Creating and testing a Host Integrity policy
The Host Integrity policy is the foundation of Symantec Network Access Control. The policy that you create for this test is for demonstration purposes only. The policy detects the existence of an operating system and, when detected, generates a fail event. Normally, you would generate fail events for other reasons.
Take the following steps to test a Host Integrity policy:
-
Download the latest Host Integrity content from Symantec.
-
Create a Host Integrity policy to test.
-
Test the Host Integrity policy you have created.
To download the latest Host Integrity content from Symantec
-
In the management console, click > , and then click .
-
Under Tasks, click .
-
In the Site Properties for Local Site dialog box, on the LiveUpdate tab, click .
-
In the Live Update Servers dialog, check that the management server uses the correct LiveUpdate server, and then click .
You can use the default Symantec LiveUpdate server, or use a specified internal LiveUpdate server. If you use an internal LiveUpdate server ensure that the Host Integrity content for the Windows or Mac operating systems is present and available.
-
Under Content Types to Download, click .
-
In the Content Types to Download dialog box, make sure is checked, and then click .
-
Click .
-
Under Tasks, click , and then click .
-
In the Show LiveUpdate Status dialog box, after any new content downloads to the management server, click .
You can now access the templates in the Host Integrity policy.
To create a Host Integrity policy
-
In the console, click > .
-
Under Tasks, click .
-
In the Policy Name tab, type a policy name, and then click .
-
In the Requirements pane, make sure that is checked, and then click .
-
In the Add Requirement dialog box, under , click , and then click .
-
in the Name box, type a name for the Custom Requirement.
-
In the Custom Requirement dialog box, under Customized Requirement Script, right-click , and then click .
-
In the right pane, in the Select a condition drop-down menu, click .
-
Under Operating system, check one or more operating systems that your client computers run and that you can test.
-
Under Customized Requirement Script, right-click , and then click .
-
In the Caption of the message box, type a name to appear in the message title.
-
In the Test of the message box, type the text that you want the message to display.
To display information about the settings customize the message, click .
-
In the left pane, under Customized Requirement Script, click .
-
In the right pane, under As the result of the requirement, return, check , and then click .
-
Click .
-
In the Assign Policy prompt, click , and assign the policy to a group.
Note: |
One Host Integrity policy can be assigned to multiple groups, while a single group can only have a single Host Integrity policy. You can replace an existing policy with a different policy. |
To test a Host Integrity policy
-
In the console, click > .
-
Under Clients, click and highlight the group that contains the client computers to which you applied the Host Integrity policy.
-
Under Tasks, click , and then click .
-
Log on to a client computer that runs Symantec Network Access Control and note the message box that appears.
Because the rule triggered the fail test, the message box appears. After testing, disable or delete the test policy.
See How self enforcement works.
See What you can do with Host Integrity policies.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)