04-16-2008 05:32 AM - edited 03-09-2019 08:31 PM
We have a machine that fails our Clean Access rules, but the description on the agent itself is simple: "Windows", "Notify before download". Where on the CAM (4.3) or CAS can I find details regarding the exact rule that was not met.
04-17-2008 06:33 AM
Agent checks the rules one by one in the order that you spesified at your CAM.
So have a look at your CAM's menu Device Management > Clean Access > Clean Access Agent > Role Requirement
Here you can see the rules that the client software must meet.
Looking at the rules name/description you can find out where the problem is.
Or you can use Reports submenu (Management > Clean Access > Clean Access Agent).
04-17-2008 08:35 AM
Here is the report from a machine that fails:
windows (Mandatory)
Passed Checks:
pc_Windows-XP-SP2
pc_HotFix908519_XP
pc_HotFix904706_XP
pc_KB908531_MS06-015_XP
pc_KB932168_MS07-020_XP
pc_KB920683_MS06-041_XP
pc_KB914388_MS06-036_XP
pc_KB935840_MS07-031_XP
pc_KB930178_MS07-021_XP
pc_HotFix901214_XP
pc_IE7_0
pc_KB935839_MS07-035_XP
pc_KB925902_MS07-017_XP
pc_KB928843_MS07-008_XP_SP2
pc_HotFix896358_XP
pc_KB931261_MS07-019_XP
pc_KB920213_MS06-068_XP_SP2
Failed Checks:
pc_Windows-XP-SP1, Registry Check [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 1]
pc_KB929969_MS07-004_XP_SP2_IE7, Registry Check [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP0\KB929969\Filelist\ exists ]
pc_IE6_0, Registry Check [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version starts with 6.0]
There are two checks that may conflict:
1.pc_Windows-XP-SP2
2.pc_Windows-XP-SP1
pc_Windows-XP-SP2 = [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 2]
pc_Windows-XP-SP1 = [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion contains Service Pack 1]
The actual string data is "Service Pack 2"
It passes pc_Windows-XP-SP2
It fails pc_Windows-XP-SP1
Is this just the case of bad rules? I mean the pass/fail result make senses to me, because based on the keys it fails under one condition and passes under the other. The rules were here before I came onboard, and I am not familiar with Clean Access. I would assume the rules are in conflict and we need to decide which we want to enforce? Is there anyway to have the system not enfore the "SP1 rule" if the "SP2 rule" has been met, such as nesting them?
04-30-2008 06:00 AM
hi, Kellyrudnick.
Your checks may differ and even conflict. It's ok.
Try to creat a Rule. And in the Rule Expression type smth like
(pc_Windows-XP-SP2) | (pc_Windows-XP-SP1)
This statement means check "pc_Windows-XP-SP2"
OR "pc_Windows-XP-SP1".
Think this will help you
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: