ge-aerospace/inno-installers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
inno-installers/MachineAuth/MA3NetworkConfigv4.bat
cproudlock 803853b125 Add MachineAuth 802.1x network configuration installer 
New Inno Setup project that configures shop floor PCs for Machine VLAN
connectivity via 802.1x/ISE authentication.

Features:
- Native Pascal implementation (no external batch files required)
- Silent installation support for deployment automation
- Windows 7/8/10/11 auto-detection
- Automatic network interface detection (wired/wireless)
- Detailed logging and results display

Configures:
- Wired: 802.1x PEAP/MS-CHAPv2 via Corporate Holdings RADIUS
- Wireless: AESFMA SSID with EAP-TLS via Aerospace FreeRADIUS

Usage:
  MachineAuthSetup.exe /VERYSILENT /SUPPRESSMSGBOXES

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-19 16:33:39 -05:00

126 lines
4.2 KiB
Batchfile
Raw Permalink Blame History

@ECHO OFF
setlocal EnableDelayedExpansion
REM Machine Authentication Network Configuration Batch file to configure shop floor PC for connection to machine VLAN via 802.1x.
REM Connectivity is via standard tech - 802.1x, ACS, and AD group membership (for wired connections) or Device Issued Certificates (for AESFMA)
REM This file needs to be executed with admin privilege from C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01\
REM These files must exist in C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01\
REM - MA3NetworkConfigv4.bat (this file)
REM - 8021x.xml
REM - AESFMA.xml
REM No reboot is required.
REM Script can be run multiple times with no detrimental impact to the machine.
REM This will not remove the connection to GESFMA. It will not change the wired network from the MA 2.0 settings.
REM Machine will experience temporary loss of network as the service is cycled.
REM Works for both wired and wireless machines.
REM Script usually runs to completion in under 30 seconds.
REM Upon completion, machine will have 'native' vault access. Test to confirm.
REM ASSUMPTION THAT WIRED OR WIRELESS INTERFACE FOLLOW STANDARD CONVENTION - Local Area Connection, Local Area Connection 2, Wireless Network Connection, Wireless Network Connection 2 etc
ECHO:
ECHO Configuring machine for Machine Authentication 3.0 VLAN connectivity
ECHO:
REM SEED DEFAULT INTERFACES
REM THE * FOR WIRELESS TREATS THE MACHINE AS WIRED. AESFMA PROFILE IS ADDED TO ALL WIRELESS INTERFACES. THIS ENSURES WIRELESS WORKS SHOULD THE MACHINE MIGRATE FROM WIRED > WIRELESS
SET sf_LNWLC=
SET sf_NW=
SET sf_WNWLC=
SET sf_WinVer=
SET sf_ExecPath=C:\Windows\Options\Packages\GEAerospace_MA_3x4_V01
REM GET WINDOWS VERSION - 7 OR 10. IF NOT WIN10, ASSUME WIN7
FOR /f "tokens=4-5 delims=[.] " %%i in ('ver') DO (
SET sf_WinVer=%%i.%%j
)
IF %sf_WinVer%==10.0 (
goto CONFIGWIN10
)
IF %sf_WinVer%==6.1 (
goto CONFIGWIN7
)
:CONFIGWIN7
REM WIRED OR WIRELESS?
REM CHECK IF CURRENTLY CONNECTED TO WIRED OR WIRELESS
REM FIND CONNECTED LAN INTERFACE THAT STARTS WITH "Local ..." AND WLAN STARTING WITH "Wireless ..." WHICH IS STANDARD CONVENTION
SET sf_LNWLC=Local Area Connection
SET sf_WNWLC=Wireless Network Connection
FOR /f "skip=2 tokens=5*" %%a IN ('netsh interface ipv4 show Interfaces ^| find /V /i "disconnected"') Do (
IF %%a==Local (
SET sf_NW=LAN
goto INTERFACEFOUND
)
IF %%a==Wireless (
SET sf_NW=WLAN
goto INTERFACEFOUND
)
)
:CONFIGWIN10
SET sf_LNWLC=Ethernet
SET sf_WNWLC=Wi-Fi
FOR /f "skip=2 tokens=5*" %%a IN ('netsh interface ipv4 show Interfaces ^| find /V /i "disconnected"') Do (
IF %%a==Ethernet (
SET sf_NW=LAN
goto INTERFACEFOUND
)
IF %%a==Wi-Fi (
SET sf_NW=WLAN
goto INTERFACEFOUND
)
)
:INTERFACEFOUND
ECHO:
ECHO Windows Version = %sf_WinVer%
ECHO LAN Interface = %sf_LNWLC%
ECHO WLAN Interface = %sf_WNWLC%
ECHO Configuring Active Interface = %sf_NW%
ECHO:
REM MAY NOT EXIST BUT SUPPRESS IT TO ALLOW BOTH WIRED AND WIRELESS CONFIG
NET STOP "NetworkAdapterManager"
ECHO:
ECHO Configuring wired interface for 802.1x. HELPMSG 2182 can be ignored.
ECHO:
REM CONFIG WIRED FOR 802.1x
sc config dot3svc start= auto
NET START "Wired AutoConfig" /n
ECHO:
ECHO Importing to wired interface "%sf_LNWLC%"
ECHO:
netsh lan add profile filename="%sf_ExecPath%\8021x.xml" interface="%sf_LNWLC%"
ECHO:
ECHO Configuring wireless interface for 802.1x. HELPMSG 2182 can be ignored.
ECHO:
REM ADD AESFMA WIRELESS SSID
sc config Wlansvc start= auto
NET START "WLAN AutoConfig" /n
ECHO:
ECHO Importing to wireless interface "%sf_WNWLC%"
ECHO:
netsh wlan add profile filename="%sf_ExecPath%\AESFMA.xml" interface="%sf_WNWLC%"
REM REFRESH NETWORK. IF MACHINE WAS ID AS WIRED, STOP WIRELESS AND CYCLE LAN.
if %sf_NW%==LAN (
REM NET STOP "WLAN AutoConfig" /n
netsh lan reconnect interface="%sf_LNWLC%"
)
REM REFRESH NETWORK. IF MACHINE WAS ID AS WIRELESS, STOP WIRED AND CYCLE WLAN.
if %sf_NW%==WLAN (
REM NET STOP "Wired AutoConfig" /n
netsh wlan connect name=AESFMA ssid=AESFMA interface="%sf_WNWLC%"
)
NET START "NetworkAdapterManager"
ECHO:
ECHO Cycling Network Connections ...
ECHO:
REM GIVE NETWORK TIME TO REFRESH
timeout /T 10 /NOBREAK
EXIT
Reference in New Issue View Git Blame Copy Permalink