@ECHO OFF setlocal EnableDelayedExpansion REM Machine Authentication Network Configuration Batch file to configure shop floor PC for connection to machine VLAN via 802.1x. REM Connectivity is via standard tech - 802.1x, ACS, and AD group membership (for wired connections) or Device Issued Certificates (for AESFMA) REM This file needs to be executed with admin privilege from C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01\ REM These files must exist in C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01\ REM - MA3NetworkConfigv4.bat (this file) REM - 8021x.xml REM - AESFMA.xml REM No reboot is required. REM Script can be run multiple times with no detrimental impact to the machine. REM This will not remove the connection to GESFMA. It will not change the wired network from the MA 2.0 settings. REM Machine will experience temporary loss of network as the service is cycled. REM Works for both wired and wireless machines. REM Script usually runs to completion in under 30 seconds. REM Upon completion, machine will have 'native' vault access. Test to confirm. REM ASSUMPTION THAT WIRED OR WIRELESS INTERFACE FOLLOW STANDARD CONVENTION - Local Area Connection, Local Area Connection 2, Wireless Network Connection, Wireless Network Connection 2 etc ECHO: ECHO Configuring machine for Machine Authentication 3.0 VLAN connectivity ECHO: REM SEED DEFAULT INTERFACES REM THE * FOR WIRELESS TREATS THE MACHINE AS WIRED. AESFMA PROFILE IS ADDED TO ALL WIRELESS INTERFACES. THIS ENSURES WIRELESS WORKS SHOULD THE MACHINE MIGRATE FROM WIRED > WIRELESS SET sf_LNWLC= SET sf_NW= SET sf_WNWLC= SET sf_WinVer= SET sf_ExecPath=C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01 REM GET WINDOWS VERSION - 7 OR 10. IF NOT WIN10, ASSUME WIN7 FOR /f "tokens=4-5 delims=[.] " %%i in ('ver') DO ( SET sf_WinVer=%%i.%%j ) IF %sf_WinVer%==10.0 ( goto CONFIGWIN10 ) IF %sf_WinVer%==6.1 ( goto CONFIGWIN7 ) :CONFIGWIN7 REM WIRED OR WIRELESS? REM CHECK IF CURRENTLY CONNECTED TO WIRED OR WIRELESS REM FIND CONNECTED LAN INTERFACE THAT STARTS WITH "Local ..." AND WLAN STARTING WITH "Wireless ..." WHICH IS STANDARD CONVENTION SET sf_LNWLC=Local Area Connection SET sf_WNWLC=Wireless Network Connection FOR /f "skip=2 tokens=5*" %%a IN ('netsh interface ipv4 show Interfaces ^| find /V /i "disconnected"') Do ( IF %%a==Local ( SET sf_NW=LAN goto INTERFACEFOUND ) IF %%a==Wireless ( SET sf_NW=WLAN goto INTERFACEFOUND ) ) :CONFIGWIN10 SET sf_LNWLC=Ethernet SET sf_WNWLC=Wi-Fi FOR /f "skip=2 tokens=5*" %%a IN ('netsh interface ipv4 show Interfaces ^| find /V /i "disconnected"') Do ( IF %%a==Ethernet ( SET sf_NW=LAN goto INTERFACEFOUND ) IF %%a==Wi-Fi ( SET sf_NW=WLAN goto INTERFACEFOUND ) ) :INTERFACEFOUND ECHO: ECHO Windows Version = %sf_WinVer% ECHO LAN Interface = %sf_LNWLC% ECHO WLAN Interface = %sf_WNWLC% ECHO Configuring Active Interface = %sf_NW% ECHO: REM MAY NOT EXIST BUT SUPPRESS IT TO ALLOW BOTH WIRED AND WIRELESS CONFIG NET STOP "NetworkAdapterManager" ECHO: ECHO Configuring wired interface for 802.1x. HELPMSG 2182 can be ignored. ECHO: REM CONFIG WIRED FOR 802.1x sc config dot3svc start= auto NET START "Wired AutoConfig" /n ECHO: ECHO Importing to wired interface "%sf_LNWLC%" ECHO: netsh lan add profile filename="%sf_ExecPath%\8021x.xml" interface="%sf_LNWLC%" ECHO: ECHO Configuring wireless interface for 802.1x. HELPMSG 2182 can be ignored. ECHO: REM ADD AESFMA WIRELESS SSID sc config Wlansvc start= auto NET START "WLAN AutoConfig" /n ECHO: ECHO Importing to wireless interface "%sf_WNWLC%" ECHO: netsh wlan add profile filename="%sf_ExecPath%\AESFMA.xml" interface="%sf_WNWLC%" REM REFRESH NETWORK. IF MACHINE WAS ID AS WIRED, STOP WIRELESS AND CYCLE LAN. if %sf_NW%==LAN ( REM NET STOP "WLAN AutoConfig" /n netsh lan reconnect interface="%sf_LNWLC%" ) REM REFRESH NETWORK. IF MACHINE WAS ID AS WIRELESS, STOP WIRED AND CYCLE WLAN. if %sf_NW%==WLAN ( REM NET STOP "Wired AutoConfig" /n netsh wlan connect name=AESFMA ssid=AESFMA interface="%sf_WNWLC%" ) NET START "NetworkAdapterManager" ECHO: ECHO Cycling Network Connections ... ECHO: REM GIVE NETWORK TIME TO REFRESH timeout /T 10 /NOBREAK EXIT