Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
845
Views
0
Helpful
2
Replies

NAC Custom Check to run command

yudi.arijanto
Level 1
Level 1

‎03-11-2009 09:34 AM - edited ‎02-21-2020 03:20 AM

hi,

i have a case where i want to check whether the computer has join the microsoft domain or not.

after searching, i found the effective way is to run command nltest.exe. nltest.exe is a command to check trust relationship between workstation and domain controller.

is there any way that custom check can do this ? in CAM document, only registry, file, service, and application check.

this is the link from Microsoft : http://support.microsoft.com/kb/158148

example:

C:\>nltest /server:test3 /sc_query:testd

Flags: 0

Connection Status = 0 0x0 NERR_Success

Trusted DC Name \\TEST2

Trusted DC Connection Status Status = 0 0x0 NERR_Success

The command completed successfully

Can Clean access agent do the command line check and interpret the result ?

thanks,

yd

0 Helpful
2 Replies 2

Daniel Laden
Level 4
Level 4

‎03-13-2009 10:41 PM

The Cisco NAC Agent will not able to run and interpret the command output.

If the goal is to check whether the computer is a member of a known domain, you can check 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain' to contain the name of the domain.

-Dan

0 Helpful

yudi.arijanto
Level 1
Level 1
In response to Daniel Laden

‎03-14-2009 09:55 AM

Thanks Dan,

Yes, I already plan to use registry check. But in case the user has admin access, he can change the registry easily.

regards,

yd

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card