NAC Custom Check to run command

yudi.arijanto · ‎03-11-2009

hi,

i have a case where i want to check whether the computer has join the microsoft domain or not.

after searching, i found the effective way is to run command nltest.exe. nltest.exe is a command to check trust relationship between workstation and domain controller.

is there any way that custom check can do this ? in CAM document, only registry, file, service, and application check.

this is the link from Microsoft : http://support.microsoft.com/kb/158148

example:

C:\>nltest /server:test3 /sc_query:testd

Flags: 0

Connection Status = 0 0x0 NERR_Success

Trusted DC Name \\TEST2

Trusted DC Connection Status Status = 0 0x0 NERR_Success

The command completed successfully

Can Clean access agent do the command line check and interpret the result ?

thanks,

yd

Daniel Laden · ‎03-13-2009

The Cisco NAC Agent will not able to run and interpret the command output.

If the goal is to check whether the computer is a member of a known domain, you can check 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain' to contain the name of the domain.

-Dan

yudi.arijanto · ‎03-14-2009

Thanks Dan,

Yes, I already plan to use registry check. But in case the user has admin access, he can change the registry easily.

regards,

yd

NAC Custom Check to run command

DHCP relay agent check command

Check specific part of config with show run command

What is the command to check

Threat Centric NAC Service Deployment Guide

Config check with show run