Solved: Posture - File Check

wileong · ‎09-25-2018

Hi,

I am creating a "File Condition" requirement and facing unexpected behaviour.

I am using "FileExistense" in "User_Profile" for Windows 10. By the default, Windows user profiles directory is C:\Users\%username%, where %username% is the username of the current logon user.

Which folder is "User_Profile" being reference during ISE posture? I have also tried "User_Desktop" without luck too.

Thanks

Wing Churn

howon · ‎09-25-2018

'User_Profile' will put you in the C:\Users\%username% (Assuming C: is the system drive). From there you can add '\Desktop\test.txt' if you want to look for 'test.txt' file on the desktop.

View solution in original post

howon · ‎09-25-2018

'User_Profile' will put you in the C:\Users\%username% (Assuming C: is the system drive). From there you can add '\Desktop\test.txt' if you want to look for 'test.txt' file on the desktop.

wileong · ‎09-25-2018

Hi Hosuk,

I have tried putting in \test.txt and test.txt without luck. The full path of the file is c:\users\%username%\text.txt. Anything i should be checking?

Thanks

Wing Churn

howon · ‎09-25-2018

I would check the posture policy starting from the condition > requirement > posture policy to make sure it is setup correctly. Check out the posture report to see if your requirement is being checked for the user. The condition like the following should work for your test:

Also, I suggest going through the posture deployment guide:

https://community.cisco.com/t5/security-documents/ise-posture-deployment-guide/ta-p/3680273

howon · ‎09-25-2018

By the way, I just noticed that your example shows 'test.txt', but your file name is 'text.txt' (Notice the 's' vs. 'x'). Can you check the spelling of the file?

wileong · ‎09-30-2018

Hi Hosuk,

Thanks for the info, test.txt is just an example. I have tested in the lab and it works, previous issue was Windows UAC.

Thanks

Wing Churn