6.3 Managing Policies
The following sections contain more information:
6.3.1 Show Usage
Changes made to shared policy components will affect all policies they are associated with. Prior to updating or otherwise changing a policy component, it is recommended that you run the Show Usage command to determine which policies will be affected by the change.
-
Right-click the component and select Show Usage
-
A pop-up window will display, showing each instance of this component in other policies (see Figure 6-35).
Figure 6-35 Show Usage Window
6.3.2 Error Notification
When the administrator attempts to save a policy with incomplete or incorrect data in a component, the Validation pane will display at the bottom of the Management console, highlighting each error. The errors MUST be corrected before the policy can be saved.
Double-click each validation row to navigate to the screen with the error. Errors are highlighted as shown in the figure below (see Figure 6-36).
Figure 6-36 Error Notification Pane
6.3.3 Custom User Messages
Custom User Messages allow the ZENworks Endpoint Security Management Administrator to create messages which directly answer security policy questions as the user encounters policy enforced security restrictions, or provide specific instructions to the user. User messages controls (see Figure 6-37) are available in various components of the policy.
Figure 6-37 Custom User Message with a Hyperlink
To create a custom user message, perform the following steps (Figure 6-38 for an example of the control):
-
Enter a title for the message. This displays on the top bar of the message box (see example in Figure 6-36 above)
-
Enter the message. The message is limited to 1000 characters
-
If a hyperlink is required, check the hyperlinks box and enter the necessary
Figure 6-38 Custom Message and Hyperlink Controls
NOTE:Changing the Message or Hyperlink in a shared component will change in all other instances of that component. Use the Show Usage command to view all other policies associated with this component.
6.3.4 Hyperlinks
An administrator can incorporate hyperlinks in custom messages to assist in explaining security policies or provide links to software updates to maintain integrity compliance. Hyperlinks are available in several policy components. A VPN hyperlink can be created which can point to either the VPN client executable, or to a batch file which can run and fully log the user in to the VPN (see VPN Enforcement for more details).
Figure 6-39 Custom User Message with a Hyperlink
To create a hyperlink, perform the following steps (see Figure 6-40 for an example of the control):
-
Enter a name for the link. This is the name that will display below the message (required for Advanced VPN hyperlinks as well).
-
Enter the hyperlink
-
Enter any switches or other parameters for the link (use for VPN enforcement)
Figure 6-40 Custom Message and Hyperlink Controls
NOTE:Changing the Message or Hyperlink in a shared component will change in all other instances of that component. Use the Show Usage command to view all other policies associated with this component.
6.3.5 Defined Location Settings
Setting the Location Icon
The location icon provides a visual cue to the user which identifies their current location. The location icon displays on the taskbar in the notification area. Use the pull-down list to view and select from the available location icons:
Select an icon which will help the end-user easily identify their location at a glance.
Update Interval
This setting determines the frequency the Endpoint Security Client will check for a policy update when it enters this location. The frequency time is set in minutes, hours, or days. Unchecking this parameter means the Endpoint Security Client will NOT check for an update at this location.
User Permissions
User permissions within a location include:
-
Change Location - this permits the end-user to change to and out of this location. For non-managed locations (i.e., hot-spots, airports, hotels, etc.), this permission should be granted. In controlled environments, where the network parameters are known, this permission can be disabled. The user will NOT be able to switch to, or out of any locations when this permission is disabled, rather the Endpoint Security Client will rely on the network environment parameters entered for this location
-
Change Firewall Settings - this allows the user to change their firewall settings
-
Save Network Environment - this allows the user to save the network environment to this location, to permit automatic switching to the location when the user returns. Recommended for any locations the user will need to switch to. Multiple network environments may be saved for a single location. For example, if a Location defined as Airport is part of the current policy, each airport visited by the user can be saved as a network environment for this location. This way, a mobile user can return to a saved airport environment, and the Endpoint Security Client will automatically switch to the Airport location, and apply the defined security settings. A user may, of course, change to a location and not save the environment.
-
Show Location in Client Menu - this setting allows the location to display in the client menu. If this is unchecked, the location will not display at any time.
Use Location Message
This setting allows an optional Custom User Message to display when the Endpoint Security Client switches to this location. This message can provide instructions for the end-user, details about policy restrictions under this location, or include a Hyperlink to more information.
6.3.6 Network Environments
If the network parameters (Gateway server(s), DNS server(s), DHCP server(s), WINS server(s), available access points, and/or specific adapter connections) are known for a location, the service details (IP and/or MAC), which identify the network, can be entered into the policy to provide immediate location switching without requiring the user having to save the environment as a location.
To access this control, open the Locations tab and click the Network Environments folder in the policy tree on the left.
Figure 6-41 Network Environments
The lists provided allow the administrator to define which network services are present in the environment. Each network service may contain multiple addresses. The administrator determines how many of the addresses are required to match in the environment to activate the location switch.
It is required that 2 or more location parameters be used in each network environment definition.
To define a network environment, perform the following steps:
-
Select Network Environments in the components tree and click the New Component button
-
Name the network environment and provide a description
-
Select which adapter type is permitted to access this Network Environment from the drop-down list
-
Enter the following information for each service:
-
The IP address(es) - Limited to 15 characters, and only containing the numbers 0-9 and periods (example: 123.45.6.789)
-
MAC address(es) (Optional) - Limited to 12 characters, and only containing the numbers 0-9 and the letters A-F (upper and lower case); separated by colons example: 00:01:02:34:05:B6
-
Check whether identification of this service is required to define the network environment
-
-
The Dialup Connections, and Adapters tabs have the following requirements:
-
For Dialup Connections, the RAS Entry name from the phone book or the dialed number may be entered. Phone book entries MUST contain alpha characters and cannot contain only special characters (@, #, $,%, -, etc.) or numeric characters (1-9). Entries that only contain special and numeric characters are assumed to be dialed numbers.
-
Adapters can be entered to restrict exactly which adapters, specifically, are permitted access to this network environment (see Step 3 regarding setting adapter limitations). Enter the SSID for each allowed adapter. If no SSIDs are entered, all adapters of the permitted type are granted access
-
-
Each Network Environment has a minimum number of addresses the Endpoint Security Client uses to identify it. The number set in Minimum Match must not exceed the total number of network addresses identified as being required in the tabbed lists. Enter the minimum number of network services required to identify this network environment
To associate an existing Network Environment to this location:
-
Select Network Environments in the components tree and click the Associate Component button
-
Select the network environment from the list
-
The environment parameters may be re-defined. However, changing the settings in a shared component will affect all other instances of this same component. Use the Show Usage command to view all other policies associated with this component.
-
Click Save
You can associate additional Network Environments to the location if desired. If you have multiple locations in the same security policy, be aware that associating a single network environment to two or more locations within in the same security policy will cause unpredictable results and is not recommended.
6.3.7 Firewall Settings
Firewall Settings control the connectivity of all networking ports, Access Control lists, network packets (ICMP, ARP, etc.), and which applications are permitted to get a socket out or function, when the firewall setting is applied.
NOTE:This feature is only available in the ZENworks Endpoint Security Management installation, and cannot be used for UWS security policies.
To access this control, open the Locations tab and click the Firewall Settings icon in the policy tree on the left.
Each component of a firewall setting is configured separately, with only the default behavior of the TCP/UDP ports required to be set. This setting affects all TCP /UDP ports when this firewall setting is used. Individual or grouped ports may be created with a different setting.
Figure 6-42 Firewall Settings
To create a new firewall setting:
-
Select Firewall Settings in the components tree and click the New Component button
-
Name the firewall setting and provide a description
-
Select the default behavior for all TCP/UDP ports
Additional ports and lists may be added to the firewall settings, and given unique behaviors which will override the default setting.
Example: The default behavior for all ports is set as All Stateful. The ports lists for Streaming Media and Web Browsing are added to the firewall setting. The Streaming Media port behavior is set as Closed, and the Web Browsing port behavior is set as Open. Network traffic through TCP Ports 7070, 554, 1755, and 8000 would be blocked. Network traffic through ports 80 and 443 would be open and visible on the network. All other ports would operate in Stateful mode, requiring the traffic through them be solicited first.
-
Select whether to display this firewall in the Endpoint Security Client menu (if unchecked, the user will not see this firewall setting)
-
Click Save. Repeat the above steps to create another firewall setting
To associate an existing firewall setting:
-
Select Firewall Settings in the components tree and click the Associate Component button
-
Select the desired firewall setting(s) from the list
-
The default behavior setting may be re-defined. However, cChanging the settings in a shared component will affect all other instances of this same component. Use the Show Usage command to view all other policies associated with this component.
-
Click Save
Multiple firewall settings can be included within a single location. One is defined as the default setting, with the remaining settings available as options for the user to switch to. Having multiple settings are useful when a user may normally need certain security restrictions within a network environment and occasionally needs those restrictions either lifted or increased for a short period of time, for specific types of networking (i.e., ICMP Broadcasts).
Three firewall settings are included at installation, they are:
-
All Adaptive - This firewall setting sets all networking ports as stateful (all unsolicited inbound network traffic is blocked. All outbound network traffic is allowed), ARP and 802.1x packets are permitted, and all network applications are permitted a network connection, all.
-
All Open - This firewall setting sets all networking ports as open (all network traffic is allowed), all packet types are permitted. All network applications are permitted a network connection
-
All Closed - This firewall setting closes all networking ports, and restricts all packet types.
A new location will have the single firewall setting, All Open, set as the default. To set a different firewall setting as the default, right click the desired Firewall Setting and choose Set as Default.
6.3.8 TCP/UDP Ports
Endpoint data is primarily secured by controlling TCP/UDP port activity. This feature allows you to create a list of TCP/UDP ports which will be uniquely handled in this firewall setting. The lists contain a collection of ports and port ranges, together with their transport type, which defines the function of the range.
NOTE:This feature is only available in the ZENworks Endpoint Security Management installation, and cannot be used for UWS security policies.
To access this control, open the Locations tab, click the “+” symbol next to Firewall Settings, click the “+” symbol next to the desired Firewall, and click the TCP/UDP Ports icon in the policy tree on the left.
Figure 6-43 TCP/UDP Ports Settings
New TCP/UDP port lists can be defined with individual ports or as a range (1-100) per each line of the list.
To create a new TCP/UDP port setting:
-
Select TCP/UDP Ports from the components tree and click the Add New button
-
Name the port list and provide a description
-
Select the port behavior from the drop-down list. The optional behaviors are:
-
Open - All network inbound and outbound traffic is allowed. Because all network traffic is allowed your computer identity is visible for this port or port range.
-
Closed - All inbound and outbound network traffic is blocked. Because all network identification requests are blocked your computer identity is concealed for this port or port range.
-
Stateful - All unsolicited inbound network traffic is blocked. All outbound network traffic is allowed over this port or port range.
-
-
Enter the transport type:
-
All (all port types listed below)
-
Ether
-
IP
-
TCP
-
UDP
-
-
Enter Ports and Port Ranges as either:
-
Single ports
-
A range of ports with the first port number, followed by a dash, and the last port number
Example: 1-100 would add all ports between 1 and 100
Please visit the Internet Assigned Numbers Authority pages for a complete Ports and transport types list.
-
Click Save. Repeat the above steps to create a new setting
To associate an existing TCP/UDP port to this firewall setting:
-
Select TCP/UDP Ports from the component tree and click the Associate Component button
-
Select the desired port(s) from the list
-
The default behavior setting may be re-defined. However, changing the settings in a shared component will affect ALL OTHER instances of this same component. Use the Show Usage command to view all other policies associated with this component.
-
Click Save
Several TCP/UDP port groups have been bundled and are available at installation:
6.3.9 Access Control Lists
There may be some addresses which require unsolicited traffic be passed regardless of the current port behavior (i.e., enterprise back-up server, exchange server, etc.). In instances where unsolicited traffic needs to be passed to and from trusted servers, an Access Control List (ACL) can be created to resolve this issue.
NOTE:This feature is only available in the ZENworks Endpoint Security Management installation, and cannot be used for UWS security policies.
To access this control, open the Locations tab, click the “+” symbol next to Firewall Settings, click the “+” symbol next to the desired Firewall, and click the Access Control Lists icon in the policy tree on the left.
Figure 6-44 Access Control Lists Settings
To create a new ACL setting:
-
Select Access Control List from the components tree and click the Add New button
-
Name the ACL and provide a description
-
Enter the ACL address or Macro
-
Enter the ACL type:
-
IP - This type limits the address to 15 characters, and only containing the numbers 0-9 and periods (example: 123.45.6.189). IP addresses may also be entered as a range (example: 123.0.0.0 - 123.0.0.255)
-
MAC - This type limits the address to 12 characters, and only containing the numbers 0-9 and the letters A-F (upper and lower case); separated by colons (example: 00:01:02:34:05:B6)
-
-
Select the ACL Behavior drop-down box and determine whether the ACLs listed should be Trusted (allow it always even if all TCP/UDP ports are closed) or Non-Trusted (block access)
-
If Trusted, select the Optional Trusted Ports (TCP/UDP) this ACL will use. These ports will permit all ACL traffic, while other TCP/UDP ports will maintain their current settings. Selecting ‹None› means any port may be used by this ACL
-
Click Save. Repeat the above steps to create a new setting
To associate an existing ACL/Macro to this firewall setting:
-
Select Access Control List from the component tree and click the Associate Component button
-
Select the ACL(s)/Macro(s) from the list
-
The ACL behavior settings may be re-defined. However, changing the settings in a shared component will affect ALL OTHER instances of this same component. Use the Show Usage command to view all other policies associated with this component.
-
Click Save
Network Address Macros List
The following is a list of special Access Control macros. These can be associated individually as part of an ACL in a firewall setting.
Table 6-1 Network Address Macros
6.3.10 Application Controls
This feature allows the administrator to block applications either from gaining network access, or from simply executing at all.
NOTE:This feature is only available in the ZENworks Endpoint Security Management installation, and cannot be used for UWS security policies.
To access this control, open the Locations tab, click the “+” symbol next to Firewall Settings, click the “+” symbol next to the desired Firewall, and click the Applications Controls icon in the policy tree on the left.
Figure 6-45 Application Control Settings
To create a new application control setting:
-
Select Application Controls in the components tree and click the Add New button
-
Name the application control list and provide a description
-
Select an execution behavior. This behavior will be applied to all applications listed. If multiple behaviors are required (example: some networking applications are denied network access, while all file sharing applications are denied execution), multiple application controls will need to be defined. Select one of the following:
-
All Allowed - all applications listed will be permitted to execute and have network access
-
No Execution - all applications listed will not be permitted to execute
-
No Network Access - all applications listed will be denied network access. Applications (such as web-browsers) launched from an application will also be denied network access
NOTE:Blocking network access for an application does not affect saving files to mapped network drives. Users will be permitted to save to all network drives available to them.
-
-
Enter each application to block. One application must be entered per row
WARNING:Blocking execution of critical applications could have an adverse affect on system operation. Blocked Microsoft Office applications will attempt to run their installation program.
