Novell Home

Forcing eTrust Policies to eTrust User PCs

Novell Cool Solutions: Trench
By Dennis Hestbech

Digg This - Slashdot This

Posted: 8 Apr 2004
 

Are you unable to distribute antivirus policies with eTrust antivirus admin server, when installing eTrust Antivirus with ZENworks? This one's for you.

The scope of this article is to facilitate forcing anti-virus policies to CA eTrust Antivirus user PCs running MS Windows. At this time, I offer no solution for forcing policies to eTrust running on other operating systems.

There are a number of reasons why an administrator would prefer to install CA eTrust Antivirus on user PCs with other means than the remote install function. In this article, I won't go over any of these, but focus on the solution to a problem that arises if you do.

Others maybe face the problem of introducing the Admin server functionality after having installed eTrust on the user PCs - or they want to assign another eTrust Admin server to push policies on the user PCs.

Others again, face the same problem after changing the IP address of the eTrust Admin server.

On the other hand, making the user PCs update their virus signature files from a central download server is pretty easy, and therefore I won't go over that issue in this article either.

What the problem really means:

Forcing anti-virus policies on user PCs works as a chain of events. The administrator will define subnets on the admin server; the server thereafter performs discovery of user PCs that have eTrust Antivirus installed. He also defines branches of the organisation, that should have different policies forced on them. When defining the subnets, the administrator assigns a branch to the subnet. If the INOC6.ICF at install time didn't hold the admin server's IP address, the discovered PCs do NOT automatically get assigned to a branch, since the admin server is not on the user PC's list of approved servers. Hence, policies are NOT distributed.

eTrust administrators will know that the key to solving this problem is the Serverlist entry [NameClient] paragraph in the INOC6.ICF file, a file that forms the installed product - whether locally or remotely installed. This parameter holds a list of "approved servers", that the user PC will accept policies from. If nothing specific is entered, there's a default value of 127.0.0.1

The settings in INOC6.ICF, at install time, are put in the windows registry. I have found, that the administrator is left with no option for changing this after installation.

However, there is a way of doing it.

The solution is straightforward, and involves only translating the IP address of the Admin server into hex, then inserting this value at a certain place in the Windows registry on the user PCs. After the value is inserted, and the user PC is rebooted, the chain of events flows as designed.

Calculating the hex value of the Admin server's IP address isn't very hard to do. If you can't do it in your head, the Windows calculator is always at hand. Run calc.exe on your windows PC, and change the view to "scientific". Enter the first portion of the admin server's IP address, and change the read-out base from "Dec" (decimal) to "Hex" (hexadecimal). Make a note of the value, and change the base back to decimal before you enter the next portion of the IP address.

Example: the IP address 172.16.23.211 is AC 10 17 D3 in hex.

Inserting this value in the user PC's windows registry is easy to do manually (use regedit.exe and browse to the value, then modify it), and there are a wealth of ways to distribute the value to all the PCs on a network; if you do not have Novell ZENworks or MS SMS, consider running a .reg file via the login script.

The value you want to change is:

[HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrustAntivirus\CurrentVersion\NameCli\ServerList]

I of course take no responsability whatsoever for techniques involved, information in, or results (or lack thereof) of using this document. What counts, is it worked for me, using ZfD 4.01 on WindowsNT 4.0 PCs.

Comments, kudos etc. welcomed at dennisheATmyrealboxDOTcom

You can edit and distribute this document as you please without permission - or even informing me.

EXAMPLE: This is how the reg file should look, if your admin server happens to have the IP address 172.16.23.211:

-----------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrustAntivirus\CurrentVersion\NameCli]
"ServerList"=hex:ac,1a,a0,d1
-----------------------------


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell