The goat will get ya.
EAP Protocol and Dial-up Networking
So the company I work for decided that their remote access connections need to be... well, more secure. They decided on RSA's EAP Protocol to enforce two factor authentication.
Simple enough. Just pass out these LED token generators (they're about the size and shape of a late model, automobile key chain alarm controller) and let the fun begin. Right?
Well, not exactly. The protocol itself needs to be installed on every computer. Not a big deal, you can install it via a logon script or put it on a web page for users to download or e-mail it to all hands and have them install it themselves .
Still it's not that hard.
Here comes the tricky part: How do you get 3300 users to modify their dialup networking and VPN connections correctly, completely (as in change all the connectoids not just one) and have them remove all the old connectoids and any connections left over from company mergers. You'll want to make details instructions that everybody clearly understands and can follow, no matter what operating system they're on, because you don't want 3300 calls or more into the helpdesk.
You say... big deal... so you create a few extra calls into the helpdesk. Ok? No. Not OK. If you make even 10% of those people call, that will produce more than 300 calls. I don't know how big your helpdesk is... but ours takes that many phone calls in a month. Not to say they don't handle thousands of requests each week, but the majority come from e-mail or were previously scheduled. If you introduce 300+ phone calls in the queue, you'll be looking for a new job. And that's only with 10% failure. Imagine worse, like 25%. Yuck.
So since I know VB script fairly well, and have a pretty good knowledge of the Microsoft API, I told my boss I could write a script to modify all the connectoids (RAS and VPN) on every laptop we have.
The Problems Begin
I knew I couldn't use a WMI script... we have a significant number of Win NT 4.0 boxes and besides WMI security prompts the user which would cause more confusion. And blast Microsoft on this one point (otherwise I think Microsoft does a pretty good job... better than most companies would if placed in their position) there is no documentation on their scripting site about how to create a DUN connectoid.
Following some other articles on Microsoft's site, I was pointed to the Connection Manager Administration Kit. All I can say about that is.... No. Introducing more change into an already confusing situation to our users, would come with a price... my job.
Unlocking the API when your OS and programmer are Blind
So I started to look through the Microsoft Platform SDK information and discover (not to my surprise) that the data structures have been "enhanced" with each OS upgrade. So the data you use for Windows XP would blow up a Windows 2000 box, and the correct data for Windows 2000 would toast a Windows NT 4.0 computer.
Anyway... after having retinal problem which made the world look like an Adobe Photoshop picture with the "BLUR" turned up 1000% ... and being in the hospital for a week. I'm going to be back at the job...
You're bored with my blabbering... I can tell.
If you need help with creating a program in VB6 that will edit, modify, delete or create dial up networking connectoids or VPN connectors using RSA's EAP protocol.... just send me an e-mail.
Update: Ok, Ok, I'll post the code
Sept 2, 2004
I heard you load and clear. I'll start working on posting the VB6 code for creating a connectoid that uses the RSA EAP protocol. Click here.
Copyright © 2004-2008 CartersZoo.com
Contact: CartersZoo at Yahoo.com