Topic
  • 4 replies
  • Latest Post - ‏2013-07-07T20:12:00Z by Corda
Corda
Corda
7 Posts

Pinned topic Fixlet that reads domain policy

‏2013-04-05T09:45:27Z |
Hello, a customer wants a fixlets that reads the domain policy on some endpoints
How I can I do?
Thanks
  • Eric Walker
    Eric Walker
    34 Posts

    Re: Fixlet that reads domain policy

    ‏2013-04-05T15:27:01Z  
    Hi,

    It's possible, technically speaking, as there are inspectors that look at domain-related settings. But they are very dangerous to use in fixlets that have been deployed in the normal manner, because the system calls the inspectors use generate a lot of network traffic. With one host generating such traffic, things are fine. But when all of the endpoints in a deployment start generating such traffic, you start getting availability problems.

    Eric
  • Tim.Rice
    Tim.Rice
    3 Posts

    Re: Fixlet that reads domain policy

    ‏2013-06-19T16:12:37Z  
    Hi,

    It's possible, technically speaking, as there are inspectors that look at domain-related settings. But they are very dangerous to use in fixlets that have been deployed in the normal manner, because the system calls the inspectors use generate a lot of network traffic. With one host generating such traffic, things are fine. But when all of the endpoints in a deployment start generating such traffic, you start getting availability problems.

    Eric

    Since the Domain GPO Policies actually set Registry Keys locally on the computers, if all you want are inspectors, try looking at http://msdn.microsoft.com/en-us/library/ms815238.aspx and you should be able to create some retrieved properties from that.

  • Eric Walker
    Eric Walker
    34 Posts

    Re: Fixlet that reads domain policy

    ‏2013-06-19T21:58:01Z  
    • Tim.Rice
    • ‏2013-06-19T16:12:37Z

    Since the Domain GPO Policies actually set Registry Keys locally on the computers, if all you want are inspectors, try looking at http://msdn.microsoft.com/en-us/library/ms815238.aspx and you should be able to create some retrieved properties from that.

    Very true.  Many security checklist providers do this, and I think it's a good way to go.

  • Corda
    Corda
    7 Posts

    Re: Fixlet that reads domain policy

    ‏2013-07-07T20:12:00Z  
    • Tim.Rice
    • ‏2013-06-19T16:12:37Z

    Since the Domain GPO Policies actually set Registry Keys locally on the computers, if all you want are inspectors, try looking at http://msdn.microsoft.com/en-us/library/ms815238.aspx and you should be able to create some retrieved properties from that.

    thanks for the tip