Web Filter: Tier 2 and Tier2/Tier1 Scripts

Tier 2 and Tier2/Tier1 Scripts:

In an environment where Tier 2 time-based profiles have been implemented, end users receive filtering profiles after correctly entering their credentials into a Web-based Authentication Request Form. A profile remains active for a configurable amount of time even if the user logs out of the workstation, changes IP addresses, etc. However, since Tier 2 time-based profiles do not call for the Web Filter to maintain a connection with the client machine, the Web Filter can't detect when the user logs off of a workstation.

NOTE: To use these scripts, the client machine must already have the ability to connect to the Web Filter via NET USE.

Tier 2 Script
If using Tier 2, this script should be inserted into the network’s login script. If the network also uses a logoff script, Trustwave’s script should be inserted there as well. The inclusion of this script ensures that the previous end user’s profile is completely removed, in the event that end user did not log out successfully.

echo off
:start
cls
net use \\10.10.10.10\LOGOFF$ /delete

:try1
NET USE \\10.10.10.10\LOGOFF$
if errorlevel 1 goto :try2
if errorlevel 0 echo code 0: Success
goto :end

:try2
NET USE \\10.10.10.10\LOGOFF$
if errorlevel 1 goto :try3
if errorlevel 0 echo code 0: Success
goto :end

:try3
NET USE \\10.10.10.10\LOGOFF$
if errorlevel 1 goto :error
if errorlevel 0 echo code 0: Success
goto :end

:error
if errorlevel 1 echo code 1: Failed!

:end
net use \\10.10.10.10\LOGOFF$ /delete

Top

Tier 1 and Tier 2 Scripts
If using both Tier 1 and Tier 2, this version of Trustwave’s script should be inserted into the network’s login script. Trustwave’s script attempts to remove the previous end user’s profile, and then lets the new user log in with his/her assigned profile.

echo off
:startremove
cls
NET USE \\10.10.10.10\LOGOFF$ /delete

:tryremove1
NET USE \\10.10.10.10\LOGOFF$
if errorlevel 1 goto :tryremove2
if errorlevel 0 echo code 0: Success
goto :endremove

:tryremove2
NET USE \\10.10.10.10\LOGOFF$
if errorlevel 1 goto :tryremove3
if errorlevel 0 echo code 0: Success
goto :endremove

:tryremove3
NET USE \\10.10.10.10\LOGOFF$
if errorlevel 1 goto :removalerror
if errorlevel 0 echo code 0: Success
goto :endremove

:removalerror
if errorlevel 1 echo code 1: Failed to send removal request!

:endremove
net use \\10.10.10.10\LOGOFF$ /delete

:try1
NET USE \\10.10.10.10\R3000$
if errorlevel 1 goto :try2
if errorlevel 0 echo code 0: Success
goto :end

:try2
NET USE \\10.10.10.10\R3000$
if errorlevel 1 goto :try3
if errorlevel 0 echo code 0: Success
goto :end

:try3
NET USE \\10.10.10.10\R3000$
if errorlevel 1 goto :error
if errorlevel 0 echo code 0: Success
goto :end

:error
if errorlevel 1 echo code 1: Failed!

:end

For Tier 1 and Tier 2 users, if a logoff script is used on the network, the Tier 2 Script that begins on the first page of this document should be inserted into the network’s logoff script.

Top

Related Topics:

Authentication Configuration
Active Directory Agent (not supported in 5.0.10 and higher)
Authentication Settings
Login Scripts
3-Try Login Script

Back | Top