NAC Custom Check to run command

Unanswered Question
Mar 11th, 2009

hi,


i have a case where i want to check whether the computer has join the microsoft domain or not.


after searching, i found the effective way is to run command nltest.exe. nltest.exe is a command to check trust relationship between workstation and domain controller.


is there any way that custom check can do this ? in CAM document, only registry, file, service, and application check.


this is the link from Microsoft : http://support.microsoft.com/kb/158148


example:

C:\>nltest /server:test3 /sc_query:testd

Flags: 0

Connection Status = 0 0x0 NERR_Success

Trusted DC Name \\TEST2

Trusted DC Connection Status Status = 0 0x0 NERR_Success

The command completed successfully


Can Clean access agent do the command line check and interpret the result ?


thanks,

yd

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Daniel Laden Fri, 03/13/2009 - 22:41

The Cisco NAC Agent will not able to run and interpret the command output.


If the goal is to check whether the computer is a member of a known domain, you can check 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain' to contain the name of the domain.


-Dan

yudi.arijanto Sat, 03/14/2009 - 09:55

Thanks Dan,


Yes, I already plan to use registry check. But in case the user has admin access, he can change the registry easily.


regards,

yd

Actions

This Discussion