Powershell script for netsend msg to users 10 minutes before disconnecting them from PPTP / SSTP RRAS VPN

Question

Hello, I have remote access to the company by VPN PPTP / SSTP in RRAS.

I have a requirement in the company that some users who are from home office will only be able to connect to the VPN from 7AM until 7PM.
Other users (managers, third parties) will continue to be granted 24x7 access.

So, I created two security groups in AD:
Restricted_VPN
Unrestricted_VPN
And I inserted the respective users in their groups;

So, I was going to configure NPS to allow users of the VPN_Restricted group to logon only at the requested time intervals and leave the VPN_Irrestricted users free.

But this solution only applies to the login time, If a user member of Restricted_VPN connects at 6PM and stays connected until 10PM he will not be dropped from the VPN at 7PM.

So with the help of the forum I created a script that drops users from the VPN_Restricted group exactly at 7PM.

 *Get-ADGroupMember -Identity "Restricted_VPN" | ForEach-Object{
     $name = 'YourDomain\' + $_.SamAccountName
     Disconnect-VpnUser -UserName $name
 }*

But this does not solve the need for 10 minutes before informing users to save their work as the VPN will disconnect in 10 minutes.

I need to send a message with MSG / Server but I cannot send to all VPN users, only the users who are part of the restricted group

So I created the script below:

> # Reading a txt file - I created a txt with a vpn range IP per line

> $ Text = Get-Content -Path C: \ _ scripts \ IPRange.txt

> # Transforming file lines into an array

> $ Text.GetType () | Format-Table -AutoSize

> #Listing the lines in the file - here I put one for inside the other and line by line it looks for a logged in user who is part of the group and sends the message

> foreach ($ element in $ Text)

> {

>      $ element

> Get-ADGroupMember -Identity "VPN_MatrizRestrita" | ForEach-Object {

>       $ name = $ _. SamAccountName

>      MSG / server: $ element $ name TI Test Ignore

>   }

> }

The script is working for what I need, it scans all IP's of the VPN and finds users in the restricted group, which will be dropped, he sends the message warning.

The problem is that since it is recursive, the execution is very slow.

Is there any way to optimize this script? Something with multithread?

Answer 1

Hello,

First you could use the easier way (to my eyes) Invoke-Command, where you provide a list of Computer names.
Use "-ThrottleLimit" parameter to set a specific number of concurrent connections, default is 32.

Or use workflow, have a look on the below link, it will give you an idea from where to start:
https://powershell.org/forums/topic/help-with-workflows-and-parallel-loops/

Chers,
Sok.

Answer 2

Hi,

You can parallelize it with jobs and you only need to run Get-ADGroupMember -Identity "VPN_MatrizRestrita" once.

$Text = Get-Content -Path C:\scripts\IPRange.txt  
Get-ADGroupMember -Identity "VPN_MatrizRestrita" | ForEach-Object {  
    $name = $_.SamAccountName      
    foreach ($element in $Text) {  
        Start-Job {MSG /server:$using:element $using:name TI Test Ignore}  
    }  
}  

For more information you can refer to this link
https://devblogs.microsoft.com/scripting/parallel-processing-with-jobs-in-powershell/

Best Regards，
Ian Xue

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.