NAC Custom Check to run command

Unanswered Question
Mar 11th, 2009
User Badges:


i have a case where i want to check whether the computer has join the microsoft domain or not.

after searching, i found the effective way is to run command nltest.exe. nltest.exe is a command to check trust relationship between workstation and domain controller.

is there any way that custom check can do this ? in CAM document, only registry, file, service, and application check.

this is the link from Microsoft :


C:\>nltest /server:test3 /sc_query:testd

Flags: 0

Connection Status = 0 0x0 NERR_Success

Trusted DC Name \\TEST2

Trusted DC Connection Status Status = 0 0x0 NERR_Success

The command completed successfully

Can Clean access agent do the command line check and interpret the result ?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Daniel Laden Fri, 03/13/2009 - 22:41
User Badges:
  • Cisco Employee,

The Cisco NAC Agent will not able to run and interpret the command output.

If the goal is to check whether the computer is a member of a known domain, you can check 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain' to contain the name of the domain.


yudi.arijanto Sat, 03/14/2009 - 09:55
User Badges:

Thanks Dan,

Yes, I already plan to use registry check. But in case the user has admin access, he can change the registry easily.




This Discussion