Change CA to USERTrust RSA + light configuration changes

.gitattributes

@@ -1,3 +0,0 @@
-*.xml	text eol=crlf
-*.bat	text eol=crlf
-*.cmd	text eol=crlf

Wi-Fi-Sincoolka 5G.xml

@@ -0,0 +1,64 @@
+<?xml version="1.0"?>
+<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
+	<name>Sincoolka 5G</name>
+	<SSIDConfig>
+		<SSID>
+			<hex>53696E636F6F6C6B61203547</hex>
+			<name>Sincoolka 5G</name>
+		</SSID>
+	</SSIDConfig>
+	<connectionType>ESS</connectionType>
+	<connectionMode>auto</connectionMode>
+	<MSM>
+		<security>
+			<authEncryption>
+				<authentication>WPA2</authentication>
+				<encryption>AES</encryption>
+				<useOneX>true</useOneX>
+			</authEncryption>
+			<PMKCacheMode>enabled</PMKCacheMode>
+			<PMKCacheTTL>720</PMKCacheTTL>
+			<PMKCacheSize>128</PMKCacheSize>
+			<preAuthMode>disabled</preAuthMode>
+			<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
+				<authMode>user</authMode>
+				<EAPConfig>
+          <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
+            <EapMethod>
+              <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type>
+              <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
+              <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
+              <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
+            </EapMethod>
+            <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
+              <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
+                <Type>25</Type>
+                <EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1">
+                  <ServerValidation>
+                    <DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation>
+                    <ServerNames>radius.sin.cvut.cz</ServerNames>
+                    <TrustedRootCA>2b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e</TrustedRootCA>
+                  </ServerValidation>
+                  <FastReconnect>true</FastReconnect>
+                  <InnerEapOptional>false</InnerEapOptional>
+                  <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
+                    <Type>26</Type>
+                    <EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1">
+                      <UseWinLogonCredentials>false</UseWinLogonCredentials>
+                    </EapType>
+                  </Eap>
+                  <EnableQuarantineChecks>false</EnableQuarantineChecks>
+                  <RequireCryptoBinding>false</RequireCryptoBinding>
+                </EapType>
+              </Eap>
+            </Config>
+          </EapHostConfig>
+        </EAPConfig>
+			</OneX>
+		</security>
+	</MSM>
+	<MacRandomization xmlns="http://www.microsoft.com/networking/WLAN/profile/v3">
+		<enableRandomization>false</enableRandomization>
+		<randomizationSeed>1813427014</randomizationSeed>
+	</MacRandomization>
+</WLANProfile>

Wi-Fi-Sincoolka.xml

@@ -6,11 +6,9 @@
 			<hex>53696E636F6F6C6B61</hex>
 			<name>Sincoolka</name>
 		</SSID>
-		<nonBroadcast>false</nonBroadcast>
 	</SSIDConfig>
 	<connectionType>ESS</connectionType>
 	<connectionMode>auto</connectionMode>
-	<autoSwitch>false</autoSwitch>
 	<MSM>
 		<security>
 			<authEncryption>
@@ -24,34 +22,39 @@
 			<preAuthMode>disabled</preAuthMode>
 			<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
 				<cacheUserData>true</cacheUserData>
-				<authMode>user</authMode>
+        <authMode>user</authMode>
 				<EAPConfig>
-					<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
-						<EapMethod>
-							<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">21</Type>
-							<VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
-							<VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
-							<AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId>
-						</EapMethod>
-						<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
-							<EapTtls
-								xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1">
-								<ServerValidation>
-									<ServerNames>radius.sin.cvut.cz</ServerNames>
-									<TrustedRootCAHash>2b 8f 1b 57 33 d bb a2 d0 7a 6c 51 f7 e e9 d da b9 ad 8e </TrustedRootCAHash>
-									<DisablePrompt>true</DisablePrompt>
-								</ServerValidation>
-								<Phase2Authentication>
-									<PAPAuthentication />
-								</Phase2Authentication>
-								<Phase1Identity>
-									<IdentityPrivacy>true</IdentityPrivacy>
-									<AnonymousIdentity>anonymous@sin.cvut.cz</AnonymousIdentity>
-								</Phase1Identity>
-							</EapTtls>
-						</Config>
-					</EapHostConfig>
-				</EAPConfig>
+          <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
+            <EapMethod>
+              <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type>
+              <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
+              <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
+              <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
+            </EapMethod>
+            <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
+              <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
+                <Type>25</Type>
+                <EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1">
+                  <ServerValidation>
+                    <DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation>
+                    <ServerNames>radius.sin.cvut.cz</ServerNames>
+                    <TrustedRootCA>2b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e</TrustedRootCA>
+                  </ServerValidation>
+                  <FastReconnect>true</FastReconnect>
+                  <InnerEapOptional>false</InnerEapOptional>
+                  <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
+                    <Type>26</Type>
+                    <EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1">
+                      <UseWinLogonCredentials>false</UseWinLogonCredentials>
+                    </EapType>
+                  </Eap>
+                  <EnableQuarantineChecks>false</EnableQuarantineChecks>
+                  <RequireCryptoBinding>false</RequireCryptoBinding>
+                </EapType>
+              </Eap>
+            </Config>
+          </EapHostConfig>
+        </EAPConfig>
 			</OneX>
 		</security>
 	</MSM>
@@ -59,4 +62,4 @@
 		<enableRandomization>false</enableRandomization>
 		<randomizationSeed>1813427014</randomizationSeed>
 	</MacRandomization>
-</WLANProfile>
+</WLANProfile>

Wi-Fi-Sincoolka5G.xml

@@ -1,62 +0,0 @@
-<?xml version="1.0"?>
-<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
-	<name>Sincoolka 5G</name>
-	<SSIDConfig>
-		<SSID>
-			<hex>53696E636F6F6C6B61203547</hex>
-			<name>Sincoolka 5G</name>
-		</SSID>
-		<nonBroadcast>false</nonBroadcast>
-	</SSIDConfig>
-	<connectionType>ESS</connectionType>
-	<connectionMode>auto</connectionMode>
-	<autoSwitch>false</autoSwitch>
-	<MSM>
-		<security>
-			<authEncryption>
-				<authentication>WPA2</authentication>
-				<encryption>AES</encryption>
-				<useOneX>true</useOneX>
-			</authEncryption>
-			<PMKCacheMode>enabled</PMKCacheMode>
-			<PMKCacheTTL>10</PMKCacheTTL>
-			<PMKCacheSize>128</PMKCacheSize>
-			<preAuthMode>disabled</preAuthMode>
-			<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
-				<cacheUserData>true</cacheUserData>
-				<authMode>user</authMode>
-				<EAPConfig>
-					<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
-						<EapMethod>
-							<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">21</Type>
-							<VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
-							<VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
-							<AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId>
-						</EapMethod>
-						<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
-							<EapTtls
-								xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1">
-								<ServerValidation>
-									<ServerNames>radius.sin.cvut.cz</ServerNames>
-									<TrustedRootCAHash>2b 8f 1b 57 33 d bb a2 d0 7a 6c 51 f7 e e9 d da b9 ad 8e </TrustedRootCAHash>
-									<DisablePrompt>true</DisablePrompt>
-								</ServerValidation>
-								<Phase2Authentication>
-									<PAPAuthentication />
-								</Phase2Authentication>
-								<Phase1Identity>
-									<IdentityPrivacy>true</IdentityPrivacy>
-									<AnonymousIdentity>anonymous@sin.cvut.cz</AnonymousIdentity>
-								</Phase1Identity>
-							</EapTtls>
-						</Config>
-					</EapHostConfig>
-				</EAPConfig>
-			</OneX>
-		</security>
-	</MSM>
-	<MacRandomization xmlns="http://www.microsoft.com/networking/WLAN/profile/v3">
-		<enableRandomization>false</enableRandomization>
-		<randomizationSeed>1813427014</randomizationSeed>
-	</MacRandomization>
-</WLANProfile>

Wi-Fi-SincoolkaFT.xml

@@ -1,62 +0,0 @@
-<?xml version="1.0"?>
-<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
-	<name>Sincoolka FT</name>
-	<SSIDConfig>
-		<SSID>
-			<hex>53696E636F6F6C6B61204654</hex>
-			<name>Sincoolka FT</name>
-		</SSID>
-		<nonBroadcast>false</nonBroadcast>
-	</SSIDConfig>
-	<connectionType>ESS</connectionType>
-	<connectionMode>auto</connectionMode>
-	<autoSwitch>false</autoSwitch>
-	<MSM>
-		<security>
-			<authEncryption>
-				<authentication>WPA2</authentication>
-				<encryption>AES</encryption>
-				<useOneX>true</useOneX>
-			</authEncryption>
-			<PMKCacheMode>enabled</PMKCacheMode>
-			<PMKCacheTTL>10</PMKCacheTTL>
-			<PMKCacheSize>128</PMKCacheSize>
-			<preAuthMode>disabled</preAuthMode>
-			<OneX xmlns="http://www.microsoft.com/networking/OneX/v1">
-				<cacheUserData>true</cacheUserData>
-				<authMode>user</authMode>
-				<EAPConfig>
-					<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
-						<EapMethod>
-							<Type xmlns="http://www.microsoft.com/provisioning/EapCommon">21</Type>
-							<VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
-							<VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
-							<AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId>
-						</EapMethod>
-						<Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
-							<EapTtls
-								xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1">
-								<ServerValidation>
-									<ServerNames>radius.sin.cvut.cz</ServerNames>
-									<TrustedRootCAHash>2b 8f 1b 57 33 d bb a2 d0 7a 6c 51 f7 e e9 d da b9 ad 8e </TrustedRootCAHash>
-									<DisablePrompt>true</DisablePrompt>
-								</ServerValidation>
-								<Phase2Authentication>
-									<PAPAuthentication />
-								</Phase2Authentication>
-								<Phase1Identity>
-									<IdentityPrivacy>true</IdentityPrivacy>
-									<AnonymousIdentity>anonymous@sin.cvut.cz</AnonymousIdentity>
-								</Phase1Identity>
-							</EapTtls>
-						</Config>
-					</EapHostConfig>
-				</EAPConfig>
-			</OneX>
-		</security>
-	</MSM>
-	<MacRandomization xmlns="http://www.microsoft.com/networking/WLAN/profile/v3">
-		<enableRandomization>false</enableRandomization>
-		<randomizationSeed>1813427014</randomizationSeed>
-	</MacRandomization>
-</WLANProfile>

sin-setup.bat

@@ -7,15 +7,12 @@ set rights_admin=0
 NET SESSION >nul 2>&1
 
 IF NOT %ERRORLEVEL% EQU 0 (
-   echo ############### !! FRIENDLY NOTICE ##############
-   echo # Please, run this script as an administrator.  #
-   echo # Otherwise, the added Wi-Fi network will       #
-   echo # NOT remember your username and password.      #
-   echo #                                               #
-   echo # Please close this window, right-click the     #
-   echo # sin-setup.bat, and select                     #
-   echo # Run as administrator.                         #
-   echo #################################################
+   echo ####### Running as a regular user #########
+   echo # The Wi-Fi profiles will be installed    #
+   echo # for the current user.                   #
+   echo # Run as administrator to install them    #
+   echo # for all users.                          #
+   echo ###########################################
    echo.
    pause
 ) ELSE (
@@ -31,31 +28,17 @@ IF NOT %ERRORLEVEL% EQU 0 (
 :main
 cls
 ECHO What you want to do now?
-ECHO 1. Configure Wi-Fi connection - Sincoolka FT (recommended)
-ECHO 2. Configure Wi-Fi connection - Sincoolka (if the FT does not work properly)
-ECHO 3. Configure Wi-Fi connection - Sincoolka 5G (expert, 5 GHz only)
-ECHO.
-ECHO 4. Remove all Sincoolka profiles
-ECHO.
-IF %rights_admin% EQU 1 (
-ECHO 5. Configure wired connection for 802.1X
-ECHO.
-)
-ECHO 9. Print MAC adresses
-ECHO 0. Exit
-ECHO.
+ECHO 1. Configure Wi-Fi connection
+rem ECHO 2. Configure Wired connection
+ECHO 3. Print MAC adresses
+ECHO 4. Exit
 set choice=
 set /p choice=Choice: 
 if not '%choice%'=='' set choice=%choice:~0,1%
-if '%choice%'=='1' goto setup_wifi_ft
-if '%choice%'=='2' goto setup_wifi
-if '%choice%'=='3' goto setup_wifi_5g
-if '%choice%'=='4' goto cleanup_wifi
-IF %rights_admin% EQU 1 (
-  if '%choice%'=='5' goto setup_eth
-)
-if '%choice%'=='9' goto print_mac
-if '%choice%'=='0' EXIT
+if '%choice%'=='1' goto setup_wifi
+rem if '%choice%'=='2' goto setup_eth
+if '%choice%'=='3' goto print_mac
+if '%choice%'=='4' EXIT
 ECHO "%choice%" is not valid, try again
 ECHO.
 goto main
@@ -64,22 +47,7 @@ goto main
 
