Non-Admin - Reset DNS settings?

Hi,

There’s a bug on our VPN client which will cause the wifi adaptor to keep the VPN dns settings and not release them. This causes the laptop to be unusable until an admin can reset the DNS

On standard, hybrid joined laptops, I pushed out a Powershell script to reset the wifi adaptor on user login via Task Scheduler.

For our Azure/Intune only devices, is there any way I can either get a non admin to be to reset the network adaptors themselves, or have a powershell script to reset the adaptor on login or logoff?

You can still use a scheduled task triggered at logon/logoff, just need to deploy it out out Powershell for the Intune only devices.

Netextender? It always happened when they changed wifi while the VPN was on

Create a scheduled task that runs the PowerShell script as the SYSTEM account. We had the same problem at my company. Are you using Pulse Secure by chance?

Have you tried changing the power settings to keep network connected when asleep and see if that fixes the DNS/VPN problem?

You can do it through a one-liner power shell script as well:

“Set-DnsClientServerAddress -InterfaceAlias “Wi-Fi” -ResetServerAddresses”

Change the interface to whichever one (or multiple) needs to be reset, assign it to a devices group (after testing locally), and you’re golden.

Edit: For continual checking, setup a remediation script with a detection that looks at the DNS server property

Ivanti/Pulse VPN. Seems to happen when a machine goes into sleep with the VPN connection active.

Maybe if there was some way to disconnect the VPN if the laptop goes into sleep.

I’ve also seen people suggest adding an entry for the VPN to the host file which could work and be pushed out via Intune

Yes am using Pulse Secure.

By the way, I am deploying this with a single PowerShell script. The XML for creating the Scheduled Task and the PowerShell script that it runs are embedded in the script. It outputs the text of the script to a local PS1 file, which the Scheduled Task references, using a logoff trigger. Our Service Desk is trained to ask users to reboot when they encounter the issue.

Thanks for that. I don’t think the remediation script would work because the laptops lose Internet access because the DNS servers can’t be resolved when this happens.

Command is great and simple though. Thanks again

Yeah, I did something similar for hybrid joined devices but Group Policy made it easier to push out.

I’ll have a look at your suggestion, but if you’re able to share the script that would be great.

My company makes it difficult but not impossible for me to retrieve this. I’ll DM you.

Ah no need to do anything. Managed to created it and push it out

Do you have the script you made to solve the problem? In my company we have the same thing, the laptops use pulse secure and at some point the connection is lost, we have to physically reconfigure the DNS so that it can resolve and reconnect, but we are not always there to solve the problem.

Sorry, we were running into some security issues with the script, so we just disabled split tunnelling for the moment.

You’ve reminded me to go back to it.

It’s split tunnelling which causes the issues.