Jump to content
Sign in to follow this  
KickStarter15

Disable and Enable Local Connection

Recommended Posts

KickStarter15

Hi Experts,

Hope you are having a good day!:)

I have this problem that I need to disable for a while and enable back the local connection of some computers in our station, but could not find that fits Win7 32bit. I've found this code below and it doesn't do anything. If possible I want to have it like interactive type like below, and I can specify the computer that I need to disable for a while.

#include <GuiConstantsEx.au3>
GuiCreate("NIC Switch", 230, 50)
$GUI_ENABLE_BUTTON = GuiCtrlCreateButton("Enable", 10, 10, 100, 30)
$GUI_DISABLE_BUTTON = GuiCtrlCreateButton("Disable", 120, 10, 100, 30)
GuiSetState()
While 1
    $msg = GuiGetMsg()
    Select
    Case $msg = $GUI_EVENT_CLOSE
        ExitLoop
    Case $msg = $GUI_ENABLE_BUTTON
        Run("netsh.exe interface set interface ""Local Area Connection"" ENABLE")
    Case $msg = $GUI_DISABLE_BUTTON
        Run("netsh interface set interface ""Local Area Connection"" DISABLE")
    EndSelect
WEnd

I tried searching and searching but all are not for win7. Any advise experts?

 

Thanks!

KS15


Programming is "To make it so simple that there are obviously no deficiencies" or "To make it so complicated that there are no obvious deficiencies" by C.A.R. Hoare.

Share this post


Link to post
Share on other sites
orbs

that netsh command requires elevation. and it works on my Win7 x64 machine.

Share this post


Link to post
Share on other sites
KickStarter15
On 3/10/2018 at 6:30 PM, orbs said:

that netsh command requires elevation.

What do you mean? This is kind of new to me so maybe I need more details... ^_^


Programming is "To make it so simple that there are obviously no deficiencies" or "To make it so complicated that there are no obvious deficiencies" by C.A.R. Hoare.

Share this post


Link to post
Share on other sites
orbs

you have to run this command with administrative rights in effect.

try to open a command prompt and run it - you'll get a message saying:

The requested operation requires elevation (Run as administrator).

run the command prompt as administrator (i.e. locate "cmd.exe", right-click and select "Run as administrator"), then run the netsh command again and it will work.

if you need to do that on a remote target, then you will need to authenticate to that remote target with an administrator account of that target (or a domain admin, if your network uses Active Directory). you will of course be able only to DISABLE the interface remotely. you will have to schedule the ENABLE function before you disable the interface. ponder a while about that before you proceed.

Share this post


Link to post
Share on other sites
KickStarter15

@orbs,

I see, so that's what you mean to elevate. The problem is we are not using the Admin account in our station, we only have local support. Still could that be possible?


Programming is "To make it so simple that there are obviously no deficiencies" or "To make it so complicated that there are no obvious deficiencies" by C.A.R. Hoare.

Share this post


Link to post
Share on other sites
orbs

Do you wish to delegate to end-users the ability to temporarily disable their LAN interface? Or do you wish to do it for them remotely? Both can be done, using different techniques.

Share this post


Link to post
Share on other sites
orbs

If it's the first scenario, I would create a batch script to disable, wait, and re-enable the interface. Next I would create a scheduled task to run manually only, under the local SYSTEM account, and grant the locally logged-on users the right to execute the task. Then set your app to do it.

if it's the other scenario, I would create that batch script on the admin workstation only, and launch it via psexec when required.

both solutions require you have the credentials for an admin account on the target workstation. There has to be one, otherwise how are you administering your network? 

Share this post


Link to post
Share on other sites
KickStarter15

@orbs,

So basically, there is no way we could disable the LAN without using any admin account. With that, maybe there's no need to do it that way. How about disabling browsers and enable them after the end of their shift can that be done right? without admin account being used?.^_^


Programming is "To make it so simple that there are obviously no deficiencies" or "To make it so complicated that there are no obvious deficiencies" by C.A.R. Hoare.

