1.15.3 Batch files used to configure the VPN connection
JP1/IT Desktop Management 2 provides sample batch files that configure a VPN connection environment for a PC for use outside the company. This subsection describes the sample batch files.
List of sample batch files provided by JP1/IT Desktop Management 2
Batch file |
Storage location |
Details |
---|---|---|
Sample batch file to create a VPN profile |
JP1/IT Desktop Management 2 - Manager-installation-folder\mgr\sample\vpn\VpnProfileCreateSample.bat |
Creates a Windows-standard VPN profile. It also registers the sample batch file for VPN connections in the Task Scheduler to automatically connect to the VPN. |
Sample batch file for VPN connections |
JP1/IT Desktop Management 2 - Manager-installation-folder\mgr\sample\vpn\VpnConnectSample.bat |
Automatically connects to the VPN if it is registered in the Task Scheduler when the VPN profile is created. |
Sample batch file to remove the VPN profile |
JP1/IT Desktop Management 2 - Manager-installation-folder\mgr\sample\vpn\VpnProfileRemoveSample.bat |
Removes the Windows-standard VPN profile. It also removes the sample batch file for VPN connections from the Task Scheduler. |
- Organization of this subsection
(1) Sample batch file to create a VPN profile
The sample batch file to create the VPN profile creates a Windows-standard VPN profile in a PC for use outside the company, and registers the sample batch file for VPN connections in the task scheduler.
Sections in the sample batch file to create the VPN profile
- Parameter configuration
-
It is a set of parameters used in the batch file to create the VPN profile. If necessary, you edit them.
- Execute the command to create the VPN profile
-
The command to create the VPN profile is executed. You edit this section to suit the target VPN server configurations (the type of VPN server and the authentication protocol).
- Register the task schedule of the automatic VPN connection for logon
-
You edit this section if you change the execution timing of the batch file for VPN connections.
- Register the task schedule of automatic VPN connection for system startup
-
You edit this section if the PC is connected to the VPN only when the user is logged on.
The following describes the details of each section:
Parameter configuration
Change the following parameters as needed:
-
VPN connection name
-
Address of the VPN server to connect to
-
Path to Windows PowerShell (powershell.exe)
-
Pre-shared key
Execute the command to create the VPN profile
A cmdlet to add the VPN profile (Add-VpnConnection) is executed as the Windows PowerShell command. The command used in the sample batch file is as follows:
Add-VpnConnection -Name VPN-connection-name-specified-in-the-parameter -ServerAddress address-of-the-connecting-VPN-server-specified-in-the-parameter -AllUserConnection -RememberCredential -TunnelType L2TP -L2tpPsk pre-shared-key -Force
For details about the Add-VpnConnection cmdlet, see the Windows PowerShell Help. The command should be changed to suit your environment.
- Important
-
If the PC for use outside the company runs Windows 7 or Windows Server 2008 R2, remove this command line.
Register the task schedule of the automatic VPN connection for logon
The Windows SCHTASKS command is used to register the task in the task scheduler, so that the batch file for VPN connections can be executed automatically. In the sample batch file, the command is configured to be executed when any user logs on.
If you change the execution timing of the batch file for VPN connections, you modify the parameter of the SCHTASKS command in this command line. For details, see the Windows Help.
Register the task schedule of automatic VPN connection for system startup
The task is registered in the task scheduler so that the batch file for VPN connections can be executed automatically even when the user has not logged on. In the sample batch file, the task is configured to be executed when the system is started.
If you want the PC to automatically connect to the VPN only while the user logged on, remove this command line.
- Important
-
If the security settings for VPN connections are modified, you need to create the VPN profile again or modify it with a PowerShell command.
(2) Sample batch file for VPN connections
The sample batch file for VPN connections is used to connect the PC for use outside the company to the VPN. Once the batch file is registered in the Task Scheduler, the PC can be connected to the VPN automatically.
Sections in the sample batch file for VPN connections
- Parameter configuration
-
It is a set of parameters used in the batch file for VPN connections. If necessary, you edit them.
- Determine the VPN connection conditions
-
You edit this section if the conditions for connecting the VPN must be determined or if an external program determines the conditions.
- Obtain the VPN connection information from the registry
-
The VPN connection information is obtained from the registry. You edit this section if the VPN connection information is registered in encrypted form or if the information is stored anywhere other than the registry.
- Enter the VPN connection information and register it in the registry
-
The VPN connection information is entered to register it in the registry. The information is registered in the registry in plain text. You edit this section if the information is registered in the registry in encrypted form or if the information is stored anywhere other than the registry.
- Connect to the VPN
-
The PC is connected to the VPN. The rasdial.exe command in Windows is used for the VPN connection. You edit this section if another command is used to connect to the VPN. You also do so if a re-entry request is made when the connection fails and if the registry registration is modified.
The following describes the details of each section:
Parameter configuration
Change the following parameters as needed:
-
VPN connection name
-
Path to Windows PowerShell (powershell.exe)
-
Address of the DHCP server for the internal network
-
Path and item for the registry key that stores the VPN connection information
Determine the VPN connection conditions
The section determines the conditions for connecting to the VPN. The sample batch file determines that the connection comes from the outside of the company and connects the PC for use outside the company to the VPN, if the DHCP server used by the PC differs from the DHCP server for the internal network specified in the parameter.
You can also create an external program that suits your environment and determines whether the connection is from the outside, so that the PC can be connected to the VPN depending on the result of executing the program.
Obtain the VPN connection information from the registry
The VPN connection information is obtained from the registry. If the information is registered in the registry in encrypted form, you add an operation to decrypt it.
Enter the VPN connection information and register it in the registry
If the VPN connection information is not stored in the registry, a command prompt appears, asking the user to enter the user name and password for signing in to the VPN server. The entered information is registered in the registry.
In the sample batch file, the VPN connection information is registered in the registry in plain text. If you want to register encrypted text, add an operation to encrypt the information.
Connect to the VPN
The PC is connected to the VPN. In the sample batch file, the following Windows command is used to connect to the VPN:
rasdial.exe VPN-connection-name-specified-in-the-parameter user-ID-obtained password-obtained
For details about the rasdial.exe command, see the Windows Help.
- Tip
-
If the user name and password for signing in to the VPN server have been changed, the connection fails. If this happens, a command prompt appears, asking the user to specify the user ID and password again. The entered connection information is registered in the registry.
(3) Sample batch file to remove the VPN profile
The sample batch file to remove the VPN profile deletes the Windows-standard VPN profile from the PC for use outside the company, and removes the task that executes the sample batch file for VPN connections from the Task Scheduler.
Sections in the sample batch file to remove the VPN profile
- Parameter configuration
-
It is a set of parameters used in the batch file to remove the VPN profile. If necessary, you edit them.
- Disconnect from the VPN
-
The connection to the VPN is disconnected. You edit this section if you want to change the command to be used.
- Execute the command to remove the VPN profile
-
The command to remove the VPN profile is executed. You edit this section to suit the target VPN server configurations (the type of VPN server and the authentication protocol).
- Remove the VPN connection information from the registry
-
The VPN connection information is removed from the registry. You edit this section if the information is stored anywhere other than the registry.
- Remove the task schedule of the automatic VPN connection for logon
-
You edit this section if the execution task of the batch file for VPN connections is not registered in the Task Scheduler.
- Remove the task schedule of the automatic VPN connection for system startup
-
You edit this section if the profile is configured for the PC to connect to the VPN only while the user logged on in (1) Sample batch file to create a VPN profile.
- Remove the file distributed upon creation (removal of the distribution-destination folder)
-
You edit this section if you want to remove the distribution-destination folder for the batch file specified in 1.15.1 Adding the Windows-standard VPN profile and automatic VPN connection task to the PC for use outside the company.
The following describes the details of each section:
Parameter configuration
Change the following parameters as needed:
-
VPN connection name
-
Path to Windows PowerShell (powershell.exe)
-
Path for the registry key that stores the VPN connection information
Disconnect from the VPN
The connection to the VPN is disconnected. In the sample batch file, the following Windows command is used to disconnect from the VPN:
rasdial.exe VPN-connection-name-specified-in-the-parameter /disconnect
For details about the rasdial.exe command, see the Windows Help.
Execute the command to remove the VPN profile
A cmdlet to remove the VPN profile (Remove-VpnConnection) is executed as the Windows PowerShell command. The command used in the sample batch file is as follows:
Remove-VpnConnection -Name VPN-connection-name-specified-in-the-parameter -AllUserConnection -Force
For details about the Remove-VpnConnection cmdlet, see the Windows PowerShell Help. The command should be changed to suit your environment.
- Important
-
If the PC for use outside the company runs Windows 7 or Windows Server 2008 R2, remove this command line.
Remove the VPN connection information from the registry
The VPN connection information is removed from the registry.
Remove the task schedule of the automatic VPN connection for logon
The task that is executed when the user logs on, registered in (1) Sample batch file to create a VPN profile, is removed.
Remove the task schedule of the automatic VPN connection for system startup
The task that is executed when the system is started, registered in (1) Sample batch file to create a VPN profile, is removed.
Remove the file distributed upon creation (removal of the distribution-destination folder)
The distribution-destination folder is removed to delete files, such as the file distributed when the VPN profile is created or the log file that is output when the sample batch file is executed.