Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
4 replies Latest Post - ‏2013-07-07T20:12:00Z by Corda
Corda
Corda
7 Posts
ACCEPTED ANSWER

Pinned topic Fixlet that reads domain policy

‏2013-04-05T09:45:27Z |
Hello, a customer wants a fixlets that reads the domain policy on some endpoints
How I can I do?
Thanks
Updated on 2013-04-05T15:27:01Z at 2013-04-05T15:27:01Z by Eric Walker
  • Eric Walker
    Eric Walker
    34 Posts
    ACCEPTED ANSWER

    Re: Fixlet that reads domain policy

    ‏2013-04-05T15:27:01Z  in response to Corda
    Hi,

    It's possible, technically speaking, as there are inspectors that look at domain-related settings. But they are very dangerous to use in fixlets that have been deployed in the normal manner, because the system calls the inspectors use generate a lot of network traffic. With one host generating such traffic, things are fine. But when all of the endpoints in a deployment start generating such traffic, you start getting availability problems.

    Eric
    • Tim.Rice
      Tim.Rice
      3 Posts
      ACCEPTED ANSWER

      Re: Fixlet that reads domain policy

      ‏2013-06-19T16:12:37Z  in response to Eric Walker

      Since the Domain GPO Policies actually set Registry Keys locally on the computers, if all you want are inspectors, try looking at http://msdn.microsoft.com/en-us/library/ms815238.aspx and you should be able to create some retrieved properties from that.

      • Eric Walker
        Eric Walker
        34 Posts
        ACCEPTED ANSWER

        Re: Fixlet that reads domain policy

        ‏2013-06-19T21:58:01Z  in response to Tim.Rice

        Very true.  Many security checklist providers do this, and I think it's a good way to go.

      • Corda
        Corda
        7 Posts
        ACCEPTED ANSWER

        Re: Fixlet that reads domain policy

        ‏2013-07-07T20:12:00Z  in response to Tim.Rice

        thanks for the tip