Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

NAC Custom Check to run command

hi,

i have a case where i want to check whether the computer has join the microsoft domain or not.

after searching, i found the effective way is to run command nltest.exe. nltest.exe is a command to check trust relationship between workstation and domain controller.

is there any way that custom check can do this ? in CAM document, only registry, file, service, and application check.

this is the link from Microsoft : http://support.microsoft.com/kb/158148

example:

C:\>nltest /server:test3 /sc_query:testd

Flags: 0

Connection Status = 0 0x0 NERR_Success

Trusted DC Name \\TEST2

Trusted DC Connection Status Status = 0 0x0 NERR_Success

The command completed successfully

Can Clean access agent do the command line check and interpret the result ?

thanks,

yd

2 REPLIES

Re: NAC Custom Check to run command

The Cisco NAC Agent will not able to run and interpret the command output.

If the goal is to check whether the computer is a member of a known domain, you can check 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain' to contain the name of the domain.

-Dan

Community Member

Re: NAC Custom Check to run command

Thanks Dan,

Yes, I already plan to use registry check. But in case the user has admin access, he can change the registry easily.

regards,

yd

333
Views
0
Helpful
2
Replies
CreatePlease to create content