-
Click Save. Repeat the above steps to create a new setting
To associate an existing application control list to this firewall setting:
-
Select Application Controls in the components tree and click the Associate Component button
-
Select an application set from the list
-
The applications and the level of restriction may be re-defined
NOTE:Changing the settings in a shared component will affect ALL OTHER instances of this same component. Use the Show Usage command to view all other policies associated with this component.
-
Click Save
The available application controls are identified below, the default execution behavior is No Network Access:
Table 6-2 Application Controls
If the same application is added to two different application controls in the same firewall setting (i.e., kazaa.exe is blocked from executing in one application control, and blocked from gaining network access in another defined application control under the same firewall setting), the most stringent control for the given executable will be applied (i.e., kazaa would be blocked from executing)
6.3.11 Rule Scripting Parameters
The ZENworks Endpoint Security Management (ZENworks Endpoint Security Management) supports standard Jscript and VBScript coding methods readily available, with the following exceptions:
-
WScript.Echo - Not supported - (displaying return values back to a parent window are not support (since the parent window is unavailable)). Use the Action.Message ZENworks Endpoint Security Management API instead.
-
Access to Shell Objects - Use the following modified nomenclature/call:
[JScript] Use: var WshShell = new ActiveXObject("WScript.Shell"); Instead of: var WshShell = WScript.CreateObject ("WScript.Shell"); [VBScript] Use: Dim WshShell Set WshShell = CreateObject("WScript.Shell") Instead of: Dim WshShell Set WshShell = WScript.CreateObject("WScript.Shell") -
All scripts are executed in the "system context" unless the following comment is added to the top of the script:
[Jscript] //@ImpersonateLoggedOnUser [VBScript] '@ImpersonateLoggedOnUser
Rule Scripting
A rule consists of two parts. The first part is the Trigger Events which determine when to execute the rule. The second part is the scripting code which contains the logic of the rule. The Endpoint Security Client provides three namespaces and five interfaces for the script, which allows the script to control or access the client.
The namespaces are as follows:
-
Query. This namespace provides methods to get the current state of the client. For example, information about the adapters, shield states and location.
-
Action. This namespace provides methods that get the client to do something. For example, a call that puts the client into a quarantined shield state.
-
Storage. This namespace provides a mechanism for the script to store variables for the session or permanently. These could be used to tell the script if the rule had failed the last time it was run. It could be used to store when this rule last ran.
The interfaces are as follows:
-
IClientAdapter. This interface describes an adapter in the client network environment.
-
IClientEnvData. This interface returns environment data about a Server or Wireless Access Point.
-
IClientNetEnv. Provides Network Environment Information.
-
IClientWAP. Provides information about a Wireless Access Point.
-
IClientAdapterList. A list of adapters in the client network environment.
Trigger Events
Triggers are events that cause the Endpoint Security Client to determine when and if a rule should be executed. These events can either be internal to the client or some external event monitored by the client.
-
AdapterArrival
Desc: Adapter arrival has occurred.
Parameters: None.
-
AdapterRemoval
Desc: Adapter had been removed.
Parameters: None.
-
DownloadFailed
Desc: This event is triggered in response to Action.DownloadAsync if the file was not successfully downloaded.
Parameters: None.
-
DownloadSuccess
Desc: This event is triggered in response to Action.DownloadAsync if the file was successfully downloaded
Parameters: None.
-
LocationChange
Desc: Run the rule when entering or leaving a particular location or all locations.
Parameters:
-
MediaConnect
Desc: Adapter has connection.
Parameters: None.
-
MediaDisconnect
Desc: Adapter has lost its connection.
Parameters: None.
-
PolicyUpdated
Desc: Called when client is first started and whenever a new policy is applied.
Parameters: None.
-
ProcessChange
Desc: Trigger whenever a process is created or deleted.
Parameters: None.
-
Startup
Desc: Run the rule when the engine is started.
Parameters: None.
-
TimeOfDay
Desc: Run the rule at a particular time or times of day. Or at least once a day. This will store the last time this was triggered.
Parameters:
-
Timer
Desc: Run the rule every n milliseconds.
Parameters:
-
UserChangeShield
Desc: The user had manually changed the shield state.
Parameters: None.
-
WithinTime
Desc: Run the rule every n minutes starting from the last time the rule was executed. If the computer has been turned off it will execute the rule if the specified time has past since the last time the rule was executed.
Parameters:
Script Namespaces
General Enumerations and File substitutions
EAccessState
eApplyGlobalSetting = -1
eDisableAccess = 0
eAllowAccess = 1
EAdapterType
eWIRED
eWIRELESS
eDIALUPCONN
EComparison
eEQUAL
eLESS
eGREATER
eEQUALORLESS
eEQUALORGREATER?
ESTDisplayMsg
eONLYONCE
eEVERYTIME
eSECONDS
eNOMSG
EHardwareDeviceController
eIrDA = 0
e1394
eBlueTooth
eSerialPort
eParrallelPort
ELogLevel
eALARM
eWARN
eINFO
EMATCHTYPE
eUNDEFINED
eLOCALIP
eGATEWAY
eDNS
eDHCP
eWINS
eWAP
eDIALUP
eUNKNOWN
eDOMAIN
eRULE
eUSERSELECTED
EMinimumWiFiSecurityState
eNoEncryptionRequired = 0
eWEP64
eWEP128
eWPA
ERegKey
eCLASSES_ROOT
eCURRENT_USER
eLOCAL_MACHINE
eUSERS
eCURRENT_CONFIG
ERegType
eSTRING
eDWORD
eBINARY
eMULTI_SZ
eEXPAND_SZ
EServiceState
eRUN
eSTOP
ePAUSE
ePENDING
eNOTREG
EVariableScope
ePolicyChange = 0 // reset on a policy update
eLocationChange = 1 // reset on a location change
TRIGGEREVENT
eTIMER
eSTARTUP
eLOCATIONCHANGE
eTIMEOFDAY
eADAPTERARRIVAL
eADAPTERREMOVAL
eMEDIACONNECT
eMEDIADISCONNECT
ePOLICYUPDATED
eUSERCHANGEDSHIELD
ePROCESSCHANGE
eWITHINTIME
eRUNNOW
eDOWNLOADFAILED
eDOWNLOADSUCCESS
Table 6-3 Shell Folder Names
Action Namespace
CheckForUpdate
JScript:
Action.CheckForUpdate();
VBScript:
Action.CheckForUpdate()
ClearFixedShieldState, SetShieldStateByName, Trace, Sleep
NOTE:When setting the ShieldState (firewall) by name, the name specified MUST EXACTLY match the firewall specified in the policy. Three firewall settings are always available regardless of the policy ("All Closed", "All Adaptive", and "All Open").
JScript:
Action.SetShieldStateByName("Closed",true);
Action.Trace("Start 20 second sleep");
Action.Sleep(20000);
var ret = Action.ClearFixedShieldState();
if(ret == true)
Action.Trace("ret = true");
else
Action.Trace("ret = false");
VBScript:
Action.SetShieldStateByName "Closed",true
Action.Trace("Start 20 second sleep")
Action.Sleep(20000)
dim ret
ret = Action.ClearFixedShieldState()
if(ret = true) then
Action.Trace("ret = true")
else
Action.Trace("ret = false")
end if
ClearStamp, SwitchLocationByName, Stamp
NOTE:When setting the Location by name, the name specified MUST EXACTLY match the location specified in the policy.
JScript:
Action.SwitchLocationByName("Base");
Action.Stamp();
Action.Trace("Begin 20 second sleep");
Action.Sleep(20000);
Action.SwitchLocationByName("Base");
Action.ClearStamp();
VBScript:
Action.SwitchLocationByName("Base")
Action.Stamp()
Action.Trace("Begin 20 second sleep")
Action.Sleep(20000)
Action.SwitchLocationByName("Base")
Action.ClearStamp()
Example 6-1 Details:
Base must be the name of a valid location which can be stamped. This script will then switch to location Base, then stamp it, sleep for 20 seconds, make sure we didn't spin out of the location by switching back to base and then clear the stamp. This script performed all actions as expected.
CreateRegistryKey
JScript:
var ret = Action.CreateRegistryKey(eLOCAL_MACHINE,"Software\\Novell","Tester");
if(ret == true)
Action.Trace("Create Key is Successful");
else
Action.Trace("Create Key did not work");
VBScript:
dim ret
ret = Action.CreateRegistryKey(eLOCAL_MACHINE,"Software\\Novell","Tester")
if(ret = true) then
Action.Trace("Create Key is Successful")
else
Action.Trace("Create Key did not work")
end if
DeleteRegistryKey
JScript:
var ret = Action.DeleteRegistryKey(eLOCAL_MACHINE,"Software\\Novell\\Tester");
if(ret == true)
Action.Trace("Delete Key is Successful");
else
Action.Trace("Delete Key did not work");
VBScript:
dim ret
ret = Action.DeleteRegistryKey(eLOCAL_MACHINE,"Software\\Novell\\Tester")
if(ret = true) then
Action.Trace("Delete Key is Successful")
else
Action.Trace("Delete Key did not work")
end if
DeleteRegistryValue
JScript:
Action.DeleteRegistryValue(eLOCAL_MACHINE,"Software\\Novell\\Tester","val1"); Action.DeleteRegistryValue(eLOCAL_MACHINE,"Software\\Novell\\Tester","val2");
VBScript:
Action.DeleteRegistryValue eLOCAL_MACHINE,"Software\\Novell\\Tester","val1" Action.DeleteRegistryValue eLOCAL_MACHINE,"Software\\Novell\\Tester","val2"
DisplayMessage, DisplayMessageByName
NOTE:The first parameter of the DisplayMessage call is a unique integer identifier for each action. When calling the Message by name, the name specified MUST EXACTLY match the DisplayMessage specified in the policy.
