Add MachineAuth 802.1x network configuration installer
New Inno Setup project that configures shop floor PCs for Machine VLAN connectivity via 802.1x/ISE authentication. Features: - Native Pascal implementation (no external batch files required) - Silent installation support for deployment automation - Windows 7/8/10/11 auto-detection - Automatic network interface detection (wired/wireless) - Detailed logging and results display Configures: - Wired: 802.1x PEAP/MS-CHAPv2 via Corporate Holdings RADIUS - Wireless: AESFMA SSID with EAP-TLS via Aerospace FreeRADIUS Usage: MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
cproudlock
125
MachineAuth/MA3NetworkConfigv4.bat
Normal file
125
MachineAuth/MA3NetworkConfigv4.bat
Normal file
@@ -0,0 +1,125 @@
|
||||
@ECHO OFF
|
||||
setlocal EnableDelayedExpansion
|
||||
REM Machine Authentication Network Configuration Batch file to configure shop floor PC for connection to machine VLAN via 802.1x.
|
||||
REM Connectivity is via standard tech - 802.1x, ACS, and AD group membership (for wired connections) or Device Issued Certificates (for AESFMA)
|
||||
REM This file needs to be executed with admin privilege from C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01\
|
||||
REM These files must exist in C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01\
|
||||
REM - MA3NetworkConfigv4.bat (this file)
|
||||
REM - 8021x.xml
|
||||
REM - AESFMA.xml
|
||||
REM No reboot is required.
|
||||
REM Script can be run multiple times with no detrimental impact to the machine.
|
||||
REM This will not remove the connection to GESFMA. It will not change the wired network from the MA 2.0 settings.
|
||||
REM Machine will experience temporary loss of network as the service is cycled.
|
||||
REM Works for both wired and wireless machines.
|
||||
REM Script usually runs to completion in under 30 seconds.
|
||||
REM Upon completion, machine will have 'native' vault access. Test to confirm.
|
||||
REM ASSUMPTION THAT WIRED OR WIRELESS INTERFACE FOLLOW STANDARD CONVENTION - Local Area Connection, Local Area Connection 2, Wireless Network Connection, Wireless Network Connection 2 etc
|
||||
|
||||
ECHO:
|
||||
ECHO Configuring machine for Machine Authentication 3.0 VLAN connectivity
|
||||
ECHO:
|
||||
|
||||
REM SEED DEFAULT INTERFACES
|
||||
REM THE * FOR WIRELESS TREATS THE MACHINE AS WIRED. AESFMA PROFILE IS ADDED TO ALL WIRELESS INTERFACES. THIS ENSURES WIRELESS WORKS SHOULD THE MACHINE MIGRATE FROM WIRED > WIRELESS
|
||||
SET sf_LNWLC=
|
||||
SET sf_NW=
|
||||
SET sf_WNWLC=
|
||||
SET sf_WinVer=
|
||||
SET sf_ExecPath=C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01
|
||||
|
||||
REM GET WINDOWS VERSION - 7 OR 10. IF NOT WIN10, ASSUME WIN7
|
||||
FOR /f "tokens=4-5 delims=[.] " %%i in ('ver') DO (
|
||||
SET sf_WinVer=%%i.%%j
|
||||
)
|
||||
IF %sf_WinVer%==10.0 (
|
||||
goto CONFIGWIN10
|
||||
)
|
||||
IF %sf_WinVer%==6.1 (
|
||||
goto CONFIGWIN7
|
||||
)
|
||||
|
||||
:CONFIGWIN7
|
||||
REM WIRED OR WIRELESS?