Share this post


Link to post
Share on other sites
orbs

if you need to limit personal browsing during work hours, introduce a gateway (a firewall or a proxy server). disabling the LAN for that purpose sounds like an overkill that will cause more problems that solve.

regardless - anything you can disable with the regular user account, can also be re-enabled with the same regular user account. so your solution is either local using the admin account, or external using a gateway.

Share this post


Link to post
Share on other sites
Earthshine
Posted (edited)

they can still browse with their phones. I just checked support at MS and they have an Virtual Agent you can ask questions to, and it gave me a bunch of hits for this. Mostly the proxy thing.

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Share this post


Link to post
Share on other sites
ViciousXUSMC
Posted (edited)

I agree a proxy is probably the most standard way to do this, or a group policy.

 

If you want a crafty autoit way of doing it without admin access.  Users have access to close there own processes associated with there user account.

You could have a script in the background doing something like:

If ProcessExisists("iexplorer.exe") Then ProcessClose("iexplorer.exe"

Find the proper process names, put it in a loop with a small delay, have it run in the background at startup with a timer associated with its function.

 

The network level of this is block WAN access on the firewall or something with an ACL that is how I would do it then I do not mess with individual workstations, there functions, and it only blocks internet access not local network access.  Disable the LAN would have some bad side effects like not pulling new polices, not updating AV, not checking in for NTP updates etc. 

 

Another thing to look into would be say OpenDNS.  I am pretty sure they have a time of day feature.  

It will give you some management authority, and/or simply restrict what they can browse so block say social media but get to a clients website.

Edited by ViciousXUSMC

Share this post


Link to post
Share on other sites
KickStarter15

:sweating:... Yahh, you guys have point. Also, using ProcessClose() might not be good, this will close your browser. Hmmm seems I have nothing that I can do with this request. Thank you guys for the time, maybe I'll still do the searching thing to see if I can get something.^_^


Programming is "To make it so simple that there are obviously no deficiencies" or "To make it so complicated that there are no obvious deficiencies" by C.A.R. Hoare.

Share this post


Link to post
Share on other sites
KickStarter15

@orbs and Experts,

So, here's what I've searched so far.

;Script for being unable to access user-chosen websites for X amount of time.
;To do:
; * Find a way to overwrite the real hosts file (Maybe run as admin)
; * Make an "Unblock" script if someone (or the script) accidentally does something it shouldn't

#include <ButtonConstants.au3>
#include <ComboConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("Website Blocker", 287, 125, 192, 124)
$Website = GUICtrlCreateLabel("Website to block:", 8, 16, 87, 17)
$Time = GUICtrlCreateLabel("Amount of time", 8, 48, 74, 17)
$Input1 = GUICtrlCreateInput("www.facebook.com", 104, 16, 177, 21)
GUICtrlSetTip(-1, "This is where you input the website, that you want to block the access to.")
$Input2 = GUICtrlCreateInput("1", 104, 48, 49, 21)
GUICtrlSetTip(-1, "This is where you input the X amount of time, you would like to block the aforementioned website for.")
$Combo1 = GUICtrlCreateCombo("Hour(s)", 176, 48, 57, 25)
GUICtrlSetData(-1, "Minute(s)|Second(s)")
GUICtrlSetTip(-1, "This is where you choose if you want the amount of time to be in seconds, minutes or hours.")
$Button1 = GUICtrlCreateButton("Block website!", 104, 88, 89, 25)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
   Case $GUI_EVENT_CLOSE
   Exit
   Case $Button1
   Block()
EndSwitch
WEnd