JScript:
Action.DisplayMessage("40","Message40", "Message Here", "question", "");
Action.Sleep(10000);
Action.DisplayMessageByName("Message40");
VBScript:
Action.DisplayMessage "40","Message40", "Message Here", "question", "" Action.Sleep(10000) Action.DisplayMessageByName "Message40"
Example 6-2 Details:
This script will create a Message Box with all parameters and then wait 10 seconds, (during which the tester should click Ok to end box display) and then it will be displayed by the ID and wait 10 seconds, (again, the tester should click Ok to end box display) and then it will display the Message Box by
EnableAdapterType
JScript:
Action.EnableAdapterType(false, eWIRELESS); Action.EnableAdapterType(true, eWIRELESS); Action.EnableAdapterType(false, eWIRED); Action.EnableAdapterType(true, eWIRED); Action.EnableAdapterType(false, eDIALUPCONN); Action.EnableAdapterType(true, eDIALUPCONN);
VBScript:
Action.EnableAdapterType false, eWIRELESS Action.EnableAdapterType true, eWIRELESS Action.EnableAdapterType false, eWIRED Action.EnableAdapterType true, eWIRED Action.EnableAdapterType false, eDIALUPCONN Action.EnableAdapterType true, eDIALUPCONN
Launch
NOTE:The first parameter of the Launch call is a unique integer identifier for each action.
JScript:
Action.Launch("50","C:\calco.exe","");
VBScript:
Action.Launch "51","C:\calco.exe",""
LaunchAsSystem
JScript:
Action.LaunchAsSystem("C:\calco.exe"," sParameters ", "sWorkingDir",true);
VBScript:
Action.LaunchAsSystem "C:\calco.exe"," sParameters"," sWorkingDir",true
LaunchAsUserWithCode
This launches in the user context and returns the exit code of the application launched.
JScript:
Action.LaunchAsUserWithCode(appToLaunch, "sParameters", "sWorkingDir", bShow, bWait, nExitCode);
VBScript:
Action.LaunchAsUserWithCode appToLaunch, "sParameters", "sWorkingDir", bShow, bWait, nExitCode
Example 6-3 Details:
Preliminary setup required creating a policy which included a new Integrity rule with a custom message. The custom message included a launch link which was added to the SCC menu bar.
LaunchLinkByName
NOTE:When setting the LaunchLink by name, the name specified MUST EXACTLY match the launch link specified in the policy.
JScript:
Action.LaunchLinkByName("MyLink");
VBScript:
Action.LaunchLinkByName "MyLink"
LogEvent
JScript:
Action.LogEvent("MyEvent", eALARM, "This is a log test message");
VBScript:
Action.LogEvent "MyEvent", eALARM, "This is a vb log test message"
Example 6-4 Details:
Pre-requisite is that logging needs to be enabled.
Message
Asynchronous Message (displayed and script continues):
JScript:
Action.Message("Display sync message");
VBScript:
Action.Message "Display sync message"
Synchronous Message (displayed and waits for user respond before the script continues):
NOTE:nTimeoutSeconds values of -1 or 0 will NEVER timeout
nMessageType (buttons shown):
-
Ok/Cancel
-
Abort/Retry/Ignore
-
Yes/No/Cancel
Currently, the return value which of these buttons pressed by the user is NOT returned, so it is NOT helpful for conditional logic control.
JScript:
Action.Message("Message Title Bar", nMessageType, nTimeoutSeconds);
VBScript:
Action.Message "Message Title Bar", nMessageType, nTimeoutSeconds
PauseService
JScript:
Action.PauseService("lanmanworkstation");
VBScript:
Action.PauseService "lanmanworkstation"
Example 6-5 Details:
Make sure you use the actual service name, not the display name.
Prompt
This API creates dialog boxes and user interfaces. It will be covered in a future revision given the complexity and need for examples.
StartService
JScript:
Action.StartService("lanmanworkstation","");
VBScript:
Action.StartService "lanmanworkstation",""
Example 6-6 Details:
Make sure you use the actual service name, not the display name.
StopService
JScript:
Action.StopService("lanmanworkstation");
VBScript:
Action.StopService "lanmanworkstation"
Example 6-7 Details:
Make sure you use the actual service name, not the display name.
WriteRegistryDWORD, WriteRegistryString
JScript:
var ret = Action.CreateRegistryKey(eLOCAL_MACHINE,"Software\\Novell","Tester");
if(ret == true)
Action.Trace("Create Key is Successful");
else
Action.Trace("Create Key did not work");
Action.WriteRegistryDWORD(eLOCAL_MACHINE,"Software\\Novell\\Tester","val1",24);
Action.WriteRegistryString(eLOCAL_MACHINE,"Software\\Novell\\Tester","val2","Novell");
VBScript:
dim ret
ret = Action.CreateRegistryKey(eLOCAL_MACHINE,"Software\\Novell","Tester")
if(ret = true) then
Action.Trace("Create Key is Successful")
else
Action.Trace("Create Key did not work")
end if
Action.WriteRegistryDWORD eLOCAL_MACHINE,"Software\\Novell\\Tester","val1",24
Action.WriteRegistryString eLOCAL_MACHINE,"Software\\Novell\\Tester","val2","Novell"
Query Namespace, FileExistsVersion
JScript:
var ret;
ret = Query.FileExistsVersion("C:","ocalco.exe",eEQUAL,"5","1","2600","0");
if(ret == 1)
Action.Trace("File is Equal");
else
Action.Trace("File is Not Equal");
VBScript:
dim ret
ret = Query.FileExistsVersion("C:\","ocalco.exe",eEQUAL,"5","1","2600","0")
if(ret = true) then
Action.Trace("File is Equal")
else
Action.Trace("File is Not Equal")
end if
NOTE:Not all files have file version information.
