We're having to do something similar but since we can only allow one interface enabled at a time we're going to use hardware profiles as well as creative scripting for enabling/disabling the firewall. Are you using anything for drive encryption?
We have it working with hardware profiles right now, but there has been some pushback from people that want it a bit more seamless. I'm probably more in that camp because we really were trying to make it so that people can just use the laptop wherever they can get connectivity and the device would be secure. We actually own McAfee's HIPS product and have been struggling to make it handle this for us. That was our "Plan A." "Plan B" was to just do it via group policies based on if the laptop sees a DC or not. It ended up pretty simple to do but this last piece has been frustrating.
------------------------------ *From: *Steve Snyder <kwajalein@xxxxxxxxx>
*Reply-To: *<thin@xxxxxxxxxxxxx> *Date: *Fri, 8 Sep 2006 12:39:09 +1200 *To: *<thin@xxxxxxxxxxxxx>
*Subject: *[THIN] Re: OT: Disabling wireless NIC when plugged in to your corporate network
Will hardware profiles not do the trick?
If not, there are enterprise firewall solutions that should be able to this or something similar, such as EndPoint Security Suite - about $80/lic
On 9/8/06, *Michael Pardee* <pardeemp.list@xxxxxxxxx> wrote:
Definitely off topic...
I've searched Google but only found others with the same question - no good solution.
We are configuring our WindowsXP laptops to do a few things automatically based on where they are plugged in. When they are on our corporte network the firewall is configured a certain way, the proxy is enabled in IE, etc. When they are not on our network the firewall gets locked down, proxy gets disabled, etc. The last remaining piece to this is I would like for all other NICs (WiFi, EVDO) to turn off/disable when the laptop gets plugged in to our LAN. I cannot find a way to shudown interfaces via Group Policy.
Anyone out there already deal with this? What did you do?
Thanks in advance.
--
Michael Pardee www.blindsquirrel.org <http://www.blindsquirrel.org><http://www.blindsquirrel.org>