Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ProfileName = 'AlwaysOnVPN'
- $ProfileNameEscaped = $ProfileName -replace ' ', '%20'
- $ProfileXML = '<VPNProfile>
- <DnsSuffix>local.domain.tld</DnsSuffix>
- <NativeProfile>
- <Servers>vpn.domain.tld</Servers>
- <NativeProtocolType>IKEv2</NativeProtocolType>
- <Authentication>
- <UserMethod>Eap</UserMethod>
- <Eap>
- <Configuration>
- <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames>nps.local.domain.tld</ServerNames><TrustedRootCA>3d 8a 6d f8 7f 28 f9 7c 38 62 e9 eb fc 44 5a 76 f4 36 85 94 </TrustedRootCA></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>13</Type><EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"><CredentialsSource><CertificateStore><SimpleCertSelection>true</SimpleCertSelection></CertificateStore></CredentialsSource><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames>nps.local.domain.tld</ServerNames><TrustedRootCA>3d 8a 6d f8 7f 28 f9 7c 38 62 e9 eb fc 44 5a 76 f4 36 85 94 </TrustedRootCA></ServerValidation><DifferentUsername>false</DifferentUsername><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">true</AcceptServerName></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig>
- </Configuration>
- </Eap>
- </Authentication>
- <RoutingPolicyType>SplitTunnel</RoutingPolicyType>
- </NativeProfile>
- <AlwaysOn>true</AlwaysOn>
- <RememberCredentials>true</RememberCredentials>
- <TrustedNetworkDetection>local.domain.tld</TrustedNetworkDetection>
- <DomainNameInformation>
- <DomainName>.local.domain.tld</DomainName>
- <DnsServers>192.5.10.5,192.5.10.3</DnsServers>
- <DnsSuffix>local.domain.tld</DnsSuffix>
- </DomainNameInformation>
- </VPNProfile>'
- $ProfileXML = $ProfileXML -replace '<', '<'
- $ProfileXML = $ProfileXML -replace '>', '>'
- $ProfileXML = $ProfileXML -replace '"', '"'
- $nodeCSPURI = './Vendor/MSFT/VPNv2'
- $namespaceName = 'root\cimv2\mdm\dmmap'
- $className = 'MDM_VPNv2_01'
- try
- {
- $username = Gwmi -Class Win32_ComputerSystem | select username
- $objuser = New-Object System.Security.Principal.NTAccount($username.username)
- $sid = $objuser.Translate([System.Security.Principal.SecurityIdentifier])
- $SidValue = $sid.Value
- $Message = "User SID is $SidValue."
- Write-Host "$Message"
- }
- catch [Exception]
- {
- $Message = "Unable to get user SID. User may be logged on over Remote Desktop: $_"
- Write-Host "$Message"
- exit
- }
- $session = New-CimSession
- $options = New-Object Microsoft.Management.Infrastructure.Options.CimOperationOptions
- $options.SetCustomOption('PolicyPlatformContext_PrincipalContext_Type', 'PolicyPlatform_UserContext', $false)
- $options.SetCustomOption('PolicyPlatformContext_PrincipalContext_Id', "$SidValue", $false)
- try
- {
- $deleteInstances = $session.EnumerateInstances($namespaceName, $className, $options)
- foreach ($deleteInstance in $deleteInstances)
- {
- $InstanceId = $deleteInstance.InstanceID
- if ("$InstanceId" -eq "$ProfileNameEscaped")
- {
- $session.DeleteInstance($namespaceName, $deleteInstance, $options)
- $Message = "Removed $ProfileName profile $InstanceId"
- Write-Host "$Message"
- } else {
- $Message = "Ignoring existing VPN profile $InstanceId"
- Write-Host "$Message"
- }
- }
- }
- catch [Exception]
- {
- $Message = "Unable to remove existing outdated instance(s) of $ProfileName profile: $_"
- Write-Host "$Message"
- exit
- }
- try
- {
- $newInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
- $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", "$nodeCSPURI", 'String', 'Key')
- $newInstance.CimInstanceProperties.Add($property)
- $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", "$ProfileNameEscaped", 'String', 'Key')
- $newInstance.CimInstanceProperties.Add($property)
- $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ProfileXML", "$ProfileXML", 'String', 'Property')
- $newInstance.CimInstanceProperties.Add($property)
- $session.CreateInstance($namespaceName, $newInstance, $options)
- $Message = "Created $ProfileName profile."
- Write-Host "$Message"
- }
- catch [Exception]
- {
- $Message = "Unable to create $ProfileName profile: $_"
- Write-Host "$Message"
- exit
- }
- $Message = "Script Complete"
- Write-Host "$Message"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement