SCV check for Windows Domain

Artman · #1 (**permalink**) 2007-12-17

I'm running R65 on the enforcement points and R60 for SecureClient. I'd like to use SCV to check the Windows domain of the connecting client. I'd rather not use Secure Domain Logon.

Can anyone provide help for making this check with SCV?

RayPesek · #2 (**permalink**) 2007-12-17

: (RegMonitor
:type (plugin)
:parameters (
:string ("SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\DefaultDomainName=DOMAI NNAMEHERE")
:begin_admin (admin)
:send_log (alert)
:mismatchmessage ("Your computer's account is locked out. Please contact the Help Desk.")
:end (admin)
)
)

The check can be beat if someone names their computer the same as the domain. If also does not check to see if it is part of your domain, just one with the same name.

Ray

Artman · #3 (**permalink**) 2007-12-18

Thanks for the quick reply, Ray. The only issue I see with this check is that the registry entry it checks can be changes depending on if you last logged into the local machine or (in a child domain environment) logged onto a domain that fails the check.

Is there a check for domain membership for the Windows box that is static?

Thanks for the assist!

Art

dsb.nepo · #4 (**permalink**) 2008-01-03

Unfortunately no.

for example this entry is empty at my machine

Quote:

:string ("SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winl ogon\DefaultDomainName=DOMAI NNAMEHERE")

since i use username@domain for the login.

But you can make a custom entry via DomainPolicy and query that value

gchow · #5 (**permalink**) 2008-03-25

How can the SCV check the anti virus of the client before login in server using VPN

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode