NAC Custom Check to run command
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2009 09:34 AM - edited 02-21-2020 03:20 AM
hi,
i have a case where i want to check whether the computer has join the microsoft domain or not.
after searching, i found the effective way is to run command nltest.exe. nltest.exe is a command to check trust relationship between workstation and domain controller.
is there any way that custom check can do this ? in CAM document, only registry, file, service, and application check.
this is the link from Microsoft : http://support.microsoft.com/kb/158148
example:
C:\>nltest /server:test3 /sc_query:testd
Flags: 0
Connection Status = 0 0x0 NERR_Success
Trusted DC Name \\TEST2
Trusted DC Connection Status Status = 0 0x0 NERR_Success
The command completed successfully
Can Clean access agent do the command line check and interpret the result ?
thanks,
yd
- Labels:
-
Other Network Security Topics
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2009 10:41 PM
The Cisco NAC Agent will not able to run and interpret the command output.
If the goal is to check whether the computer is a member of a known domain, you can check 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain' to contain the name of the domain.
-Dan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2009 09:55 AM
Thanks Dan,
Yes, I already plan to use registry check. But in case the user has admin access, he can change the registry easily.
regards,
yd
