4 show Interfaces ^| find /V /i "disconnected"') Do (
+ IF %%a==Local (
+ SET sf_NW=LAN
+ goto INTERFACEFOUND
+ )
+ IF %%a==Wireless (
+ SET sf_NW=WLAN
+ goto INTERFACEFOUND
+ )
+)
+
+:CONFIGWIN10
+SET sf_LNWLC=Ethernet
+SET sf_WNWLC=Wi-Fi
+FOR /f "skip=2 tokens=5*" %%a IN ('netsh interface ipv4 show Interfaces ^| find /V /i "disconnected"') Do (
+ IF %%a==Ethernet (
+ SET sf_NW=LAN
+ goto INTERFACEFOUND
+ )
+ IF %%a==Wi-Fi (
+ SET sf_NW=WLAN
+ goto INTERFACEFOUND
+ )
+)
+
+:INTERFACEFOUND
+ECHO:
+ECHO Windows Version = %sf_WinVer%
+ECHO LAN Interface = %sf_LNWLC%
+ECHO WLAN Interface = %sf_WNWLC%
+ECHO Configuring Active Interface = %sf_NW%
+ECHO:
+
+REM MAY NOT EXIST BUT SUPPRESS IT TO ALLOW BOTH WIRED AND WIRELESS CONFIG
+NET STOP "NetworkAdapterManager"
+
+ECHO:
+ECHO Configuring wired interface for 802.1x. HELPMSG 2182 can be ignored.
+ECHO:
+REM CONFIG WIRED FOR 802.1x
+sc config dot3svc start= auto
+NET START "Wired AutoConfig" /n
+ECHO:
+ECHO Importing to wired interface "%sf_LNWLC%"
+ECHO:
+netsh lan add profile filename="%sf_ExecPath%\8021x.xml" interface="%sf_LNWLC%"
+
+ECHO:
+ECHO Configuring wireless interface for 802.1x. HELPMSG 2182 can be ignored.
+ECHO:
+REM ADD AESFMA WIRELESS SSID
+sc config Wlansvc start= auto
+NET START "WLAN AutoConfig" /n
+ECHO:
+ECHO Importing to wireless interface "%sf_WNWLC%"
+ECHO:
+netsh wlan add profile filename="%sf_ExecPath%\AESFMA.xml" interface="%sf_WNWLC%"
+
+REM REFRESH NETWORK. IF MACHINE WAS ID AS WIRED, STOP WIRELESS AND CYCLE LAN.
+if %sf_NW%==LAN (
+REM NET STOP "WLAN AutoConfig" /n
+ netsh lan reconnect interface="%sf_LNWLC%"
+)
+
+REM REFRESH NETWORK. IF MACHINE WAS ID AS WIRELESS, STOP WIRED AND CYCLE WLAN.
+if %sf_NW%==WLAN (
+REM NET STOP "Wired AutoConfig" /n
+ netsh wlan connect name=AESFMA ssid=AESFMA interface="%sf_WNWLC%"
+)
+
+NET START "NetworkAdapterManager"
+
+ECHO:
+ECHO Cycling Network Connections ...
+ECHO:
+REM GIVE NETWORK TIME TO REFRESH
+timeout /T 10 /NOBREAK
+EXIT
diff --git a/MachineAuth/MachineAuth.iss b/MachineAuth/MachineAuth.iss
new file mode 100644
index 0000000..4f95e31
--- /dev/null
+++ b/MachineAuth/MachineAuth.iss
@@ -0,0 +1,503 @@
+; ============================================================================
+; Machine Authentication 3.0 Network Configuration
+; Configures shop floor PCs for 802.1x/ISE Machine VLAN connectivity
+; ============================================================================
+;
+; This installer configures:
+; - Wired network: 802.1x using Corporate Holdings RADIUS servers
+; - Wireless network: AESFMA SSID using Aerospace FreeRADIUS servers
+;
+; Silent Installation:
+; MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES /LOG="C:\ma3.log"
+;
+; ============================================================================
+
+[Setup]
+AppId={{8A3B4C5D-6E7F-8901-2345-6789ABCDEF01}}
+AppName=Machine Authentication 3.0
+AppVersion=4.0
+AppPublisher=GE Aerospace
+DefaultDirName={tmp}\MachineAuth
+CreateAppDir=no
+PrivilegesRequired=admin
+OutputDir=Output
+OutputBaseFilename=MachineAuthSetup
+SolidCompression=yes
+Compression=lzma2
+WizardStyle=modern
+SetupIconFile=gea-logo.ico
+WizardImageFile=banner.bmp
+WizardSmallImageFile=banner-sm.bmp
+DisableWelcomePage=no
+DisableDirPage=yes
+DisableProgramGroupPage=yes
+DisableReadyPage=no
+DisableFinishedPage=no
+Uninstallable=no
+
+[Languages]
+Name: "english"; MessagesFile: "compiler:Default.isl"
+
+[Messages]
+WelcomeLabel2=This will configure your PC for Machine Authentication 3.0 VLAN connectivity.%n%nThis configures 802.1x authentication for both wired and wireless network interfaces.%n%nYour network connection will be briefly interrupted during configuration.%n%nClick Next to continue.
+
+[Files]
+; Include the XML profile files - extract to temp
+Source: "8021x.xml"; DestDir: "{tmp}"; Flags: ignoreversion deleteafterinstall
+Source: "AESFMA.xml"; DestDir: "{tmp}"; Flags: ignoreversion deleteafterinstall
+
+[Code]
+const
+ // Network interface names by Windows version
+ WIN7_WIRED = 'Local Area Connection';
+ WIN7_WIRELESS = 'Wireless Network Connection';
+ WIN10_WIRED = 'Ethernet';
+ WIN10_WIRELESS = 'Wi-Fi';
+
+ // Network types
+ NET_WIRED = 1;
+ NET_WIRELESS = 2;
+ NET_UNKNOWN = 0;
+
+var
+ ProgressPage: TOutputProgressWizardPage;
+ ResultsMemo: TNewMemo;
+ LogMessages: String;
+
+// ============================================================================
+// LOGGING FUNCTIONS
+// ============================================================================
+
+procedure LogMsg(const Msg: String);
+begin
+ LogMessages := LogMessages + Msg + #13#10;
+ Log(Msg);
+end;
+
+// ============================================================================
+// UTILITY FUNCTIONS
+// ============================================================================
+
+function IsWindows10OrLater: Boolean;
+var
+ Version: TWindowsVersion;
+begin
+ GetWindowsVersionEx(Version);
+ Result := (Version.Major >= 10);
+end;
+
+function GetWiredInterfaceName: String;
+begin
+ if IsWindows10OrLater then
+ Result := WIN10_WIRED
+ else
+ Result := WIN7_WIRED;
+end;
+
+function GetWirelessInterfaceName: String;
+begin
+ if IsWindows10OrLater then
+ Result := WIN10_WIRELESS
+ else
+ Result := WIN7_WIRELESS;
+end;
+
+// Execute a command and return the exit code
+function ExecCmd(const Executable, Params: String): Integer;
