Creating a test Host Integrity policy with a custom requirement script
Last Updated April 24, 2019
The policy that you create for this test is for demonstration purposes only. The policy detects the existence of an operating system and, when detected, generates a fail event. Normally, you would generate fail events for other reasons.
Complete the following tasks:
Add a Host Integrity policy with a custom requirement script that checks for the operating system on the client computer.
Test the Host Integrity policy you have created.
To create a test Host Integrity policy with a custom requirement script
In the console, open a Host Integrity policy.
On the Host Integrity policy page, click Requirements > Add.
In the Add Requirement dialog box, click the Select requirement drop-down list, select a predefined requirement, and then click OK.
For version 12.1.x, click Mac only if your Mac clients have installed the Symantec Network Access Control On-Demand Client.
In the Name box, type a name for the custom requirement.
In the Custom Requirement dialog box, under Customized Requirement Script, right-click Insert statements below, and then click Add > IF..THEN.
In the right pane, in the Select a condition drop-down list, click Utility: Operating System is.
Under Operating system, check one or more operating systems that your client computers run and that you can test.
Under Customized Requirement Script, right-click THEN //Insert statements here, and then click Add > Function > Utility: Show message dialog.
In the Caption of the message box field, type a name to appear in the message title.
In the Text of the message box field, type the text that you want the message to display.
In the left pane, under Customized Requirement Script, click Pass.
In the right pane, under As the result of the requirement, return, check Fail, and then click OK.
In the Host Integrity Policies dialog box, in the left panel, click Assign the policy.
In the Assign Host Integrity Policy dialog box, select the groups to which you want to assign the policy, and click Assign.
In the Assign Host Integrity Policy dialog box, click Yes to assign the Host Integrity policy changes.
One Host Integrity policy can be assigned to multiple groups, while a single group can only have a single Host Integrity policy. You can replace an existing policy with a different policy.
To test the Host Integrity policy on the client computer
In the console, click Clients > Clients.
Under Clients, click and highlight the group that contains the client computers to which you applied the Host Integrity policy.
Under Tasks, click Run a command on the group > Update Content, and then click OK.
Log on to the computer that runs the client and note the message box that appears.
Because the rule triggered the fail test, the message box appears. After testing, disable or delete the test policy.