 
 
-:: Import Sincoolka FT Wi-Fi profile
-
-:setup_wifi_ft
-cls
-set cmd_user=current
-IF %rights_admin% EQU 1 (
-   set cmd_user=all
-)
-netsh wlan add profile "filename=%mypath%Wi-Fi-SincoolkaFT.xml" user=%cmd_user%
-
-echo.
-
-set /p iface="Press Enter to continue . . . "
-goto main
-
-:: Import Sincoolka Wi-Fi profile
+:: Import Sincoolka and Sincoolka 5G Wi-Fi profile
 
 :setup_wifi
 cls
@@ -88,21 +56,7 @@ IF %rights_admin% EQU 1 (
    set cmd_user=all
 )
 netsh wlan add profile "filename=%mypath%Wi-Fi-Sincoolka.xml" user=%cmd_user%
-
-echo.
-
-set /p iface="Press Enter to continue . . . "
-goto main
-
-:: Import Sincoolka 5G Wi-Fi profile
-
-:setup_wifi_5g
-cls
-set cmd_user=current
-IF %rights_admin% EQU 1 (
-   set cmd_user=all
-)
-netsh wlan add profile "filename=%mypath%Wi-Fi-Sincoolka5G.xml" user=%cmd_user%
+netsh wlan add profile "filename=%mypath%Wi-Fi-Sincoolka 5G.xml" user=%cmd_user%
 
 echo.
 
@@ -110,17 +64,6 @@ set /p iface="Press Enter to continue . . . "
 goto main
 
 
-:cleanup_wifi
-cls
-:: Cleanup all our Wi-Fi profiles
-netsh wlan delete profile name="Sincoolka" i=*
-netsh wlan delete profile name="Sincoolka FT" i=*
-netsh wlan delete profile name="Sincoolka 5G" i=* 
-
-echo.
-
-set /p iface="Press Enter to continue . . . "
-goto main
 
 
 
@@ -155,7 +98,7 @@ echo.
 :setEth
                            
 :: Print all network interfaces
-echo List of Available Interfaces:
+echo List of Avaliable Interfaces:
 echo.
 wmic nic where 'NOT Manufacturer like "%%Microsoft%%" and PhysicalAdapter=TRUE and NOT Manufacturer like "%%Windows%%"' get Manufacturer,MACAddress,NetConnectionID 2>nul
 IF NOT %ERRORLEVEL% EQU 0 (
@@ -191,7 +134,7 @@ goto main
 
 :print_mac
 cls
-wmic nic where 'NOT Manufacturer like "%%Microsoft%%" and NOT Manufacturer like "%%Windows%%"' get MACAddress,Caption,NetConnectionID 2>nul
+wmic nic where 'NOT Manufacturer like "%%Microsoft%%" and PhysicalAdapter=TRUE and NOT Manufacturer like "%%Windows%%"' get Manufacturer,MACAddress,NetConnectionID 2>nul
 IF NOT %ERRORLEVEL% EQU 0 (
   getmac /v 2>nul
   IF NOT %ERRORLEVEL% EQU 0 (