+var
+ ResultCode: Integer;
+begin
+ LogMsg('Executing: ' + Executable + ' ' + Params);
+ if Exec(Executable, Params, '', SW_HIDE, ewWaitUntilTerminated, ResultCode) then
+ Result := ResultCode
+ else
+ Result := -1;
+ LogMsg(' Result: ' + IntToStr(Result));
+end;
+
+// Execute a command via cmd.exe
+function ExecShell(const Command: String): Integer;
+begin
+ Result := ExecCmd('cmd.exe', '/c ' + Command);
+end;
+
+// Execute netsh command
+function ExecNetsh(const Params: String): Integer;
+begin
+ Result := ExecCmd('netsh.exe', Params);
+end;
+
+// Execute sc command for service control
+function ExecSC(const Params: String): Integer;
+begin
+ Result := ExecCmd('sc.exe', Params);
+end;
+
+// Execute net command
+function ExecNet(const Params: String): Integer;
+begin
+ Result := ExecCmd('net.exe', Params);
+end;
+
+// Check if a network interface exists and is connected
+function IsInterfaceConnected(const InterfaceName: String; IsWireless: Boolean): Boolean;
+var
+ TempFile: String;
+ OutputLines: TArrayOfString;
+ I: Integer;
+ Line: String;
+ ResultCode: Integer;
+begin
+ Result := False;
+ TempFile := ExpandConstant('{tmp}\netcheck_') + IntToStr(Random(99999)) + '.txt';
+
+ if IsWireless then
+ Exec('cmd.exe', '/c netsh wlan show interfaces > "' + TempFile + '" 2>&1', '', SW_HIDE, ewWaitUntilTerminated, ResultCode)
+ else
+ Exec('cmd.exe', '/c netsh lan show interfaces > "' + TempFile + '" 2>&1', '', SW_HIDE, ewWaitUntilTerminated, ResultCode);
+
+ if FileExists(TempFile) then
+ begin
+ if LoadStringsFromFile(TempFile, OutputLines) then
+ begin
+ for I := 0 to GetArrayLength(OutputLines) - 1 do
+ begin
+ Line := OutputLines[I];
+ // Check for interface name and connected state
+ if (Pos(InterfaceName, Line) > 0) then
+ begin
+ Result := True;
+ Break;
+ end;
+ // Also check for "State" line showing "connected"
+ if (Pos('connected', LowerCase(Line)) > 0) and (Pos('disconnected', LowerCase(Line)) = 0) then
+ begin
+ Result := True;
+ end;
+ end;
+ end;
+ DeleteFile(TempFile);
+ end;
+end;
+
+// Detect which network type is currently active
+function DetectActiveNetwork: Integer;
+var
+ WiredInterface, WirelessInterface: String;
+begin
+ Result := NET_UNKNOWN;
+
+ WiredInterface := GetWiredInterfaceName;
+ WirelessInterface := GetWirelessInterfaceName;
+
+ LogMsg('Detecting active network interface...');
+ LogMsg(' Wired interface name: ' + WiredInterface);
+ LogMsg(' Wireless interface name: ' + WirelessInterface);
+
+ // Check wired first (preferred)
+ if IsInterfaceConnected(WiredInterface, False) then
+ begin
+ LogMsg(' Active network: WIRED');
+ Result := NET_WIRED;
+ end
+ else if IsInterfaceConnected(WirelessInterface, True) then
+ begin
+ LogMsg(' Active network: WIRELESS');
+ Result := NET_WIRELESS;
+ end
+ else
+ begin
+ // Default to wired if can't detect
+ LogMsg(' Could not detect active network, defaulting to WIRED');
+ Result := NET_WIRED;
+ end;
+end;
+
+// ============================================================================
+// SERVICE MANAGEMENT
+// ============================================================================
+
+procedure StopService(const ServiceName: String);
+begin
+ LogMsg('Stopping service: ' + ServiceName);
+ ExecNet('stop "' + ServiceName + '"');
+end;
+
+procedure StartService(const ServiceName: String);
+begin
+ LogMsg('Starting service: ' + ServiceName);
+ ExecNet('start "' + ServiceName + '"');
+end;
+
+procedure SetServiceAutoStart(const ServiceName: String);
+begin
+ LogMsg('Setting service to auto-start: ' + ServiceName);
+ ExecSC('config ' + ServiceName + ' start= auto');
+end;
+
+// ============================================================================
+// NETWORK CONFIGURATION
+// ============================================================================
+
+function ConfigureWiredNetwork: Boolean;
+var
+ InterfaceName, ProfilePath: String;
+begin
+ Result := True;
+ InterfaceName := GetWiredInterfaceName;
+ ProfilePath := ExpandConstant('{tmp}\8021x.xml');
+
+ LogMsg('');
+ LogMsg('=== Configuring Wired Network ===');
+ LogMsg('Interface: ' + InterfaceName);
+ LogMsg('Profile: ' + ProfilePath);
+
+ // Enable and start Wired AutoConfig service
+ SetServiceAutoStart('dot3svc');
+ StartService('Wired AutoConfig');
+
+ // Small delay for service to start
+ Sleep(1000);
+
+ // Import 802.1x profile to wired interface
+ LogMsg('Importing 802.1x profile...');
+ if ExecNetsh('lan add profile filename="' + ProfilePath + '" interface="' + InterfaceName + '"') <> 0 then
+ begin
+ // Try without interface specification as fallback
+ LogMsg('Retrying without interface specification...');
+ ExecNetsh('lan add profile filename="' + ProfilePath + '"');
+ end;
+
+ LogMsg('Wired network configuration complete.');
+end;
+
+function ConfigureWirelessNetwork: Boolean;
+var
+ InterfaceName, ProfilePath: String;
+begin
+ Result := True;
+ InterfaceName := GetWirelessInterfaceName;
+ ProfilePath := ExpandConstant('{tmp}\AESFMA.xml');
+
+ LogMsg('');
+ LogMsg('=== Configuring Wireless Network ===');
+ LogMsg('Interface: ' + InterfaceName);
+ LogMsg('Profile: ' + ProfilePath);
+
+ // Enable and start WLAN AutoConfig service
+ SetServiceAutoStart('Wlansvc');
+ StartService('WLAN AutoConfig');
+
+ // Small delay for service to start
+ Sleep(1000);
+
+ // Import AESFMA profile to wireless interface
+ LogMsg('Importing AESFMA profile...');
+ if ExecNetsh('wlan add profile filename="' + ProfilePath + '" interface="' + InterfaceName + '"') <> 0 then
+ begin
+ // Try without interface specification as fallback
+ LogMsg('Retrying without interface specification...');
+ ExecNetsh('wlan add profile filename="' + ProfilePath + '"');
+ end;
+
+ LogMsg('Wireless network configuration complete.');
+end;
+
+procedure ReconnectNetwork(NetworkType: Integer);
+var
+ WiredInterface, WirelessInterface: String;
+begin
+ WiredInterface := GetWiredInterfaceName;
+ WirelessInterface := GetWirelessInterfaceName;
+
+ LogMsg('');
+ LogMsg('=== Reconnecting Network ===');
+
+ if NetworkType = NET_WIRED then
+ begin
+ LogMsg('Reconnecting wired interface...');
+ ExecNetsh('lan reconnect interface="' + WiredInterface + '"');
+ end
+ else if NetworkType = NET_WIRELESS then
+ begin
+ LogMsg('Connecting to AESFMA wireless network...');
+ ExecNetsh('wlan connect name=AESFMA ssid=AESFMA interface="' + WirelessInterface + '"');
+ end;
+end;
+
+// ============================================================================
+// MAIN CONFIGURATION PROCEDURE
+// ============================================================================
+
+function PerformConfiguration: Boolean;
+var
+ ActiveNetwork: Integer;
+ WindowsVersion: String;
+begin
+ Result := True;
+ LogMessages := '';
+
+ // Log Windows version
+ if IsWindows10OrLater then
+ WindowsVersion := 'Windows 10/11'
+ else
+ WindowsVersion := 'Windows 7/8';
+
+ LogMsg('Machine Authentication 3.0 Configuration');
+ LogMsg('========================================');
+ LogMsg('Windows Version: ' + WindowsVersion);
+ LogMsg('');
+
+ // Stop NetworkAdapterManager if it exists (may not exist on all machines)
+ LogMsg('Stopping NetworkAdapterManager (if present)...');
+ StopService('NetworkAdapterManager');
+
+ // Detect active network
+ ActiveNetwork := DetectActiveNetwork;
+
+ // Configure wired network
+ ProgressPage.SetText('Configuring wired network...', '');
+ ProgressPage.SetProgress(1, 5);
+ ConfigureWiredNetwork;
+
+ // Configure wireless network
+ ProgressPage.SetText('Configuring wireless network...', '');
+ ProgressPage.SetProgress(2, 5);
+ ConfigureWirelessNetwork;
+
+ // Reconnect active network
+ ProgressPage.SetText('Reconnecting network...', '');
+ ProgressPage.SetProgress(3, 5);
+ ReconnectNetwork(ActiveNetwork);
+
+ // Start NetworkAdapterManager if it was stopped
+ LogMsg('');
+ LogMsg('Starting NetworkAdapterManager (if present)...');
+ StartService('NetworkAdapterManager');
+
+ // Wait for network to stabilize
+ ProgressPage.SetText('Waiting for network to stabilize...', '');
+ ProgressPage.SetProgress(4, 5);
+ LogMsg('');
+ LogMsg('Waiting 10 seconds for network to stabilize...');
+ Sleep(10000);
+
+ ProgressPage.SetProgress(5, 5);
+
+ LogMsg('');
+ LogMsg('========================================');
+ LogMsg('Configuration complete!');
+ LogMsg('');
+ LogMsg('The machine should now have access to the Machine VLAN.');
+ LogMsg('Test vault access to confirm connectivity.');
+end;
+
+// ============================================================================
+// WIZARD EVENTS
+// ============================================================================
+
+procedure InitializeWizard;
+begin
+ // Create progress page
+ ProgressPage := CreateOutputProgressPage('Configuring Network',
+ 'Please wait while Machine Authentication 3.0 is configured...');
+end;
+
+function InitializeSetup: Boolean;
+begin
+ Result := True;
+
+ // Verify admin privileges
+ if not IsAdmin then
+ begin
+ MsgBox('This installer requires administrator privileges.' + #13#10 +
+ 'Please right-click and select "Run as administrator".',
+ mbError, MB_OK);
+ Result := False;
+ end;
+end;
+
+procedure CurStepChanged(CurStep: TSetupStep);
+var
+ ResultForm: TSetupForm;
+ Memo: TNewMemo;
+ OKButton: TNewButton;
+begin
+ if CurStep = ssPostInstall then
+ begin
+ // Show progress page and perform configuration
+ ProgressPage.Show;
+ try
+ PerformConfiguration;
+ finally
+ ProgressPage.Hide;
+ end;
+
+ // Show results in non-silent mode
+ if not WizardSilent then
+ begin
+ ResultForm := CreateCustomForm;
+ ResultForm.Caption := 'Configuration Results';
+ ResultForm.ClientWidth := 600;
+ ResultForm.ClientHeight := 450;
+ ResultForm.Position := poScreenCenter;
+
+ Memo := TNewMemo.Create(ResultForm);
+ Memo.Parent := ResultForm;
+ Memo.Left := 10;
+ Memo.Top := 10;
+ Memo.Width := ResultForm.ClientWidth - 20;
+ Memo.Height := ResultForm.ClientHeight - 60;
+ Memo.ScrollBars := ssVertical;
+ Memo.ReadOnly := True;
+ Memo.Text := LogMessages;
+ Memo.Font.Name := 'Consolas';
+ Memo.Font.Size := 9;
+
+ OKButton := TNewButton.Create(ResultForm);
+ OKButton.Parent := ResultForm;
+ OKButton.Caption := 'OK';
+ OKButton.Width := 80;
+ OKButton.Height := 30;
+ OKButton.Left := (ResultForm.ClientWidth - OKButton.Width) div 2;
+ OKButton.Top := ResultForm.ClientHeight - 45;
