Enabling wireless on AD-only network.

["Crawley, Jim" <Jim.Crawley () yrbrands com>]

    Currently we have no wireless access points in any of our offices.
No central management for wireless.  Symantec AV.  Firewall is the
default Windows Firewall which is managed by Active Directory
(port/program exceptions defined for when they're connected to the
domain, locked down much tighter when not on the domain).  The poor
excuse for wireless management so far has been a group policy object
disabling the Wireless Zero Access service, but giving the staff access
to start it again if needs be and it will be disabled upon next reboot.
 
    Our CFO is stuck overseas in a hotel whose only internet access is
wireless.  I now have a problem I've been dreading and trying to avoid
for a while, us being given no choice but to enable wireless so that
staff can connect to other wifi networks.
 
    The way Windows Firewall works to my understanding (I could be
wrong, please correct me if I am), if they're connected to our network
the machines firewall will be more open on all network adapters and not
just the one connected to our internal network.
 
    Is there a way I can set the machines so that if something is
connected to the LAN port, the wifi adapter disables itself or stops
working?  Also, is there anything else I can do to try and secure these
machines?  Keep in mind that the only resources available to me are a
poor scripting ability and Active Directory.  KB917021 will be pushed
out to all machines prior to any changes being made as well, I'm
surprised this wasn't available through WSUS.