September 29th, 2008

Hey, Scripting Guy! How Can I Enable or Disable My Network Adapter?

 

Hey, Scripting Guy! Question

Hey, Scripting Guy! At my office I access the corporate network by using a wired ethernet connection. However, when I come home, I have a wireless connection. Since our security guys do not allow us to have multiple network connections active at the same time, I am constantly enabling the wireless connection when I get home, and disabling the wireless connection when I get to the office. In Windows Vista, this seems like it takes twelve clicks. Is this something that I can script?

– TB

SpacerHey, Scripting Guy! Answer

Hi TB,

Sounds like your security guys are on top of things. One of the major ways malware weasels its way into networks is through unsecured wireless access. If they allow you to bridge the wired network with some unsecured wireless access point that is blazing away at the local hamburger shop, they would not be doing their job. It is the same thing as buying a really good lock for the front door of your house and leaving the windows open. You were complaining about twelve clicks to enable or disable the network adapter (I have not counted them, so I will just take your word for it), but the good thing about running Windows Vista is that we have upgraded the Win32_NetworkAdapter WMI class.

In Windows Vista, there is an enable and a disable method for the network adapter. To use this in a script, all we need to do is select the specific network card we wish to work with, and then call the appropriate method. This is seen in this script:

Param(
      $wireless,
      $wired,
      [switch]$help
      )
Function GetHelp()
{
  $helpText= `
@"
 DESCRIPTION:
 NAME: EnableDisableNetworkAdapters.ps1
 Enables or Disables Network Adapters on a local machine. 

 PARAMETERS: 
 -wireless <enable, disable, query>
 -wired <enable, disable, query>
 -Help displays this help topic
 SYNTAX:
 EnableDisableNetworkAdapters.ps1 -wired query
 Reports basic information about the wired network adapter
 EnableDisableNetworkAdapters.ps1 -wired query -wireless query
 Reports basic information about both the wired and wireless network adapters
 EnableDisableNetworkAdapters.ps1 -wired disable
 Disables the wired network adapter (Requires Admin rights)
 EnableDisableNetworkAdapters.ps1 -wired disable -wireless enable
 Disables the wired network adapter and enables the wireless network adapter (Requires Admin rights)
 EnableDisableNetworkAdapters.ps1 -help
 Prints the help topic for the script
"@ #end helpText
  $helpText
} #end GetHelp
Function GetWireless()
{
 $filter = "Name LIKE '%Wireless%'"
 NetworkAdapterFactory($wireless)
}#end GetWireless
Function GetWired()
{
 $filter = "Name LIKE '%GigaBit%'"
 NetworkAdapterFactory($wired)
} #end GetWired
Function NetworkAdapterFactory($adapter)
{
 $wmi = Get-WmiObject -Class Win32_NetworkAdapter `
 -filter $filter
 switch ($adapter)
 {
  "query" { $wmi }
  "enable" { $wmi.enable() }
  "disable" { $wmi.disable() }
  DEFAULT { 
           Write-Host -foregroundcolor red "unrecognized parameter." 
           GetHelp 
           Exit 
          }
 } #end switch
} #end NetWorkAdapterFactory
# --- ENTRY POINT ---
If($help) { GetHelp ; exit }
if($wireless) { GetWireless }
if($wired) { GetWired }
If(!$wireless -or !$wired) { GetHelp ; exit }

We begin the script by using the param statement to enable the script to accept command line parameters. We create three parameters: $wireless, $wired, and $help. The $help parameter is a switched parameter, and will effect the script only if it is supplied from the command line. The other two parameters allow us to work with either the wireless network card or the wired network card. This section of the code is shown here:

Param(
      $wireless,
      $wired,
      [switch]$help
      ) 

The next thing we do is create a function that will display the Help for the script. This function uses a here string to allow us to type in a bunch of text when we were creating the script. To create a here string, you begin a line with an at sign (@) followed by a quotation mark. You end the here string in the opposite manner. You want to assign the here string to a variable. This syntax is shown here:

$hereString = @"
This is a string
"@

The style of the GetHelp function follows the style of the Help that is displayed when using the GetHelp cmdlet. The Help text is divided into three sections: Description, Parameters, and Syntax. The GetHelp function is seen here:

Function GetHelp()
{
  $helpText= `
@"
 DESCRIPTION:
 NAME: EnableDisableNetworkAdapters.ps1
 Enables or Disables Network Adapters on a local machine. 

 PARAMETERS: 
 -wireless <enable, disable, query>
 -wired <enable, disable, query>
 -Help displays this help topic

 SYNTAX:
 EnableDisableNetworkAdapters.ps1 -wired query
 Reports basic information about the wired network adapter

 EnableDisableNetworkAdapters.ps1 -wired query -wireless query
 Reports basic information about both the wired and wireless network adapters

 EnableDisableNetworkAdapters.ps1 -wired disable
 Disables the wired network adapter (Requires Admin rights)

 EnableDisableNetworkAdapters.ps1 -wired disable -wireless enable
 Disables the wired network adapter and enables the wireless network adapter (Requires Admin rights)

 EnableDisableNetworkAdapters.ps1 -help

 Prints the help topic for the script
"@ #end helpText
  $helpText
} #end GetHelp

When the script displays the Help text information, it prints out rather nicely. The GetHelp output is shown here:

GetHelp output graphic

 

The next thing we do in the script is create two functions. These functions are very similar to each other. They are called based upon the command line parameters. If you specify that you want to work with the wireless card, specifying the -wireless parameter calls the GetWireless function. It creates the filter for the WMI query and calls the NetworkAdapterFactory function while passing the value contained in the $wireless command line parameter. The GetWired function does exactly the same thing for the wired network adapter. If you specify -wired from the command line, this function gets called. One thing to note is that because of the design of the script, you are allowed to specify both -wired and -wireless from the same command line. This would allow you to enable one network connection and disable a second network connection with the same command. These two functions are shown :

Function GetWireless()
{
 $filter = "Name LIKE '%Wireless%'"
 NetworkAdapterFactory($wireless)
}#end GetWireless

Function GetWired()
{
 $filter = "Name LIKE '%GigaBit%'"
 NetworkAdapterFactory($wired)
} #end GetWired

The main function in the script is the NetworkAdapterFactory function. The function accepts the filter that was created in either the GetWired or GetWireless functions. After the Get-WmiObject cmdlet returns the appropriate instance of the Win32_NetworkAdapter class, we store the resultant management object in the $wmi variable. We then pass the action to perform that was specified from the command line parameters. If we want to query the details about the network adapter, the switch statement displays the information contained in the $wmi variable. If we wish to enable the network adapter, we call the enable method. If disable was specified when the script was launched, we call the disable method. If there are no matches in the switch statement, we call the GetHelp function and exit the script. This section of the script is shown here:

Function NetworkAdapterFactory($adapter)
{
 $wmi = Get-WmiObject -Class Win32_NetworkAdapter `
 -filter $filter
 switch ($adapter)
 {
  "query" { $wmi }
  "enable" { $wmi.enable() }
  "disable" { $wmi.disable() }
  DEFAULT { 
           Write-Host -foregroundcolor red "unrecognized parameter." 
           GetHelp 
           Exit 
          }
 } #end switch
} #end NetWorkAdapterFactory

The results of enabling or disabling the network adapter are shown with the default view. You could capture the return code and evaluate it to make a better display. It would more than likely take an additional function. At a minimum you might consider filtering out the system properties. Here the results:

GetHelp output graphic

 

The entry point of the script evaluates the command line parameters. If the $help variable is present, it is only because the script was run with the -help parameter. We therefore will call the GetHelp function and exit the script. If the $wireless variable is present, the script was run with the -wireless parameter and we call the getWireless function to create the appropriate WMI filter, and pass the value on to the NetworkAdapterFactory. We perform a similar procedure if the $wired variable is present. Here is the code that decides how the script will perform. The last thing we do is check to see if the $wireless or the $wired parameters have been specified. If they were not supplied, and we did not specify the -help parameter, we call the Help anyway. This will allow the script to display Help when it is run without any command line parameters:

If($help) { GetHelp ; exit }
if($wireless) { GetWireless }
if($wired) { GetWired }
If(!$wireless -or !$wired) { GetHelp ; exit }

TB, this was an awesome question, and there is a lot more we could do to the script to make it easier to use or easier to interpret the results that are returned by running the script. We hope you will see that by the proper use of automation you can ease your frustration with the corporate security guys and reduce your level of stress.

Ed Wilson and Craig Liebendorfer, Scripting Guys

Author

0 comments

Discussion are closed.