Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # NOTES
- # And sorry... you will have to do a find and replace as this script was created very quickly and a lot of items are hard-coded.
- #
- # Change "COMPANYNAME" to your company name.
- # Change your routes and traffic filter ranges (I used random ones below).
- # Change your server(s) list.
- # Change trusted network detection domain.
- # Make any other desired changes to $ProfileXML variable.
- ###################################
- # Set Version of Settings. Increase the version number to redeploy updates.
- $VPNVersion = "1.0"
- # Check if already updated to latest version
- if ($null -eq (Get-ItemProperty -Path "HKLM:\Software\COMPANYNAME\AlwaysOnVPN" -Name $VPNVersion -ErrorAction SilentlyContinue))
- {
- Write-Host "Latest Version Not Installed. Will attempt to install..."
- }
- else
- {
- Write-Host "Latest Version Already Installed. Exiting..."
- Exit
- }
- $ProfileName = 'COMPANYNAME Device AlwaysOn VPN'
- $ProfileNameEscaped = $ProfileName -replace ' ', '%20'
- $ProfileXML = '
- <VPNProfile>
- <NativeProfile>
- <Servers>ao.COMPANYNAME.com</Servers>
- <NativeProtocolType>IKEv2</NativeProtocolType>
- <Authentication>
- <MachineMethod>Certificate</MachineMethod>
- </Authentication>
- <RoutingPolicyType>SplitTunnel</RoutingPolicyType>
- <DisableClassBasedDefaultRoute>true</DisableClassBasedDefaultRoute>
- </NativeProfile>
- <Route>
- <Address>172.16.0.0</Address>
- <PrefixSize>16</PrefixSize>
- </Route>
- <Route>
- <Address>172.17.0.0</Address>
- <PrefixSize>16</PrefixSize>
- </Route>
- <TrafficFilter>
- <RemoteAddressRanges>172.16.0.0/16,172.17.0.0/16</RemoteAddressRanges>
- </TrafficFilter>
- <AlwaysOn>true</AlwaysOn>
- <TrustedNetworkDetection>COMPANYNAME.org</TrustedNetworkDetection>
- <DeviceTunnel>true</DeviceTunnel>
- <RegisterDNS>true</RegisterDNS>
- </VPNProfile>
- '
- $ProfileXML = $ProfileXML -replace '<', '<'
- $ProfileXML = $ProfileXML -replace '>', '>'
- $ProfileXML = $ProfileXML -replace '"', '"'
- $nodeCSPURI = './Vendor/MSFT/VPNv2'
- $namespaceName = "root\cimv2\mdm\dmmap"
- $className = "MDM_VPNv2_01"
- $session = New-CimSession
- try
- {
- $deleteInstances = $session.EnumerateInstances($namespaceName, $className)
- foreach ($deleteInstance in $deleteInstances)
- {
- $InstanceId = $deleteInstance.InstanceID
- if ("$InstanceId" -eq "$ProfileNameEscaped")
- {
- $session.DeleteInstance($namespaceName, $deleteInstance)
- $Message = "Removed $ProfileName profile $InstanceId"
- Write-Host "$Message"
- }
- else
- {
- $Message = "Ignoring existing VPN profile $InstanceId"
- Write-Host "$Message"
- }
- }
- }
- catch [Exception]
- {
- $Message = "Unable to remove existing outdated instance(s) of $ProfileName profile: $_"
- Write-Host "$Message"
- exit
- }
- try
- {
- $newInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
- $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", "$nodeCSPURI", 'String', 'Key')
- $newInstance.CimInstanceProperties.Add($property)
- $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", "$ProfileNameEscaped", 'String', 'Key')
- $newInstance.CimInstanceProperties.Add($property)
- $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ProfileXML", "$ProfileXML", 'String', 'Property')
- $newInstance.CimInstanceProperties.Add($property)
- $session.CreateInstance($namespaceName, $newInstance)
- # COMPANYNAME EDIT TO TRACK VERSION INSTALLS FOR DEPLOYMENT SCRIPT
- if (-not (Test-Path "HKLM:\Software\COMPANYNAME\AlwaysOnVPN"))
- {
- New-Item -Path "HKLM:\Software\COMPANYNAME\AlwaysOnVPN" -Force
- }
- Set-ItemProperty -Path "HKLM:\Software\COMPANYNAME\AlwaysOnVPN" -Name $VPNVersion -Value $(Get-Date -Format "yyyy-MM-dd-HHmmss")
- $Message = "Created $ProfileName profile."
- Write-Host "$Message"
- }
- catch [Exception]
- {
- $Message = "Unable to create $ProfileName profile: $_"
- Write-Host "$Message"
- exit
- }
- $Message = "Complete."
- Write-Host "$Message"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement