Help with Script - Don't Run Package if on VPN

0

Hello,

I'm looking to receive some guidance/assistance with preventing a package from deploying to users on VPN. I have been using PDQ to deploy our VPN software but when the users are on VPN it causes issues. I would like the PDQ deployment to check the PC IP address and only continue if it starts with "10.101". I would like to do it this way to make the verification part of the package rather than filter computers in inventory.

I dabble with PowerShell, but I'm having a little trouble with this one.

Cancel
login to comment
0
  1. Create a collection that list all devices starting with IP 10.101. - Name the collection "Non VPN Devices"
  2. In the Deploy package use the condition tab on the right side - > "PDQ Inventory Collection" -> "Is A Member" and point to the new "Non VPN Devices" collection

enter image description here

Now you can kick off the deployment and every device not starting with IP 10.101. gets ignored

Or you do it the other way, create a collection "IP not starting with 10.101." (that shows you all VPN devices) and say "Is not a Member" of this collection

Cancel
login to comment

0

That works too! Thank you!

Cancel
login to comment

0

I would like to add something here. This works for sure, but I have experienced in a couple of cases that the IP address can't keep up with package deployment. We were changing our VPN client and it was important for them not to be on VPN at the time (so they wouldn't be stranded). I made a collection like this with a heartbeat schedule to deploy the new VPN client, but in a couple of cases we saw that people who had recently been on-site, shut down their computer, gone home and then started the computer and logging on to VPN, would take a little time to update in the console. Their status as online would show first and the package would deploy (maybe it was just before the scan could complete)... they would get their VPN uninstalled and then the deployment would fail.

What I have learned is to copy the files to their local drives and run them from there in these cases. A couple of things I still don't know though: 1. Will a deployment fail locally on the computer midway through a step if it loses connection to the PDQ server? Would a script step that is only halfway done, when connection is lost, continue to run?

This is why I was hoping for a script to check the IP. So I could run a scan step to update the IP, check the IP, then decide if i want to proceed with the deploy.

Cancel
login to comment

0

You could also check to see if the VPN adapter is is Up or not. In my environment something like that would look like this:

If((Get-NetAdapter -Name 'Ethernet 2').Status -ne 'Up'){ return 2 }

Then make sure that whatever value you return is set to be an error code on the Powershell step, and fail the deployment. Otherwise, move on.

Cancel
login to comment

0

How do we achieve this yet without PDQ Inventory?

Cancel
login to comment

Reply