Help with Script - Don't Run Package if on VPN

Comments

6 comments

  • Christian Bacher
    1. Create a collection that list all devices starting with IP 10.101. - Name the collection "Non VPN Devices"
    2. In the Deploy package use the condition tab on the right side - > "PDQ Inventory Collection" -> "Is A Member" and point to the new "Non VPN Devices" collection

    enter image description here

    Now you can kick off the deployment and every device not starting with IP 10.101. gets ignored

    Or you do it the other way, create a collection "IP not starting with 10.101." (that shows you all VPN devices) and say "Is not a Member" of this collection

    0
    Comment actions Permalink
  • Sitruk

    That works too! Thank you!

    0
    Comment actions Permalink
  • Jesper Madsen

    I would like to add something here. This works for sure, but I have experienced in a couple of cases that the IP address can't keep up with package deployment. We were changing our VPN client and it was important for them not to be on VPN at the time (so they wouldn't be stranded). I made a collection like this with a heartbeat schedule to deploy the new VPN client, but in a couple of cases we saw that people who had recently been on-site, shut down their computer, gone home and then started the computer and logging on to VPN, would take a little time to update in the console. Their status as online would show first and the package would deploy (maybe it was just before the scan could complete)... they would get their VPN uninstalled and then the deployment would fail.

    What I have learned is to copy the files to their local drives and run them from there in these cases. A couple of things I still don't know though: 1. Will a deployment fail locally on the computer midway through a step if it loses connection to the PDQ server? Would a script step that is only halfway done, when connection is lost, continue to run?

    0
    Comment actions Permalink
  • Sitruk

    This is why I was hoping for a script to check the IP. So I could run a scan step to update the IP, check the IP, then decide if i want to proceed with the deploy.

    0
    Comment actions Permalink
  • Stephen Valdinger

    You could also check to see if the VPN adapter is is Up or not. In my environment something like that would look like this:

    If((Get-NetAdapter -Name 'Ethernet 2').Status -ne 'Up'){ return 2 }

    Then make sure that whatever value you return is set to be an error code on the Powershell step, and fail the deployment. Otherwise, move on.

    0
    Comment actions Permalink
  • Eric Mielke

    How do we achieve this yet without PDQ Inventory?

    0
    Comment actions Permalink

Please sign in to leave a comment.