Home
About UsOur CustomersContact Us 24/7MVP Expert Zone
WRTU
Forefront EDGE | TMG | UAG | IAG | DAForefront Endpoint | FEP | FCSForefront Server | FPE | FPSP | FSOCS | FSMMCIdentity and Access Management | IAM | IDM | FIMGeneral ForefrontMicrosoft Security
Articles
Intelligent Application Gateway | IAG 2007Forefront Unified Access Gateway | UAG 2010Forefront Threat Management Gateway | TMG 2010Forefront UAG DirectAccess | DAForefront Endpoint Protection | FEP 2010Forefront Client Security | FCSForefront Protection for Exchange | FPEForefront Protection for SharePoint | FPSPForefront Security for OCS | FSOCSForefront Server Security Management Console FPMCSForefront Identity Manager | FIM 2010Active Directory SecurityActive Directory Rights Management Services AD RMSActive Directory Federation Services | AD FSActive Directory Certificate Services | AD CS PKI
Videos
Intelligent Application Gateway | IAG 2007Forefront Unified Access Gateway | UAG 2010Forefront Threat Management Gateway | TMG 2010Forefront UAG DirectAccess | DAForefront Endpoint Protection | FEP 2010Forefront Client Security | FCSForefront Protection for Exchange | FPEForefront Protection for SharePoint | FPSPForefront Security for OCS | FSOCSForefront Server Security Management Console FPMSCActive Directory SecurityActive Directory Rights Management Services AD RMSActive Directory Federation Services | AD FSActive Directory Certificate Services | AD CS PKI
Forums
General for all Forums | AnnouncementsIntelligent Application Gateway | IAG 2007Forefront Unified Access Gateway | UAG 2010Forefront Threat Management Gateway | TMG 2010Forefront UAG DirectAccess | DAForefront Client Security | FCSForefront Endpoint Protection | FEP 2010Forefront Online Protection for Exchange | FOPEForefront Protection for Exchange | FPEForefront Protection for SharePoint | FPSPForefront Security for OCS | FSOCSForefront Identity Manage | FIM 2010Active Direcroty SecurityActive Direcroty Rights Management Services AD RMSActive Directory Federation Services | AD FS | WIFActive Directory Certificate Services | AD CS PKI
TechNet Forums
Services
DesignImplementationProject ManagementCustom Development and Customization
Online Training
Online Store
Shopping Cart
Online Support
Online Support and Debugging Tools
ForefrontSecurity TV
       
Article View
How to configure IAG 2007 custom End-Point Security to check Registry Value
Created by forefrontsupport on 10/13/2010 9:39:10 PM

Before you begin

This article describe the technical procedures to add custom End-Point Security detection script that validate Registry value on the remote client computer

Important to know!

To modify the script you will need to have VBScript experience

Prerequisites

Non

Configuration Procedures

Configure custom scripts on IAG

Phase 1: Create the file "portal1Detect.inc"

  1. Copy the following code into the file [TrunkName]1Detect.inc

    File name syntax:

    <https=1/http=0>Detect.inc

    For example: for an HTTPS trunk named "portal", create the file portal1Detect.inc

    <%

    g_scriptList("/InternalSite/CustomUpdate/RegCheck.vbs") = false

    %>

    Note: Change the name of the script based on your needs

  2. Save the file in the following path C:\Whale-Com\e-Gap\von\InternalSite\inc\CustomUpdate

Phase 2: Create the file "policytemplate.xml"

  1. Copy the following code into the file policytemplate.xml

    IsMyComputer

    IsMyComputer

    0

    False

    MyRegKey

  2. Save the file in the following path C:\Whale-Com\e-Gap\von\conf\CustomUpdate

Phase 3: Create the file "RegCheck.vbs"

  1. Copy the following code into the file RegCheck.vbs

    const HKEY_LOCAL_MACHINE = &H80000002

    strComputer = "."

    Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_

    strComputer & "\root\default:StdRegProv")

     

    strKeyPath = "SOFTWARE\MyRegKey"

    strValueName = "MyRegKeyValue"

    oReg.GetExpandedStringValue _

    HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

     

    If strValue="MyRegKeyValue" then

    Results("IsMyComputer") = True

    else

    Results("IsMyComputer") = False

    end if

    'wscript.echo "Result: " & strValue

  2. Save the file in the following path C:\Whale-Com\e-Gap\von\InternalSite\CustomUpdate

Phase 4: Create the relevant registry key on the client computers

  1. Create new Key under HKEY_LOCAL_MACHINE\Software with the name "MyRegKey" (Change it based on your needs)
  2. Create new String Value with the name "MyRegKeyValue" (Change it based on your needs) and with the value "MyRegKeyValue

Phase 5: Test the VbScript "RegCheck.vbs"

  1. Copy the following code into the file RegCheck.vbs, pay attention:I changed the original script for debugging purposes (changes in RED)

    const HKEY_LOCAL_MACHINE = &H80000002

    strComputer = "."

    Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_

    strComputer & "\root\default:StdRegProv")

     

    strKeyPath = "SOFTWARE\MyRegKey"

    strValueName = "MyRegKeyValue"

    oReg.GetExpandedStringValue _

    HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue

     

    If strValue="MyRegKeyValue" then

    'Results("IsMyComputer") = True

        MsgBox("working")

    else

    'Results("IsMyComputer") = False

        MsgBox("notworking")

    end if

    wscript.echo "Find the Registry Value: " & strValue

  2. Copy the file "RegCheck.vbs" to the client computer and double click on the file, if you will get following message boxes the script will work

    if you will get following message box the script will NOT work and you need to validate your configuration

Configure IAG End-Point Security

  1. Open the IAG Configurations console, go to the "Advanced Trunk Configuration"
  2. Go to the "Session" Tab
  3. Choose "Manage Policies"

  4. Choose "Add Policy"

  5. Choose the name of the policy
  6. Choose the text the user will see if it cannot access the portal (because the registry key is configure on its computer)
  7. Choose "Manage Windows Policies"

  8. On the "Windows Policies and Expressions" choose "Add Policy"

  9. On the "Policy Editor for Windows" choose the Policy Name
  10. Choose "Create As Script"

  11. You will get the following Information Message, choose Yes

  12. Choose the Name and choose the expression "IsMyComputer" that we added

  13. Choose the policy we created "Registry Validation" for the Windows Platform and for the other platform choose whatever you like, I choose "Never" which means that only Windows computer will be able to access the portal

  14. Choose the policy we created "Check Registry Value" on the appropriate Endpoint Policies. "Session Access Policy" means that the computer will be checked before the client will perform the authentication to the portal. "Privileged Endpoint Policy" means that if the computer will pass the tests, IAG will mark him as Privileged computer and he will get the privileged settings

  15. You can also choose the "Check Registry Value" policy we create for a specific application inside the portal

If you have any issues with this architecture please post them in our Technical Forums http://Forums.ForefrontSecurity.ORG or use our online support services

powered by metaPost

print
rating
 Comments