Last active
October 5, 2023 15:09
-
-
Save jschlackman/fda3119029e04c90fcaed24266732589 to your computer and use it in GitHub Desktop.
Checks if the current machine has at least one active network connection that is Domain Authenticated. If it doesn't, restart the Network Location Awareness service.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-16"?> | |
<Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task"> | |
<RegistrationInfo> | |
<Author>james@schlackman.org</Author> | |
<Description>Restarts the Network Location Awareness following an LDAP authentication failure (typically due to a DC being temporarily unavailable during an update cycle)</Description> | |
<URI>\Remediate Network Location Awareness</URI> | |
</RegistrationInfo> | |
<Triggers> | |
<EventTrigger> | |
<Enabled>true</Enabled> | |
<Subscription><QueryList><Query Id="0" Path="Microsoft-Windows-NlaSvc/Operational"><Select Path="Microsoft-Windows-NlaSvc/Operational">*[System[Provider[@Name='Microsoft-Windows-NlaSvc'] and EventID=4343]]</Select></Query></QueryList></Subscription> | |
<Delay>PT30M</Delay> | |
</EventTrigger> | |
<EventTrigger> | |
<Enabled>true</Enabled> | |
<Subscription><QueryList><Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"><Select Path="Microsoft-Windows-NetworkProfile/Operational">*[System[Provider[@Name='Microsoft-Windows-NetworkProfile'] and EventID=10000]]</Select></Query></QueryList></Subscription> | |
<Delay>PT30M</Delay> | |
</EventTrigger> | |
</Triggers> | |
<Principals> | |
<Principal id="Author"> | |
<UserId>S-1-5-18</UserId> | |
<RunLevel>LeastPrivilege</RunLevel> | |
</Principal> | |
</Principals> | |
<Settings> | |
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy> | |
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries> | |
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries> | |
<AllowHardTerminate>false</AllowHardTerminate> | |
<StartWhenAvailable>false</StartWhenAvailable> | |
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable> | |
<IdleSettings> | |
<Duration>PT5M</Duration> | |
<WaitTimeout>PT1H</WaitTimeout> | |
<StopOnIdleEnd>false</StopOnIdleEnd> | |
<RestartOnIdle>false</RestartOnIdle> | |
</IdleSettings> | |
<AllowStartOnDemand>false</AllowStartOnDemand> | |
<Enabled>true</Enabled> | |
<Hidden>false</Hidden> | |
<RunOnlyIfIdle>false</RunOnlyIfIdle> | |
<DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession> | |
<UseUnifiedSchedulingEngine>true</UseUnifiedSchedulingEngine> | |
<WakeToRun>false</WakeToRun> | |
<ExecutionTimeLimit>PT0S</ExecutionTimeLimit> | |
<Priority>7</Priority> | |
</Settings> | |
<Actions Context="Author"> | |
<Exec> | |
<Command>powershell.exe</Command> | |
<Arguments>-ExecutionPolicy Bypass -File .\Remediate-NetworkLocationAwareness.ps1</Arguments> | |
<WorkingDirectory>\\contoso.com\SYSVOL\contoso.com\scripts</WorkingDirectory> | |
</Exec> | |
</Actions> | |
</Task> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Name: Remediate-NetworkLocationAwareness.ps1 | |
# Author: James Schlackman | |
# Last Modified: Oct 5 2023 | |
# Checks if the current machine has at least one active network connection that is Domain Authenticated. | |
# If it doesn't, restart the Network Location Awareness service. | |
# Configure this script to be run on with the following recommended event triggers: | |
# Log: Microsoft-Windows-NlaSvc/Operational | |
# Source: NlaSvc | |
# Event ID: 4343 | |
# Log: Microsoft-Windows-NetworkProfile/Operational | |
# Source: NetworkProfile | |
# Event ID: 10000 | |
# Delay task execution for 15-30 mins on each event (to allow for transient network faults to pass) | |
If (![bool](Get-NetConnectionProfile | Where-Object NetworkCategory -eq DomainAuthenticated)) { | |
# Check for any running services dependent on the Network Profile List and stop them | |
$RunningDeps = Get-Service Netprofm -DependentServices | Where-Object Status -eq Running | |
$RunningDeps | Stop-Service -Verbose | |
# Restart Network Profile List and it's dependencies | |
Restart-Service -Name NlaSvc -Force | |
# Restart any dependent services we stopped earlier | |
$RunningDeps | Start-Service -Verbose | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment