【TechTarget中国原创】本文是创建NAQC的第三步：编写在客户端运行的基线脚本。你可以在你的Windows客户支持的脚本环境中，或者作为一个编译EXE程序编写脚本。这种脚本可以检测你想要检测的任何东西——基线水平没有标准，因为它只是你想要放到你的网络上的东西。你也可以使用脚本环境允许的任何类型的程序。基线脚本非常灵活，可以使用一所拥有的任何软件资源。

　　下面是批处理文件脚本：

@echo off
echo Your remote connection is %1
echo Your tunnel connection %2
echo Your Windows domain is %3
echo Your username is %4
set MYSTATUS=
REM Baselining checks begin here
REM Verify Internet Connection Firewall is enabled. Set CHECKFIRE
to 1-pass, 2-fail.

REM Verify virus checker installed and sig file up. CHECKVIRUS is
1-pass, 2-fail.

REM Pass results to notifier or fail out with message to user.
if "%CHECKFIRE%" = = "2" goto :NONCOMPLIANT
if "%CHECKVIRUS%" = = "2" goto :NONCOMPLIANT
rqc.exe %1 %2 7250 %3 %4 Version1-0
REM These variables correspond to arguments and switches for RQC.EXE
REM %1 = %DialRasEntry%
REM %2 = %TunnelRasEntry%
REM RQS on backend listens on port 7250
REM %3 = %Domain%
REM %4 = %UserName%
REM The version of the baselining script is "Version1-0"
REM Print out the status
if "%ERRORLEVEL%" = = "0" (
set ERRORMSG=Successful baseline check.
) else if "%ERRORLEVEL%" = = "1" (
set ERRORMSG=Can’t contact the RRAS server at the corporate
network. Contact a system administration.
) else if "%ERRORLEVEL%" = = "2" (
set ERRORMSG=Access is denied. Please install the Connection
Manager profile from http://location and attempt a connection
again.
) else (
set ERRORMSG=Unknown failure. You will remain in quarantine
mode until the session timeout is reached.
)
echo %ERRORMSG%
goto :EOF
:NONCOMPLIANT
echo
echo Your computer has failed a baseline check for updates on
echo your machine. It is against corporate policy to allow out of
echo date machines to access the network remotely. Currently
echo you must have Internet Connection Firewall enabled and
echo an updated virus scanning software package with the
echo latest virus signature files. For information about how to
echo install or configure these components, surf to
echo http://location.
Echo You will be permitted to access only that location until
Echo your computer passes the baselining check.
:EOF

　　当然，这个批处理文件非常简单。我已经在脚本中添加了必要的评论，这样你就可以跟着学习每一步了。有一点很重要，就是要记住你可以随心所欲的编写复杂的脚本；甚至可以编译特别的程序，因为CMAK 中的post-connect脚本选项允许.exe文件运行。

　　每个基线脚本的要求之一是，如果基线遵从检查成功而且包含一下参量，它就必须运行rqc.exe：

rqc ConnName TunnelConnName TCPPort Domain Username ScriptVersion

　　这些切换和参数的解释如下：

• ConnName是远程访问服务器连接的名称，通常从连接管理器配置文件的%DialRasEntry%变量继承的。
• TunnelConnName是远程访问服务器隧道连接的名称，通常是从连接管理器配置文件的%TunnelRasEntry%变量继承的。
• TCPPort是notifier用来发送成功信息的端口。默认是7250。
• 域名是远程用户的Windows安全域名，通常是从连接管理器配置文件%Domain%变量继承的。
• 用户名，如你所想，是远程用户，通常是从连接管理器配置文件%UserName%变量继承的。

　　ScriptVersion参数是一个文本字符串，含有可以和RRAS服务器配合的脚本译本。你可以使用任何键盘字符，但是不能连续使用/0。