Initial commit with new CA

ACKNOWLEDGEMENTS

@@ -0,0 +1,4 @@
+ACKNOWLEDGEMENTS
+================
+
+Thanks to Martin Dendis (Klub Hlavkova Kolej) for the required research and creation of the script.

Ethernet.xml

@@ -0,0 +1,51 @@
+<?xml version="1.0"?>
+<LANProfile xmlns="http://www.microsoft.com/networking/LAN/profile/v1">
+	<MSM>
+		<security>
+			<OneXEnforced>false</OneXEnforced>
+			<OneXEnabled>true</OneXEnabled>
+			<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
+				<cacheUserData>true</cacheUserData>
+				<authMode>user</authMode>
+				<EAPConfig>
+          <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
+            <EapMethod>
+              <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type>
+              <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
+              <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
+              <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
+            </EapMethod>
+            <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
+              <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
+                <Type>25</Type>
+                <EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1">
+                  <ServerValidation>
+                    <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
+                    <ServerNames></ServerNames>
+                  </ServerValidation>
+                  <FastReconnect>true</FastReconnect>
+                  <InnerEapOptional>false</InnerEapOptional>
+                  <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
+                    <Type>26</Type>
+                    <EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1">
+                      <UseWinLogonCredentials>false</UseWinLogonCredentials>
+                    </EapType>
+                  </Eap>
+                  <EnableQuarantineChecks>false</EnableQuarantineChecks>
+                  <RequireCryptoBinding>false</RequireCryptoBinding>
+                  <PeapExtensions>
+                    <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</PerformServerValidation>
+                    <AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName>
+                    <PeapExtensionsV2 xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">
+                      <AllowPromptingWhenServerCANotFound xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV3">true</AllowPromptingWhenServerCANotFound>
+                    </PeapExtensionsV2>
+                  </PeapExtensions>
+                </EapType>
+              </Eap>
+            </Config>
+          </EapHostConfig>
+        </EAPConfig>
+			</OneX>
+		</security>
+	</MSM>
+</LANProfile>

Wi-Fi-Sincoolka 5G.xml

@@ -0,0 +1,71 @@
+<?xml version="1.0"?>
+<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
+	<name>Sincoolka 5G</name>
+	<SSIDConfig>
+		<SSID>
+			<hex>53696E636F6F6C6B61203547</hex>
+			<name>Sincoolka 5G</name>
+		</SSID>
+	</SSIDConfig>
+	<connectionType>ESS</connectionType>
+	<connectionMode>auto</connectionMode>
+	<MSM>
+		<security>
+			<authEncryption>
+				<authentication>WPA2</authentication>
+				<encryption>AES</encryption>
+				<useOneX>true</useOneX>
+			</authEncryption>
+			<PMKCacheMode>enabled</PMKCacheMode>
+			<PMKCacheTTL>720</PMKCacheTTL>
+			<PMKCacheSize>128</PMKCacheSize>
+			<preAuthMode>disabled</preAuthMode>
+			<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
+				<authMode>user</authMode>
+				<EAPConfig>
+          <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
+            <EapMethod>
+              <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type>
+              <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
+              <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
+              <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
+            </EapMethod>
+            <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
+              <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
+                <Type>25</Type>
+                <EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1">
+                  <ServerValidation>
+                    <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
+                    <ServerNames>radius.sin.cvut.cz</ServerNames>
+                    <TrustedRootCA>d1 eb 23 a4 6d 17 d6 8f d9 25 64 c2 f1 f1 60 17 64 d8 e3 49 </TrustedRootCA>
+                  </ServerValidation>
+                  <FastReconnect>true</FastReconnect>
+                  <InnerEapOptional>false</InnerEapOptional>
+                  <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
+                    <Type>26</Type>
+                    <EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1">
+                      <UseWinLogonCredentials>false</UseWinLogonCredentials>
+                    </EapType>
+                  </Eap>
+                  <EnableQuarantineChecks>false</EnableQuarantineChecks>
+                  <RequireCryptoBinding>false</RequireCryptoBinding>
+                  <PeapExtensions>
+                    <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation>
+                    <AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</AcceptServerName>
+                    <PeapExtensionsV2 xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">
+                      <AllowPromptingWhenServerCANotFound xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV3">true</AllowPromptingWhenServerCANotFound>
+                    </PeapExtensionsV2>
+                  </PeapExtensions>
+                </EapType>
+              </Eap>
+            </Config>
+          </EapHostConfig>
+        </EAPConfig>
+			</OneX>
+		</security>
+	</MSM>
+	<MacRandomization xmlns="http://www.microsoft.com/networking/WLAN/profile/v3">
+		<enableRandomization>false</enableRandomization>
+		<randomizationSeed>1813427014</randomizationSeed>
+	</MacRandomization>
+</WLANProfile>

Wi-Fi-Sincoolka.xml

@@ -0,0 +1,71 @@
+<?xml version="1.0"?>
+<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
+	<name>Sincoolka</name>
+	<SSIDConfig>
+		<SSID>
+			<hex>53696E636F6F6C6B61</hex>
+			<name>Sincoolka</name>
+		</SSID>
+	</SSIDConfig>
+	<connectionType>ESS</connectionType>
+	<connectionMode>auto</connectionMode>
+	<MSM>
+		<security>
+			<authEncryption>
+				<authentication>WPA2</authentication>
+				<encryption>AES</encryption>
+				<useOneX>true</useOneX>
+			</authEncryption>
+			<PMKCacheMode>enabled</PMKCacheMode>
+			<PMKCacheTTL>720</PMKCacheTTL>
+			<PMKCacheSize>128</PMKCacheSize>
+			<preAuthMode>disabled</preAuthMode>
+			<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
+				<authMode>user</authMode>
+				<EAPConfig>
+          <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
+            <EapMethod>
+              <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type>
+              <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
+              <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
+              <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
+            </EapMethod>
+            <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
+              <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
+                <Type>25</Type>
+                <EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1">
+                  <ServerValidation>
+                    <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
+                    <ServerNames>radius.sin.cvut.cz</ServerNames>
+                    <TrustedRootCA>d1 eb 23 a4 6d 17 d6 8f d9 25 64 c2 f1 f1 60 17 64 d8 e3 49 </TrustedRootCA>
+                  </ServerValidation>
+                  <FastReconnect>true</FastReconnect>
+                  <InnerEapOptional>false</InnerEapOptional>
+                  <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
+                    <Type>26</Type>
+                    <EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1">
+                      <UseWinLogonCredentials>false</UseWinLogonCredentials>
+                    </EapType>
+                  </Eap>
+                  <EnableQuarantineChecks>false</EnableQuarantineChecks>
+                  <RequireCryptoBinding>false</RequireCryptoBinding>
+                  <PeapExtensions>
+                    <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation>
+                    <AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</AcceptServerName>
+                    <PeapExtensionsV2 xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">
+                      <AllowPromptingWhenServerCANotFound xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV3">true</AllowPromptingWhenServerCANotFound>
+                    </PeapExtensionsV2>
+                  </PeapExtensions>
+                </EapType>
+              </Eap>
+            </Config>
+          </EapHostConfig>
+        </EAPConfig>
+			</OneX>
+		</security>
+	</MSM>
+	<MacRandomization xmlns="http://www.microsoft.com/networking/WLAN/profile/v3">
+		<enableRandomization>false</enableRandomization>
+		<randomizationSeed>1813427014</randomizationSeed>
+	</MacRandomization>
+</WLANProfile>