+ OKButton.ModalResult := mrOK;
+ OKButton.Default := True;
+
+ ResultForm.ActiveControl := OKButton;
+ ResultForm.ShowModal;
+ ResultForm.Free;
+ end;
+ end;
+end;
+
+function UpdateReadyMemo(Space, NewLine, MemoUserInfoInfo, MemoDirInfo, MemoTypeInfo,
+ MemoComponentsInfo, MemoGroupInfo, MemoTasksInfo: String): String;
+var
+ WinVer, WiredInt, WirelessInt: String;
+begin
+ if IsWindows10OrLater then
+ WinVer := 'Windows 10/11'
+ else
+ WinVer := 'Windows 7/8';
+
+ WiredInt := GetWiredInterfaceName;
+ WirelessInt := GetWirelessInterfaceName;
+
+ Result := 'Machine Authentication 3.0 Configuration' + NewLine +
+ NewLine +
+ 'The following will be configured:' + NewLine +
+ NewLine +
+ Space + 'Windows Version: ' + WinVer + NewLine +
+ Space + 'Wired Interface: ' + WiredInt + NewLine +
+ Space + 'Wireless Interface: ' + WirelessInt + NewLine +
+ NewLine +
+ 'Actions:' + NewLine +
+ Space + '1. Enable Wired AutoConfig service (dot3svc)' + NewLine +
+ Space + '2. Import 802.1x profile for wired authentication' + NewLine +
+ Space + '3. Enable WLAN AutoConfig service (Wlansvc)' + NewLine +
+ Space + '4. Import AESFMA profile for wireless authentication' + NewLine +
+ Space + '5. Reconnect active network interface' + NewLine +
+ NewLine +
+ 'Note: Network will be briefly interrupted during configuration.';
+end;
diff --git a/MachineAuth/README.md b/MachineAuth/README.md
new file mode 100644
index 0000000..bfb07f0
--- /dev/null
+++ b/MachineAuth/README.md
@@ -0,0 +1,171 @@
+# Machine Authentication 3.0
+
+Configures shop floor PCs for 802.1x/ISE Machine VLAN connectivity with support for both wired and wireless networks.
+
+## Overview
+
+This installer automates the configuration of 802.1x network authentication for GE Aerospace shop floor machines, enabling secure access to the Machine VLAN without requiring user credentials.
+
+## What It Configures
+
+| Network Type | Authentication | Server |
+|--------------|----------------|--------|
+| Wired | 802.1x PEAP/MS-CHAPv2 | Corporate Holdings RADIUS |
+| Wireless | 802.1x EAP-TLS (certificate) | Aerospace FreeRADIUS |
+
+## Features
+
+- **Native Inno Setup Implementation** - All logic in Pascal script, no external batch files
+- **Silent Installation Support** - Full automation for deployment tools
+- **Windows 7/10/11 Support** - Auto-detects OS and uses appropriate interface names
+- **Automatic Network Detection** - Identifies active interface (wired or wireless)
+- **Detailed Logging** - Comprehensive log output for troubleshooting
+
+## Usage
+
+### Interactive Installation
+
+1. Run `MachineAuthSetup.exe` as Administrator
+2. Review the configuration summary
+3. Click Install
+4. View results and verify connectivity
+
+### Silent Installation
+
+```batch
+MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES
+```
+
+With logging:
+```batch
+MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES /LOG="C:\ma3_install.log"
+```
+
+## Configuration Details
+
+### Wired Network (8021x.xml)
+
+- **EAP Type:** 25 (PEAP)
+- **Inner Method:** MS-CHAPv2 (Type 26)
+- **Auth Mode:** Machine
+- **Credentials:** Windows logon credentials
+- **Service:** dot3svc (Wired AutoConfig)
+
+### Wireless Network (AESFMA.xml)
+
+- **SSID:** AESFMA
+- **Security:** WPA2-Enterprise, AES
+- **EAP Type:** 13 (EAP-TLS)
+- **Auth Mode:** Machine (certificate-based)
+- **Service:** Wlansvc (WLAN AutoConfig)
+
+## Interface Names
+
+| Windows Version | Wired Interface | Wireless Interface |
+|-----------------|-----------------|-------------------|
+| Windows 7/8 | Local Area Connection | Wireless Network Connection |
+| Windows 10/11 | Ethernet | Wi-Fi |
+
+## Installation Steps
+
+1. Stop NetworkAdapterManager service (if present)
+2. Enable and start Wired AutoConfig (dot3svc)
+3. Import 802.1x profile to wired interface
+4. Enable and start WLAN AutoConfig (Wlansvc)
+5. Import AESFMA profile to wireless interface
+6. Reconnect active network interface
+7. Start NetworkAdapterManager service
+8. Wait 10 seconds for network stabilization
+
+## Requirements
+
+- Windows 7, 8, 10, or 11
+- Administrator privileges
+- SSL certificate for FreeRADIUS (pre-installed on managed machines)
+- Standard network interface naming conventions
+
+## Files
+
+```
+MachineAuth/
+├── MachineAuth.iss # Inno Setup script
+├── 8021x.xml # Wired 802.1x profile
+├── AESFMA.xml # Wireless AESFMA profile
+├── gea-logo.ico # Setup icon
+├── banner.bmp # Wizard banner
+├── banner-sm.bmp # Wizard small image
+└── README.md # This file
+```
+
+## Legacy Files (Not Required)
+
+These files are from the original batch-based installer and are not used by the Inno Setup version:
+
+- `MA3NetworkConfigv4.bat` - Original batch script
+- `ge_runasuser.exe` - Run-as-user utility
+- `RebootDelay.exe` - Reboot delay utility
+- `$PLUGINSDIR/` - NSIS plugin remnants
+
+## Troubleshooting
+
+### "Requires administrator privileges"
+Right-click the installer and select "Run as administrator"
+
+### Network doesn't reconnect after configuration
+1. Manually disconnect and reconnect the network adapter
+2. Check Windows Services that dot3svc and/or Wlansvc are running
+3. Verify the machine has the required certificates
+
+### AESFMA wireless doesn't connect
+- Verify the FreeRADIUS SSL certificate is installed
+- Check that the machine is in the correct AD group
+- Ensure the wireless adapter supports WPA2-Enterprise
+
+### Wired 802.1x authentication fails
+- Verify the machine account is in the correct AD group
+- Check that the switch port is configured for 802.1x
+- Review the RADIUS server logs for authentication errors
+
+### Check installed profiles
+
+Wired profiles:
+```batch
+netsh lan show profiles
+```
+
+Wireless profiles:
+```batch
+netsh wlan show profiles
+```
+
+### Remove and reinstall profiles
+
+Remove wired profile:
+```batch
+netsh lan delete profile interface="Ethernet"
+```
+
+Remove wireless profile:
+```batch
+netsh wlan delete profile name="AESFMA"
+```
+
+Then run the installer again.
+
+## Building
+
+1. Install [Inno Setup 6.x](https://jrsoftware.org/isdl.php)
+2. Open `MachineAuth.iss`
+3. Compile (F9)
+4. Output: `Output/MachineAuthSetup.exe`
+
+## Technical Notes
+
+- No reboot required
+- Brief network interruption during configuration (~10-15 seconds)
+- Safe to run multiple times
+- Does not remove existing profiles (adds/updates)
+
+## Author
+
+WJDT / GE Aerospace
diff --git a/MachineAuth/READMENetwork.txt b/MachineAuth/READMENetwork.txt
new file mode 100644
index 0000000..2d194f7
--- /dev/null
+++ b/MachineAuth/READMENetwork.txt
@@ -0,0 +1,33 @@
+Configure a Shop Floor Machine's network adapters for 802.1x/ISE
+-----------------------------------------------------------------
+
+This file can be run on either Windows 7 or Windows 10 Machines - SFLD, MCE, or Business Imaged.
+
+This package creates/configures wired and wireless interfaces for 802.1x.
