automatic disabling of wireless connection while connected to wired net: howto?

Discussion in 'Wireless Networking' started by Chu, Sep 26, 2005.

  1. Chu

    Chu Guest

    I would like to (programmatically, or through a group policy) disable
    the wireless interface on individual workstations iff the wired
    interface is already active.

    For example, we have many laptops with both wired and wireless
    capability. While they are logged into the LAN at work, we want to
    prevent them from connecting to the unprotected free access point in
    the coffee shop next door. It's not that individuals necessarily do so

    out of malice - they come in from a previous hotspot and their
    operating environment automatically connects them to both, in effect
    granting a split tunnel (and huge security problem).

    Assuming I have some of the regular security tools available for my
    workgroup (domain GPO, Norton AntiVirus), what can I do?

    Thanks to you very much,
    ..Chu.
     
    Chu, Sep 26, 2005
    #1
    1. Advertisements

  2. Chu

    dold Guest

    login scripts? scheduled jobs?
    The technique, once you get it to run, is simple enough.

    If there is a valid IP address on the wired interface, run a command to
    disable the wireless adapter.

    I run mine manually, when I remember.

    <http://support.microsoft.com/default.aspx?scid=kb;en-us;311272> provides
    an executable called DevCon for Device Control.

    devcon status * > all_devices.txt
    will give a text file with all of the devices and the current status.
    Find the name of your WiFi card there... Mine is an SMC2435W.

    PCI\VEN_104C&DEV_8400&SUBSYS_8402104C&REV_00\5&2509CBFA&0&0051F0
    Name: SMC2435W 22 Mbps Wireless Cardbus Adapter

    devcon status "PCI\VEN_104C&DEV_8400*"
    ensure that this shows only the status from the one device that you want to
    affect. (It's interesting what shows up under the same "VEN_" number.)

    I made a batch file with one line:
    devcon %1 "PCI\VEN_104C&DEV_8400*"

    then I put two shortcuts to the bat file on my desktop, adjusting the
    properties so that one has a "target" of the bat file enable, and another
    shortcut for disable.
    "C:\downloads\DevCon\2435.bat" enable
    I even picked clever icons for the two shortcuts ;-)
     
    dold, Sep 26, 2005
    #2
    1. Advertisements

  3. You could get Netswitcher for a start and have your server set up so that
    whenever it detects a new device attached to the wired network that it
    forces Netswitcher to that machine and runs it. Netswitcher can be
    configured to only work through the desired NIC.

    Also, do you have a "welcome" interface on your network? You could configure
    it to force all this.
     
    Diamontina Cocktail, Sep 27, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.