sin-setup.bat

@@ -0,0 +1,145 @@
+@echo off
+
+:: Check admin rights
+
+NET SESSION >nul 2>&1
+IF NOT %ERRORLEVEL% EQU 0 (
+   echo ######## ########  ########   #######  ########  
+   echo ##       ##     ## ##     ## ##     ## ##     ## 
+   echo ##       ##     ## ##     ## ##     ## ##     ## 
+   echo ######   ########  ########  ##     ## ########  
+   echo ##       ##   ##   ##   ##   ##     ## ##   ##   
+   echo ##       ##    ##  ##    ##  ##     ## ##    ##  
+   echo ######## ##     ## ##     ##  #######  ##     ## 
+   echo.
+   echo.
+   echo ####### ERROR: ADMINISTRATOR PRIVILEGES REQUIRED #########
+   echo This script must be run as administrator to work properly!  
+   echo If you're seeing this after clicking on a start menu icon, then right click on the shortcut and select "Run As Administrator".
+   echo ##########################################################
+   echo.
+   PAUSE
+   EXIT /B 1
+)
+
+
+
+
+
+:: Main loop
+
+:main
+cls
+ECHO What you want to do now?
+ECHO 1. Configure Wi-Fi connection
+rem ECHO 2. Configure Wired connection
+ECHO 3. Print MAC adresses
+ECHO 4. Exit
+set choice=
+set /p choice=Choice: 
+if not '%choice%'=='' set choice=%choice:~0,1%
+if '%choice%'=='1' goto setup_wifi
+rem if '%choice%'=='2' goto setup_eth
+if '%choice%'=='3' goto print_mac
+if '%choice%'=='4' EXIT
+ECHO "%choice%" is not valid, try again
+ECHO.
+goto main
+
+
+
+
+
+:: Import Sincoolka and Sincoolka 5G Wi-Fi profile
+
+:setup_wifi   
+cls                    
+netsh wlan add profile filename="%0\..\Wi-Fi-Sincoolka.xml"
+netsh wlan add profile filename="%0\..\Wi-Fi-Sincoolka 5G.xml"
+
+echo.
+
+set /p iface="Press Enter to continue . . . "
+goto main
+
+
+
+
+
+:: Start dot3svc service
+
+:setup_eth
+cls
+net start dot3svc >nul 2>&1
+IF %ERRORLEVEL% EQU 0 (   
+  echo Enabled enterprise security for wired connection
+) ELSE (
+  IF %ERRORLEVEL% EQU 2 (
+    echo Enabled enterprise security for wired connection
+  ) ELSE (
+    echo "Unable to enable enterprise security -> abort"
+    goto main
+  )
+)
+
+:: Configure dot3svc service to start on PC boot
+REG add "HKLM\SYSTEM\CurrentControlSet\services\dot3svc" /v Start /t REG_DWORD /d 2 /f >nul 2>&1
+IF %ERRORLEVEL% EQU 0 (   
+  echo Enterprise security configured to start on PC boot
+) ELSE (
+  echo Unable to configure enterprise security to start on PC boot -> abort
+  goto main
+)
+
+echo.
+echo.
+
+:setEth
+                           
+:: Print all network interfaces
+echo List of Avaliable Interfaces:
+echo.
+wmic nic where 'NOT Manufacturer like "%%Microsoft%%" and PhysicalAdapter=TRUE and NOT Manufacturer like "%%Windows%%"' get Manufacturer,MACAddress,NetConnectionID 2>nul
+IF NOT %ERRORLEVEL% EQU 0 (
+  getmac /v 2>nul
+  IF NOT %ERRORLEVEL% EQU 0 (
+::  netsh lan show profiles   
+    ipconfig /all
+  )
+)
+
+echo.
+set /p iface="Enter Ethernet Interface NetConnectionID or press Enter to abort: "
+
+if "%iface%" == "" (
+  goto endEth
+)
+
+netsh lan add profile filename=\"%0\..\Ethernet.xml\" interface="%iface%"
+
+if %errorlevel% GTR 0 (
+  set iface=
+
+  cls
+  goto setEth
+)     
+:endEth
+
+goto main
+
+
+
+
+
+:print_mac
+cls
+wmic nic where 'NOT Manufacturer like "%%Microsoft%%" and PhysicalAdapter=TRUE and NOT Manufacturer like "%%Windows%%"' get Manufacturer,MACAddress,NetConnectionID 2>nul
+IF NOT %ERRORLEVEL% EQU 0 (
+  getmac /v 2>nul
+  IF NOT %ERRORLEVEL% EQU 0 (
+::  netsh lan show profiles   
+    ipconfig /all
+  )
+)
+set /p iface="Press Enter to continue . . . "
+goto main