以下請先測試後,再決定是否使用

1. 偵測只要非公司內部網路 IP 區段,即停用該張網卡 (不建議用在 NB)
2. 如果有AD網域,可透過GPO佈署.
3. 當偵測到網路連線事件時,執行 disable.ps1 , 若非內網IP則停用該網卡.
4. 當偵測到網路斷開事件時,執行 enable.ps1 , 啟用原停用網卡,若仍為外網IP,再停用.

event參考

假設內網 IP 區段為 10.10.10.*

disable.ps1

# Log: Microsoft-Windows-NetworkProfile/Operational
# Source: NetworkProfile
# Event ID: 10000
# enable network when detect event(when conneted network) :10000

$IP=Get-NetIPAddress -AddressFamily IPv4
$IP | ForEach-Object {
	if ($_.IPAddress -notlike '10.10.10.*')
	{
		if ($_.IPAddress -ne '127.0.0.1')
		{
		Disable-NetAdapter -Name $_.InterfaceAlias -Confirm:$False 
		}
	}
}

enable.ps1

# Log: Microsoft-Windows-NetworkProfile/Operational
# Source: NetworkProfile
# Event ID: 10001
# enable network when detect event(disconneted network) :10001

$NIC=Get-NetAdapter
$NIC | ForEach-Object {
	if ($_.Status -eq 'Disabled')
	{
	Enable-NetAdapter -Name $_.Name -Confirm:$False
	}
}

#Re-Check again after 5 secs.
# if still use out-side IP, disable it again.
Start-Sleep -s 5
$IP=Get-NetIPAddress -AddressFamily IPv4
$IP | ForEach-Object {
	if ($_.IPAddress -notlike '10.10.10.*')
	{
		if ($_.IPAddress -ne '127.0.0.1')
		{
		Disable-NetAdapter -Name $_.InterfaceAlias -Confirm:$False 
		}
	}
}

Keyword: powershell , GPO , eventlog

raytracy 以前回覆的問題