Ive had a few questions in my mind about VPN Quarantine and how the process works. Rather than spend stacks of time writing about it, I did my usual thing and blogcasted it!
But as a precursor:
Whats wrong with VPN today? It doesnt check the validity of the client to connect and that the client is conforming to network based policies such as firewalls being enabled and up to date with patches. We released the Remote Quarantine Service in the Windows Server 2003 Resource Kit but thats just the building blocks of creating a solution. So I wrote a couple of scripts (with some help from the Scripting Guys website) to perform client side checks for patches/firewalls up etc.
Anyhow, watch the blogcasts and tell me if theres anything still missing that I need to cover. Any scripts that Ive referenced or written are below...
Part 1: Shows the client interactions with the VPN Quarantine service on Windows Server 2003
Part 2: Shows how to configure the server side RADIUS provider to work with Quarantine
Part 3: Shows how to configure the VPN service and client component
- Code for the client side scan is here
- Code for the Firewall Up script is here
- Code for the Parsing script is here
- Code for the certificate autoenrollment is here
With the code, remove the .txt appended at the end...obviously!