Func Block()
   FileCopy("C:\WINDOWS\system32\drivers\etc\hosts", @Scriptdir & "\hostsbackup")
   FileCopy("C:\WINDOWS\system32\drivers\etc\hosts", @Scriptdir & "\hosts")
   FileWrite(@ScriptDir & "\hosts", @CRLF & "127.0.0.1    " & GUICtrlRead($Input1))
   $write = FileCopy(@ScriptDir & "\hosts", "C:\WINDOWS\system32\drivers\etc\hosts", 1)
   If $write = 0 Then
   MsgBox(64, "Error", "An error has occured with blocking " & GuiCtrlRead($Input1), 5)
   Exit
   Else
   EndIf
   GUISetState(@SW_HIDE)

   If GuiCtrlRead($Combo1) = "Hour(s)" Then
   Dim $Sleep = GuiCtrlRead($Input2) * 60 * 60
   ElseIf GuiCtrlRead($Combo1) = "Minute(s)" Then
   Dim $Sleep = GuiCtrlRead($Input2) * 60
   ElseIf GuiCtrlRead($Combo1) = "Second(s)" Then
   Dim $Sleep = GuiCtrlRead($Input2)
   Else
   EndIf
   For $s = $Sleep To 0 Step -1
  Sleep(1000)
  $Tseconds=$s
  $hours = int($Tseconds/3600)
  $Remsecs = $Tseconds - ($hours * 3600)
  $minutes = int($Remsecs / 60)
  $Seconds = $Remsecs - ($minutes * 60)
  $TT = ToolTip(GUICtrlRead($Input1) & " will be unblocked in " & $hours & " hour(s), " & $minutes & " minute(s) and " & $Seconds & " second(s).", 5, 5, "Countdown until block removed" & @CRLF & "This script has been written by Reinn. Educational purposes only, all rights reserved - 2012.", 1)
Next

   Dim $TT = ToolTip("")
   $Copy = FileCopy(@ScriptDir & "\hostsbackup", "C:\WINDOWS\system32\drivers\etc\hosts", 1)
   If $Copy = @error Then
   MsgBox(64, "Error", "An error has occured with unblocking " & GuiCtrlRead($Input1), 5)
   Exit
   Else
   FileDelete(@ScriptDir & "\hosts")
   EndIf
   MsgBox(64, "Unblocked", "The website: " & GuiCtrlRead($Input1) & " has been unblocked and is now accesible.", 5)
   Exit
EndFunc

This code will block websites basing on the input you want, however still needs admin rights to manipulate host file.

Is there a way that this code can be changed in any other way where we don't need the access needed?:(


Programming is "To make it so simple that there are obviously no deficiencies" or "To make it so complicated that there are no obvious deficiencies" by C.A.R. Hoare.

Share this post


Link to post
Share on other sites
orbs

if you are absolutely certain that a client-level blocking is the way to go, then you will almost(*) certainly need administrative permissions. if you need the permissions to administer your workstations, then ask for these permissions from your IT (or have your IT provide the solution).

once you have such permissions, there are several ways to go. you can manipulate the hosts file, or you can use an existing free web filtering software, such as this (which i have used successfully in the past).

 

(*) if you cannot have administrative permissions, then you can try a portable proxy server. consult this list, i find at least this item worth checking.

 

Share this post


Link to post
Share on other sites
KickStarter15

Hmmm, yah maybe you're right! I need to consult this to our IT Dept. so they will be the one to have headache:D..... Thanks orbs, maybe that enlightened me a bit on controlling their requests from our stations not just accept and accept all the time.

Basically our IT Dept. won't provide any access to local development team unless they are the one who requested.:lol:


Programming is "To make it so simple that there are obviously no deficiencies" or "To make it so complicated that there are no obvious deficiencies" by C.A.R. Hoare.

Share this post


Link to post
Share on other sites
orbs

tell them that when selecting from the DevSecOps trio, the Dev part is the least relevant to web filtering :P

Share this post


Link to post
Share on other sites
KickStarter15

Yeah, hope they can consider that:lol: but still they are up with their high heads decision if granted or not. Hahah!:D


Programming is "To make it so simple that there are obviously no deficiencies" or "To make it so complicated that there are no obvious deficiencies" by C.A.R. Hoare.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×