[Idontwantspam]

I would like some way to detect when the computer's network location (Home, Work, Public) is changed, and when that happens, run a batch file. Does anyone have an idea of how to do this? I looked in the task scheduler and in the event log (since the task scheduler can run on specified event ID's) but can't seem to find anything...

[EDIT] I figured out the solution to what I was trying to do. See the post below... it's kind of cool, especially if you have a laptop you take a lot of random places.

This post has been edited by Idontwantspam: 14 January 2009 - 10:56 PM

[bj-kaiser]

I may have found something
Protocol: Microsoft-Windows-Networkprofile/Operational

EID 4002
Network identified
Interface GUID

EID 10000
Network connected
Name, Description, Type, Status

EID 10001
Network disconnected
Name, Description, Type, Status

Note: I use the german localized version, so I had to translate the text. I'm not 100% sure I got it right, but I guess it is close.

[Idontwantspam]

Thanks for the info!
I actually figured that out last night and was going to post here about my discovery and what it can be used for.

There doesn't seem to be a specific event for each network location (home/work/public), however as you mentioned, there is an event for "connect to new network" (10000) and "disconnect from network" (10001). Thankfully, the task scheduler has an option for "only run task if this network is available" and has a list of networks you're configured to connect to automatically. Here's what I was attempting (and succeeded) to do:

With windows 7 you have the option to change how restrictive UAC should be. It can essentially either ask you for any system changes or installers, or it can be various levels of less-restrictiveness. There is also a group policy setting to require administrators to enter credentials on a UAC prompt even if they would normally just click "Yes" or "No". Obviously, it's more secure to require a password even for administrators, so that if your laptop is in an environment where someone could potentially access it and make changes, they would need your password. Of course, locking the computer is always better, but sometimes if you're running a powerpoint and someone might sneak in, or if you're letting a friend hop on to check their email, etc, then it could be useful. On the other hand, authenticating for every little system modification is annoying.

Here's my solution. I determined the registry key which controls the UAC action.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System; ConsentPromptBehaviorAdmin

The value for Prompt with Credentials is 00000001. The value for the 2nd highest UAC level (Default - notify me only when programs try to make changes to my computer. Don't notify me when I make changes to Windows settings.) is 00000005. I created 2 registry files - prompt_credentials.reg and prompt_consent.reg, containing the respective registry entries for the 2 options. I then set a scheduled task to run on the event 10001 as mentioned above - so any time the computer is removed from a network, and this task merges the registry file to require credentials. I then set a second task to run on the event ID 10000, which is connect to a network. However, under the "conditions" tab, I set it to only run when connected to my home network.

The result is that when I connect to my home network, UAC is set to a non-annoying mode, but when my computer is not on a network or is on a foreign network, it makes it more secure. (As there's no way to know where it is when it's offline, I have it do that automatically... you can manually set UAC to be non-annoying if you're just using it without the network but aren't somewhere it could get compromised, or just have it retain its previous settings and only detect new networks. This could be implemented several ways depending on your preferences.)

So far it seems to be working well - I don't get bothered with things at home, which is where I do most of the things that could trigger UAC, and when I'm at school, it conveniently keeps people from messing stuff up. Anyone else think they might find this handy?

[freightgod]

I think this is a very clever solution.

It still requires you to schedule a task, however. I'm just curious what task you chose to schedule?

[Idontwantspam]

The scheduling a task is fairly straight forward though, and for me worth the benefits.

The task action is:

Start a program: regedit /S "C:\some path\prompt_credentials.reg"
Display a message: While disconnected from the home network, UAC will prompt for credentials when you perform an administrative action.

and the other one is

Start a program: regedit /S "C:\some path\prompt_consent.reg"
Display a message: UAC will no longer prompt for credentials when you perform an administrative action.


The triggers are:
Begin the task: On an event
Settings: Basic
Log: Microsoft-Windows-NetworkProfile/Operational
Source: NetworkProfile
Event ID: 10000 (for connecting) and 10001 (for disconnecting)

Under conditions for the one which sets it into less-restrictive mode, I have set "start only if the following network connection is available:" and then selected my home network. I unchecked "start the task only if the computer is on AC power"