TechNet Home > TechNet Security > Guidance > Windows Server 2003

Implementing Quarantine Services with Microsoft Virtual Private Network Planning Guide

Appendix A - Sample Quarantine Scripts

Updated: June 30, 2005
On This Page
Quarantine Script SamplesQuarantine Script Samples
Remote Access ComponentsRemote Access Components
Launch Windows Update ScriptLaunch Windows Update Script

Quarantine Script Samples

The following section describes some sample scripts that are available to download from the Microsoft Web site. The scripts are contained in a self-extracting executable file named VPN Quarantine Sample Scripts.exe. This file includes a readme.txt file and additional documentation for each script.

For more information about Virtual Private Network (VPN) quarantine scripts, see VPN Quarantine Sample Scripts for Verifying Client Health Configurations at www.microsoft.com/downloads/details.aspx?FamilyID=a290f2ee-0b55-491e-bc4c-8161671b2462&displaylang=en

These scripts are samples and might have to be altered before they apply to your environment. The following table lists the scripts and describes their purpose.

Table A.1: Sample Quarantine Scripts

Script nameDescription

Qsamples.cmd

This is the top level file that is invoked as a post-connect action from the Connection Manager profile and launches the other scripts.

AV.Bat

Checks to see if the client's antivirus software is the latest version and includes the most recent virus signature files. This script performs validation for eTrust antivirus software only. Contact your vendor for help in developing a similar script for other antivirus software packages.

CheckHotFixes.vbs

Checks for critical updates on the client computer. The administrator must provide a list of mandated updates.

ICS.vbs

Checks for, and, if necessary, disables, Internet Connection Sharing.

Passwd.vbs

Checks the password against corporate policy.

ScrSaver.vbs

Checks the screen saver settings for the current user, and ensures that it is enabled and password protected.

WF.vbs

Checks, and, if necessary, enables, Windows Firewall on all network interfaces.

Remote Access Components

The following section describes the syntax for two remote access quarantine components.

Remote Access Quarantine Agent Service (RQS) Syntax

To start the remote access quarantine agent service, at the command line, type: 

Net start rqs

To stop the remote access quarantine agent service, at the command line, type:

Net stop rqs

Remote Access Quarantine Client Agent (RQC) Syntax

RQC has the following syntax: 

rqc ConnName TunnelConnName Port Domain UserName String

The following table lists the remote access quarantine client agent parameters and their description.

Table A.2 RQC agent parameters

ParameterDescription

ConnName

Specifies the name of the remote access server connection on the host. The value of this parameter can be inherited from the Connection Manager profile %DialRasEntry% variable.

TunnelConnName

Specifies the name of the remote access server tunnel connection on the host. The value of this parameter can be inherited from the Connection Manager profile %TunnelRasEntry% variable.

Port

Specifies the port to which the quarantine string is sent. The default port used by Remote Agent Quarantine Agent (RQS) on the remote access server is TCP port 7250. Specify a different port number for RQC only if RQS is using a different port number.

Domain

Specifies the domain of the connecting user. The value of this parameter can be inherited from the Connection Manager profile %Domain% variable

UserName

Specifies the user name of the connecting user. The value of this parameter can be inherited from the Connection Manager profile %UserName% variable.

String

Specifies a text string that contains the version of the administrator-created script. All characters are accepted except for the /0 character sequence.

Launch Windows Update Script

The following code is used with the CheckHotFixes.vbs script to guide the user to the Microsoft® Windows® Update site, where they can install the latest security updates:

Prog = """C:\Program Files\Internet Explorer\iexplore.exe"""
WUSite= " http://windowsupdate.microsoft.com"
Set WshShell = CreateObject("Wscript.Shell")
WshShell.Run(prog & WUsite),1,TRUE


**
**

Download

Get the Implementing Quarantine Services with Microsoft Virtual Private Network Planning Guide

Solution Accelerator Notifications

Sign up to stay informed

Feedback

Send us your comments or suggestions