Mailbag time today….had a similar question from both Hashmat and Luis regarding the detection of online or offline status using AppSense Environment Manager. Hashmat was wanting to use this for customized deployment of streamed apps, whereas Luis’ issue was slightly more interesting, given that he had a custom Excel add-in that crashed if it was loaded when the endpoint wasn’t connected to the corporate network. So the problem they were both looking at was how to detect the status of an AppSense-enabled endpoint, as in whether it was connected to the corporate network or not.
My initial thoughts on this ran to the %logonserver% variable. Sadly this didn’t have much mileage in it, the %logonserver% variable appears to remain unchanged even if the user isn’t connected to the corporate network. Next I toyed with the idea of querying the event logs for the last successful logon, and seeing if the logon was a Type 11 which would indicate a logon with cached credentials. However, using the logon as the indicator for this seemed to be unsuitable, as users are perfectly capable of switching networks without logging off their session.
Next up, after some discussion with a few peers, was the use of the old faithful ping command. Apparently Microsoft’s Direct Access (in simple terms) determines online or offline status by pinging a couple of hosts (one externally reachable only, one internally reachable only) and writing those results as a flag somewhere. This seemed like a good idea, and another suggestion was to ping the actual domain name. Indeed, after picking the brains of Richard Thompson from AppSense, he indicated that pinging the domain name via a VBScript was the way that he performed the same checks.
I thought this might be the way forward – till Luis informed me that on his corporate network, ICMP traffic was blocked between certain subnets. I’d seen this done at one other place, where they’d put ICMP controls in place during the Blaster outbreak and simply left them there once it was cleaned up. Aside from the novelty of watching server admins use tools like srvinfo.exe to determine host status, this ongoing ICMP block seemed to cause more problems than it solved. But anyway – if a ping check was unsuitable for Luis’ needs, then we’d have to come up with something else.
Obviously querying the domain name is a good way forward, as it will be resolvable unless every single domain controller goes down (and if that happens, incorrectly denoted online or offline status will be the least of your worries!) However, there are other things that you can query on the domain besides using ping – you could try and bind to it via LDAP, for one, but in the interests of keeping things simple, you could use an AppSense EM Folder Exists Condition to verify whether the netlogon share on the domain can be contacted.
We’d need to use some If Else Group stuff for this, so at Computer Startup or User Logon (whichever way you prefer to do it), you can run the initial instance of this check for status. We are going to create it as a Reusable Node because we may need to reference this a couple of times
First we create and name our Reusable Node
We then add the If Condition by choosing Condition | Flow Control | If Condition
which opens the Expression Builder window. Into this we add a Condition in the usual way to check for, which in this case is the existence of the \\DOMAIN\Netlogon folder (obviously changed to suit your own environment)
We then set the necessary parameters for the Folder Exists Condition to check for the \\DOMAIN\netlogon folder
and then we must add a Description, as this is added to the name of the If Condition in the EM policy configuration
Now we can expand the If Else Group in the EM window and see how it lays out
We will add an Action for the If section of the group to set a Registry value to indicate that the folder is contactable, and hence we are classifying the endpoint as Online
and in the Else part we will add an Action that sets the same Registry value to 0 rather than 1, indicating Offline
So now our Reusable Node looks like this
Wherever we use this Node, it will check for the existence of the Netlogon folder share – if it can’t find it, it will flag the Registry as Offline, otherwise if the folder is found, the Registry will be flagged as Online.
So where else do we need to use this besides either at startup or initial logon? Well, users (especially laptop users) are quite capable of disconnecting and reconnecting from networks at will. AppSense Environment Manager provides a couple of handy triggers called Network Disconnected and Network Connected that we can use to help here. Obviously, for the Network Disconnected trigger, we simply need to change the status to Offline, so we will simply copy and paste the Action from the Else part of the If Else Group into the Network Disconnected section
But for Network Connected – this really helps us because we can re-evaluate the status every time the users reconnect to a network, whether it is the corporate one or an external one. So in the Network Connected trigger, we simply add a link to our Reusable Node so it will run every time the users connect or reconnect to a network
So now we can take the status of the endpoint based around this quick check and decide whether we need to perform any custom actions or not. For instance, in the use case that Luis raised, the Excel add-in that crashes unless it is connected to the corporate network, we can remove the add-in if the endpoint is flagged as Offline, and copy it back if the endpoint is flagged as Online. We can do this using an If Group Condition which checks the Registry key we’ve created
Obviously, once you’ve got the status check working you can use any combination of Triggers, Conditions and Actions to achieve what you want, simply by checking the custom Registry value that we’ve set.
In the above example, the major flaw is that in Luis’ case, if a user has Excel open during an Online session and then disconnects from the network without closing Excel, the add-in will remain loaded and crash. It’s a bit out of scope for this article, but you’d need to put together a Custom Condition (probably using PowerShell’s Get-Process cmdlet) to check for the excel.exe process during a Network Disconnected trigger event.
The other issue I can see is that if a user is connected to multiple networks (e.g. wired and wireless), does the Network Disconnected trigger still activate if one of the networks disconnects? I’m waiting for an answer on this from AppSense, although if I can find some time I may run a quick test here myself. Update – apparently the Network Connected trigger will run on the FIRST network that connects, and the Network Disconnected trigger will run when ALL networks are disconnected. I’m told that these two triggers only operate natively for physical NICs, but there are workarounds to enable this for virtual NICs.
Anyway, in summary – this is the way I’ve come up with to check for Online or Offline client status using Environment Manager. Obviously, if you’re in an environment where ICMP traffic is allowed fully, the ping of the domain name using a scripted Condition may be more suitable for you. It’s also a nice little bit of introduction to the If Else Group Condition which I’m hoping to cover more in future.
Share