+The wired network will be configured on the endpoint to use Corporate Holdings RADIUS servers.
+The wireless network will be configured to use the new Aerospace FreeRADIUS servers.
+This package will work on Legacy LOGON machines.
+
+This package works under the following assumptions:
+1) The PC is either Win7 or Win10
+2) The default wired interface is named "Local Network Connection" (Win7) or "Ethernet" (Win10)
+3) The default wireless interface is named "Wireless Network Connection" (Win7) or "Wi-Fi" (Win10)
+4) The machine has the SSL certificate for FreeRADIUS authentication. This is required for AAA
+
+Execution
+---------
+1) log in as admin
+2) extract files to C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01\
+3) open command prompt with admin privilege
+4) change directory to C:\Windows\Options\Packages\AutomatedMigrationTool\
+5) execute file MA3NetworkConfigv4.exe
+
+> Machine will authorize to wired or wireless Machine VLAN without needing a reboot.
+> Machine will change IP addresses after running this package.
+
+
+File list:
+- READMENetwork.txt
+- MA3NetworkConfig4.bat
+- 8021x.xml
+- AESFMA.xml
diff --git a/MachineAuth/banner-sm.bmp b/MachineAuth/banner-sm.bmp
new file mode 100644
index 0000000..8a3d38f
Binary files /dev/null and b/MachineAuth/banner-sm.bmp differ
diff --git a/MachineAuth/banner.bmp b/MachineAuth/banner.bmp
new file mode 100644
index 0000000..7bf651e
Binary files /dev/null and b/MachineAuth/banner.bmp differ
diff --git a/MachineAuth/gea-logo.ico b/MachineAuth/gea-logo.ico
new file mode 100644
index 0000000..bf07366
Binary files /dev/null and b/MachineAuth/gea-logo.ico differ
diff --git a/README.md b/README.md
index 8749cda..b320b0d 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ Collection of Inno Setup installer packages for GE Aerospace manufacturing tools
| [HIDCardPrinter](HIDCardPrinter/) | HID FARGO card printer driver installer | [README](HIDCardPrinter/README.md) |
| [HPOfflineInstaller](HPOfflineInstaller/) | HP Universal Print Driver offline installer | [README](HPOfflineInstaller/README.md) |
| [JT2GO](JT2GO/) | Siemens JT2Go installer with prerequisite checking | [README](JT2GO/README.md) |
+| [MachineAuth](MachineAuth/) | 802.1x Machine Authentication 3.0 network configuration | [README](MachineAuth/README.md) |
| [MappedDrive](MappedDrive/) | Network drive mapping tool | [README](MappedDrive/README.md) |
| [NetworkDriveManager](NetworkDriveManager/) | Advanced network drive management with migration | [README](NetworkDriveManager/README.md) |
| [PrinterInstaller](PrinterInstaller/) | Network printer installer with ShopDB integration | [README](PrinterInstaller/README.md) |
@@ -33,8 +34,11 @@ Collection of Inno Setup installer packages for GE Aerospace manufacturing tools
- **JT2GO** - Siemens JT2Go 3D CAD viewer with .NET/VC++ prerequisites
- **ShopfloorConnect** - Teamcenter MTC Service for shop floor integration
-### Utilities
+### Network Configuration
+- **MachineAuth** - 802.1x Machine Authentication 3.0 for Machine VLAN
- **BlueSSOFix** - WiFi authentication repair for Blue SSO network
+
+### Utilities
- **Template** - Starting point for creating new Inno Setup projects
## Requirements
@@ -85,6 +89,7 @@ inno-installers/
├── HIDCardPrinter/ # Card printer drivers
├── HPOfflineInstaller/ # HP printer drivers
├── JT2GO/ # CAD viewer installer
+├── MachineAuth/ # 802.1x network configuration
├── MappedDrive/ # Drive mapping tool
├── NetworkDriveManager/ # Advanced drive management
├── PrinterInstaller/ # Network printer installer