Windows 7: Detect via Script if the End-User is connected to CorpNet Using Direct Access
In Windows 8.1, we have the PowerShell command: Get-DAConnectionStatus. This allows us to check if we are connected to the CorpNet via Direct Access or not. Additionally, it also gives, as output, the status of the existing Direct Access connection.
In Windows 7 though, there is no such easy way out. The Get-DAConnectionStatus is not available in Windows 7. Here lies the challenge I faced. I needed to check multiple computers, via a script, to see if our Windows 7 client machines are connected to CorpNet via Direct Access or not.
Of course, I did a lot of web-surfing to see if there is any solution available. You may say that I have not been able to search the internet correctly or whatever else you may like to say. But after lot of browsing the net result is that I could not find any solution that was satisfactory for me. However, I did get some very good hints and pointers.
Using those hints and pointers, I have conjured up a solution that works for Windows 7 Clients. The solution is as following:
In Windows 7 client, open CMD and type: Netsh dnsclient show state
And here is the output.
The screenshot (Figure 1) above means:
- Direct Access settings are not configured. Direct Access is not installed and configured on the Windows 7 client.
- Machine Location is outside corporate network. This client is either working from home or from elsewhere. He is using his personal (or hotel) internet connection to connect and browse the internet. This client may be connected to the CorpNet via standard/regular VPN connection; but not DirectAccess.
Note: Even if the client is connected via VPN, he may still see the machine location as “Outside Corporate Network”. But there is not DirectAccess connection.
Notice Figure 2 below
The screenshot (Figure 2) above means:
- Direct Access settings are configured and disabled. Direct Access is installed and configured on the Windows 7 client. But it is disabled
- Machine Location is Inside Corporate Network. This client is inside CorpNet. But its DirectAccess settings are disabled.
Thus, by assessing (a) and (b) we come to know that the Windows 7 client is working from inside the office. It is connected to CorpNet directly; not via Direct Access. Once inside the office, the client does not need to use Direct Access. Therefore, Direct Access is configured and disabled.
Notice Figure 3 below
The screenshot (Figure 3) above means:
- Direct Access settings are configured and enabled. Direct Access is installed and configured on the Windows 7 client and it is enabled.
- Machine Location is Outside Corporate Network. This client is outside the CorpNet. And its Direct Access settings are enabled.
Thus, by assessing (a) and (b) we come to know that the Windows 7 client is working from outside the CorpNet. It has Direct Access installed and configured and enabled. It is connected to the CorpNet via Direct Access.
Based on the above findings, we can now derive at a logical conclusion about how to detect which Windows 7 clients are connected via DirectAccess. Once, this has been concluded, the rest is to write a script that will perform the above checks and give out put based on the findings.
The script – CheckIfDA.vbs -- is written below. Copy and Paste the script and save it. You will need to execute like this: CScript <ScriptPath>\CheckIfDA.vbs
All the best and Cheers to you all!! Your feedback, suggestions and comments are welcome. Please do send them at monimoys@hotmail.com
The Script Code
Option Explicit
Const ForReading = 1
Dim ObjShell, RetVal, ObjFSO, ObjFile
Dim StrPath, StrTextLine, BlnNoDA1, BlnNoDA2
Dim BlnInside1, BlnInside2, BlnDA1, BlnDA2
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
StrPath = Trim(ObjFSO.GetFile(WScript.ScriptFullName).ParentFolder)
If ObjFSO.FileExists(StrPath & "\ChkResult.txt") = True Then
ObjFSO.DeleteFile StrPath & "\ChkResult.txt", True
End If
Set ObjFSO = Nothing
Set ObjShell = CreateObject("WScript.Shell")
RetVal = ObjShell.Run ("cmd /c Netsh dnsclient show state > ChkResult.txt", 0, True)
Set ObjShell = Nothing
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set ObjFile = ObjFSO.OpenTextFile(StrPath & "\ChkResult.txt", ForReading)
BlnDA1=False: BlnDA2 = False: BlnNoDA1 = False: BlnNoDA2 = False
BlnInside1 = False: BlnInside2 = False
Do Until ObjFile.AtEndOfStream
StrTextLine = ObjFile.ReadLine
If InStr(LCase(StrTextLine), "machine location") > 0 AND InStr(LCase(StrTextLine), "outside corporate network") > 0 Then
BlnNoDA1 = True
End If
If InStr(LCase(StrTextLine), "direct access settings") > 0 AND InStr(LCase(StrTextLine), "not configured") > 0 Then
BlnNoDA2 = True
End If
If InStr(LCase(StrTextLine), "machine location") > 0 AND InStr(LCase(StrTextLine), "inside corporate network") > 0 Then
BlnInside1 = True
End If
If InStr(LCase(StrTextLine), "direct access settings") > 0 AND InStr(LCase(StrTextLine), "configured and disabled") > 0 Then
BlnInside2 = True
End If
If InStr(LCase(StrTextLine), "machine location") > 0 AND InStr(LCase(StrTextLine), "outside corporate network") > 0 Then
BlnDA1 = True
End If
If InStr(LCase(StrTextLine), "direct access settings") > 0 AND InStr(LCase(StrTextLine), "configured and enabled") > 0 Then
BlnDA2 = True
End If
Loop
ObjFile.Close: Set ObjFile = Nothing
If BlnNoDA1 = True AND BlnNoDA2 = True Then
WScript.Echo
WScript.Echo "Machine Is Outside CorpNet. Direct Access Not Configured."
WScript.Echo "Machine may connect to CorpNet via Regular VPN connection."
WScript.Echo
End If
If BlnInside1 = True AND BlnInside2 = True Then
WScript.Echo
WScript.Echo "Machine Is Inside CorpNet. Direct Access Settings Configured and Disabled."
WScript.Echo "Since This Machine is Inside CorpNet DA is not in Use."
WScript.Echo
End If
If BlnDA1 = True AND BlnDA2 = True Then
WScript.Echo
WScript.Echo "Machine Is Outside CorpNet. Direct Access is Configured."
WScript.Echo "Machine is Connected To CorpNet via DirectAccess."
WScript.Echo
End If
If ObjFSO.FileExists(StrPath & "\ChkResult.txt") = True Then
ObjFSO.DeleteFile StrPath & "\ChkResult.txt", True
End If
Set ObjFSO = Nothing: WScript.Quit