|
||||
REM CHECK IF CURRENTLY CONNECTED TO WIRED OR WIRELESS
|
||||
REM FIND CONNECTED LAN INTERFACE THAT STARTS WITH "Local ..." AND WLAN STARTING WITH "Wireless ..." WHICH IS STANDARD CONVENTION
|
||||
SET sf_LNWLC=Local Area Connection
|
||||
SET sf_WNWLC=Wireless Network Connection
|
||||
FOR /f "skip=2 tokens=5*" %%a IN ('netsh interface ipv4 show Interfaces ^| find /V /i "disconnected"') Do (
|
||||
IF %%a==Local (
|
||||
SET sf_NW=LAN
|
||||
goto INTERFACEFOUND
|
||||
)
|
||||
IF %%a==Wireless (
|
||||
SET sf_NW=WLAN
|
||||
goto INTERFACEFOUND
|
||||
)
|
||||
)
|
||||
|
||||
:CONFIGWIN10
|
||||
SET sf_LNWLC=Ethernet
|
||||
SET sf_WNWLC=Wi-Fi
|
||||
FOR /f "skip=2 tokens=5*" %%a IN ('netsh interface ipv4 show Interfaces ^| find /V /i "disconnected"') Do (
|
||||
IF %%a==Ethernet (
|
||||
SET sf_NW=LAN
|
||||
goto INTERFACEFOUND
|
||||
)
|
||||
IF %%a==Wi-Fi (
|
||||
SET sf_NW=WLAN
|
||||
goto INTERFACEFOUND
|
||||
)
|
||||
)
|
||||
|
||||
:INTERFACEFOUND
|
||||
ECHO:
|
||||
ECHO Windows Version = %sf_WinVer%
|
||||
ECHO LAN Interface = %sf_LNWLC%
|
||||
ECHO WLAN Interface = %sf_WNWLC%
|
||||
ECHO Configuring Active Interface = %sf_NW%
|
||||
ECHO:
|
||||
|
||||
REM MAY NOT EXIST BUT SUPPRESS IT TO ALLOW BOTH WIRED AND WIRELESS CONFIG
|
||||
NET STOP "NetworkAdapterManager"
|
||||
|
||||
ECHO:
|
||||
ECHO Configuring wired interface for 802.1x. HELPMSG 2182 can be ignored.
|
||||
ECHO:
|
||||
REM CONFIG WIRED FOR 802.1x
|
||||
sc config dot3svc start= auto
|
||||
NET START "Wired AutoConfig" /n
|
||||
ECHO:
|
||||
ECHO Importing to wired interface "%sf_LNWLC%"
|
||||
ECHO:
|
||||
netsh lan add profile filename="%sf_ExecPath%\8021x.xml" interface="%sf_LNWLC%"
|
||||
|
||||
ECHO:
|
||||
ECHO Configuring wireless interface for 802.1x. HELPMSG 2182 can be ignored.
|
||||
ECHO:
|
||||
REM ADD AESFMA WIRELESS SSID
|
||||
sc config Wlansvc start= auto
|
||||
NET START "WLAN AutoConfig" /n
|
||||
ECHO:
|
||||
ECHO Importing to wireless interface "%sf_WNWLC%"
|
||||
ECHO:
|
||||
netsh wlan add profile filename="%sf_ExecPath%\AESFMA.xml" interface="%sf_WNWLC%"
|
||||
|
||||
REM REFRESH NETWORK. IF MACHINE WAS ID AS WIRED, STOP WIRELESS AND CYCLE LAN.
|
||||
if %sf_NW%==LAN (
|
||||
REM NET STOP "WLAN AutoConfig" /n
|
||||
netsh lan reconnect interface="%sf_LNWLC%"
|
||||
)
|
||||
|
||||
REM REFRESH NETWORK. IF MACHINE WAS ID AS WIRELESS, STOP WIRED AND CYCLE WLAN.
|
||||
if %sf_NW%==WLAN (
|
||||
REM NET STOP "Wired AutoConfig" /n
|
||||
netsh wlan connect name=AESFMA ssid=AESFMA interface="%sf_WNWLC%"
|
||||
)
|
||||
|
||||
NET START "NetworkAdapterManager"
|
||||
|
||||
ECHO:
|
||||
ECHO Cycling Network Connections ...
|
||||
ECHO:
|
||||
REM GIVE NETWORK TIME TO REFRESH
|
||||
timeout /T 10 /NOBREAK
|
||||
EXIT
|
||||
Reference in New Issue
Block a user