Submitted By: David Davis

Disables any wireless network cards and then sends an email notification.

Visual Basic
Const HKEY_LOCAL_MACHINE = &H80000002

On Error Resume Next

Public WShell

Dim MailWNC, MailRcpt, MailSRV, MailDOM
Dim strComputer

'sets the focus of the script to run against the local system
Set WSHNetwork = WScript.CreateObject("WScript.Network")
strComputer = WSHNetwork.Computername

'create a connection object to enable sending emails
Set objEmail = CreateObject("CDO.Message")
'create a connection object to the windows Shell commands
Set WShell = Wscript.CreateObject("Wscript.Shell")
'create a connection object to connect to the winmgmts ojbect 
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\default:StdRegProv")

'send to example
'Smtp servers IP address example
'the domain name to append to the mailfrom example
'set up the location where Devcon.exe is located example \\skynet\termination\devcon\i386\
EXEPath = "\\REPLACE THIS\Devcon\i386\"
'this is the registry entry to look for wireless NICs on the system
strKeyPath = "SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}"

'enumerates all the sub keys underneath strkeypath and puts them in an array so the data can be used to find values that match for a wireless card
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys

'This will look for the subkey that 
For Each subkey In arrSubKeys
	If subkey <> "Descriptions" Then
	'Wscript.Echo strKeyPath & "\" & subkey & "\" & "Connection" 'Error Checking
	'this sets the variable to the name of the registry key MediaSubType
	strValueName = "MediaSubType"
	'this will get the value of the registry key 1 = built in NIC 2 = Wireless
	oReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath & "\" & subkey & "\" & "Connection" ,strValueName,dwvalue
	strValueName = "Name"
	oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath & "\" & subkey & "\" & "Connection" ,strValueName,strValue
	'Wscript.Echo "Card: " & strValue 'Error Checking
		'If the media sub type = 2 then it is wireless so this will be the focus of the IF statement
		If dwvalue = 2 Then
		'this section will check if the wireless adapter is enabled if yes it will shut it down, display a message and send an email.
		Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
		Set colItems = objWMIService.ExecQuery ("Select * from Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")
			For Each Objitem In colItems
				'this logic filters for the wireless adapter.
				If objItem.SettingID = subkey Then
					strValueName = "Name"
					oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath & "\" & subkey & "\" & "Connection" ,strValueName,strValue
					WShell.Popup "Security policy forbids the use of wireless cards while your system is connected to this network." & _ 
					vbCr & "Your wireless card '"  & strValue &"' will be disabled." & vbCr & _
					"You may re-enable your Wireless card after you have physically disconnected from this Network." & vbCr & _
					"Security has been notified.",10,"Disabling Wireless"
					'this value is required for the program devcon to identify the device to be disabled, in this case the wireless card.
					strValueName = "PnpInstanceID"
					oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath & "\" & subkey & "\" & "Connection" ,strValueName,strValue
					'Devcon.exe is program created by Microsoft that is a command line interface to manage devcies for 32 and 64 bit sysetms.
					'You can download this @;EN-US;Q311272
					WShell.Run EXEPath & "devcon.exe disable ""@" & strValue & """" ,2,True
					MailWNC = "A wireless card was found active on " & strComputer & " and was disabled."
				End If
		End If
	End If

'This portion sends the email
sub Mailreport
	'WScript.Echo MailWNC
	If MailWNC = "" then
		objEmail.From = strcomputer & MailDOM
		objEmail.To = MailRcpt
		objEmail.Subject = "Script notification: WireLess" 
		objEmail.Textbody = MailWNC
		objEmail.Configuration.Fields.Item _
		("") = 2
		objEmail.Configuration.Fields.Item _
		("") = MailSRV 
		objEmail.Configuration.Fields.Item _
		("") = 25
	End If
end Sub