Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Help with Script - Don't Run Package if on VPN

Hello,

I'm looking to receive some guidance/assistance with preventing a package from deploying to users on VPN. I have been using PDQ to deploy our VPN software but when the users are on VPN it causes issues. I would like the PDQ deployment to check the PC IP address and only continue if it starts with "10.101". I would like to do it this way to make the verification part of the package rather than filter computers in inventory.

I dabble with PowerShell, but I'm having a little trouble with this one.

0

Comments

7 comments
Date Votes
  • Command (batch) as step to deploy, success code 1:

    ipconfig | find /I "IPv4" | find /I "10.168.212."

     

     

     

    1
    1. Create a collection that list all devices starting with IP 10.101. - Name the collection "Non VPN Devices"
    2. In the Deploy package use the condition tab on the right side - > "PDQ Inventory Collection" -> "Is A Member" and point to the new "Non VPN Devices" collection

    enter image description here

    Now you can kick off the deployment and every device not starting with IP 10.101. gets ignored

    Or you do it the other way, create a collection "IP not starting with 10.101." (that shows you all VPN devices) and say "Is not a Member" of this collection

    0
  • That works too! Thank you!

    0
  • I would like to add something here. This works for sure, but I have experienced in a couple of cases that the IP address can't keep up with package deployment. We were changing our VPN client and it was important for them not to be on VPN at the time (so they wouldn't be stranded). I made a collection like this with a heartbeat schedule to deploy the new VPN client, but in a couple of cases we saw that people who had recently been on-site, shut down their computer, gone home and then started the computer and logging on to VPN, would take a little time to update in the console. Their status as online would show first and the package would deploy (maybe it was just before the scan could complete)... they would get their VPN uninstalled and then the deployment would fail.

    What I have learned is to copy the files to their local drives and run them from there in these cases. A couple of things I still don't know though: 1. Will a deployment fail locally on the computer midway through a step if it loses connection to the PDQ server? Would a script step that is only halfway done, when connection is lost, continue to run?

    0
  • This is why I was hoping for a script to check the IP. So I could run a scan step to update the IP, check the IP, then decide if i want to proceed with the deploy.

    0
  • You could also check to see if the VPN adapter is is Up or not. In my environment something like that would look like this:

    If((Get-NetAdapter -Name 'Ethernet 2').Status -ne 'Up'){ return 2 }

    Then make sure that whatever value you return is set to be an error code on the Powershell step, and fail the deployment. Otherwise, move on.

    0
  • How do we achieve this yet without PDQ Inventory?

    0