Script as above performed correctly.
GetAdapters
JScript:
var adplist;
var adplength;
var adp;
adplist = Query.GetAdapters();
adplength = adplist.Length;
Action.Trace("adplength = " + adplength);
if(adplength > 0)
{
adp = adplist.Item(0);
Action.Trace("DeviceID = " + adp.DeviceID);
Action.Trace("Enabled = " + adp.Enabled);
Action.Trace("IP = " + adp.IP);
Action.Trace("MAC = " + adp.MAC);
Action.Trace("MaxSpeed = " + adp.MaxSpeed);
Action.Trace("Name = " + adp.Name);
Action.Trace("SubNetMask = " + adp.SubNetMask);
Action.Trace("Type = " + adp.Type);
}
VBScript:
dim adplist
dim adplength
dim adp
set adplist = Query.GetAdapters()
adplength = CInt(adplist.Length)
Action.Trace("adplength = " & adplength)
if(adplength > 0) then
set adp = adplist.Item(0)
Action.Trace("DeviceID = " & adp.DeviceID)
Action.Trace("Enabled = " & adp.Enabled)
Action.Trace("IP = " & adp.IP)
Action.Trace("MAC = " & adp.MAC)
Action.Trace("MaxSpeed = " & CLng(adp.MaxSpeed))
Action.Trace("Name = " & adp.Name)
Action.Trace("SubNetMask = " & adp.SubNetMask)
Action.Trace("Type = " & adp.Type)
end if
Example 6-8 Details:
This script will get a list of adapters, the length of the list (number of adapters) and enumerate the properties of the first index in the list.
GetCheckinTime
JScript:
var ret;
ret = Query.GetCheckinTime();
Action.Trace("LastCheckIn = " + ret);
VBScript:
dim ret
ret = Query.GetCheckinTime()
Action.Trace("LastCheckIn = " & ret)
GetLocationMatchData, LocationMatchCount
JScript:
var envdata;
var envdatalength;
envdatalength = Query.LocationMatchCount;
Action.Trace("MatchCount = " + envdatalength);
if(envdatalength > 0)
{
envdata = Query.GetLocationMatchData(0);
Action.Trace("IP = " + envdata.IP);
Action.Trace("MAC = " + envdata.MAC);
Action.Trace("SSID = " + envdata.SSID);
Action.Trace("Type = " + envdata.Type);
}
VBScript:
dim envdata
dim envdatalength
envdatalength = Query.LocationMatchCount
Action.Trace("MatchCount = " & envdatalength)
if(envdatalength > 0) then
set envdata = Query.GetLocationMatchData(0)
Action.Trace("IP = " & envdata.IP)
Action.Trace("MAC = " & envdata.MAC)
Action.Trace("SSID = " & envdata.SSID)
Action.Trace("Type = " & envdata.Type)
end if
Example 6-9 Details:
This script requires an environment to be defined for a location in the policy in order to provide useful data. This script will then get the Location Match Count and if it is greater than 0, then it will enumerate the attributes for the first Location Match Data.
IsAdapterTypeConnected
JScript:
var ret;
ret = Query.IsAdapterTypeConnected(eWIRED);
Action.Trace("IsWiredConnected = " + ret);
ret = Query.IsAdapterTypeConnected(eWIRELESS);
Action.Trace("IsWirelessConnected = " + ret);
ret = Query.IsAdapterTypeConnected(eDIALUPCONN);
Action.Trace("IsModemConnected = " + ret);
VBScript:
dim ret
ret = Query.IsAdapterTypeConnected(eWIRED)
Action.Trace("IsWiredConnected = " & ret)
ret = Query.IsAdapterTypeConnected(eWIRELESS)
Action.Trace("IsWirelessConnected = " & ret)
ret = Query.IsAdapterTypeConnected(eDIALUPCONN)
Action.Trace("IsModemConnected = " & ret)
IsAuthenticated
JScript:
var ret = Query.IsAuthenticated();
Action.Trace("Is authenticated = " + ret);
VBScript:
dim ret
ret = Query.IsAuthenticated()
Action.Trace("Is authenticated = " & ret)
IsWindowsXP
JScript:
var ret = Query.IsWindowsXP();
Action.Trace("Is XP = " + ret);
VBScript:
dim ret
ret = Query.IsWindowsXP()
Action.Trace("Is XP = " & ret)
IsWindows2000
JScript:
var ret = Query.IsWindows2000();
Action.Trace("Is Win2000 = " + ret);
VBScript:
dim ret
ret = Query.IsWindows2000()
Action.Trace("Is Win2000 = " & ret)
ProcessIsRunning
JScript:
var ret = Query.ProcessIsRunning("STEngine.exe",eEQUAL,"","","","");
Action.Trace("Is Running = " + ret);
VBScript:
dim ret
ret = Query.ProcessIsRunning("STEngine.exe",eEQUAL,"","","","")
Action.Trace("Is Win2000 = " & ret)
RegistryKeyExists
JScript:
var ret;
ret = Query.RegistryKeyExists(eLOCAL_MACHINE,"Software\\Novell");
Action.Trace("Reg Key Exists = " + ret);
VBScript:
dim ret
ret = Query.RegistryKeyExists(eLOCAL_MACHINE,"Software\\Novell")
Action.Trace("Reg Key Exists = " & ret)
RegistryValueDWORD
JScript:
var ret;
ret = Query.RegistryKeyExists(eLOCAL_MACHINE,"Software\\Novell\\Logging");
Action.Trace("Reg Key Exists = " + ret);
ret = Query.RegistryValueDWORD(eLOCAL_MACHINE,"Software\\Novell\\Logging","Enabled");
Action.Trace("Reg Value = " + ret);
VBScript:
dim ret
ret = Query.RegistryKeyExists(eLOCAL_MACHINE,"Software\Novell\Logging")
Action.Trace("Reg Key Exists = " & ret)
ret = Query.RegistryValueDWORD(eLOCAL_MACHINE,"Software\Novell\Logging","Enabled")
Action.Trace("Reg Value = " & CLng(ret))
RegistryValueExists
JScript:
var ret;
ret = Query.RegistryKeyExists(eLOCAL_MACHINE,"Software\\Novell\\Logging");
Action.Trace("Reg Key Exists = " + ret);
ret = Query.RegistryValueExists(eLOCAL_MACHINE,"Software\\Novell\\Logging","Enabled",eDWORD);
Action.Trace("Reg Value Exists = " + ret);
VBScript:
dim ret
ret = Query.RegistryKeyExists(eLOCAL_MACHINE,"Software\\Novell\\Logging")
Action.Trace("Reg Key Exists = " & ret)
ret = Query.RegistryValueExists(eLOCAL_MACHINE,"Software\\Novell\\Logging","Enabled",eDWORD)
Action.Trace("Reg Value Exists = " & ret)
RegistryValueString
JScript:
var ret;
ret = Query.RegistryKeyExists(eLOCAL_MACHINE,"Software\\Novell\\Logging");
Action.Trace("Reg Key Exists = " + ret);
ret = Query.RegistryValueString(eLOCAL_MACHINE,"Software\\Novell\\Logging","test");
Action.Trace("Reg Value Is = " + ret);
VBScript:
dim ret
ret = Query.RegistryKeyExists(eLOCAL_MACHINE,"Software\\Novell\\Logging")
Action.Trace("Reg Key Exists = " & ret)
ret = Query.RegistryValueString(eLOCAL_MACHINE,"Software\\Novell\\Logging","test")
Action.Trace("Reg Value Is = " & ret)
LocationName, LocationUuid, MaxConnectionSpeed, OSServicePack, PolicyName, PolicyTime, PolicyUuid, LocationIsStamped, TriggerEvent, TriggerEventData1
JScript:
var ret;
ret = Query.LocationName;
Action.Trace("Location Name = " + ret);
ret = Query.LocationUuid;
Action.Trace("Location Uuid = " + ret);
ret = Query.MaxConnectionSpeed;
Action.Trace("MaxConnectionSpeed = " + ret);
ret = Query.OSServicePack;
Action.Trace("OSServicePack = " + ret);
ret = Query.PolicyName;
Action.Trace("PolicyName = " + ret);
ret = Query.PolicyTime;
Action.Trace("PolicyTime = " + ret);
ret = Query.PolicyUuid;
Action.Trace("PolicyUuid = " + ret);
ret = Query.LocationIsStamped;
Action.Trace("LocationIsStamped = " + ret);
ret = Query.TriggerEvent;
Action.Trace("TriggerEvent = " + ret);
ret = Query.TriggerEventParameter;
Action.Trace("TriggerEventParameter = " + ret);
VBScript:
dim ret
ret = Query.LocationName
Action.Trace("Location Name = " & ret)
ret = Query.LocationUuid
Action.Trace("Location Uuid = " & ret)
ret = Query.MaxConnectionSpeed
Action.Trace("MaxConnectionSpeed = " & CLng(ret))
ret = Query.OSServicePack
Action.Trace("OSServicePack = " & ret)
ret = Query.PolicyName
Action.Trace("PolicyName = " & ret)
ret = Query.PolicyTime
Action.Trace("PolicyTime = " & ret)
ret = Query.PolicyUuid
Action.Trace("PolicyUuid = " & ret)
ret = Query.LocationIsStamped
Action.Trace("LocationIsStamped = " & ret)
ret = Query.TriggerEvent
Action.Trace("TriggerEvent = " & ret)
ret = Query.TriggerEventParameter
Action.Trace("TriggerEventParameter = " & ret)
RemovableMediaState, CDMediaState, HDCState, WiFiDisabledState, WiFiDisabledWhenWiredState, AdHocDisabledState, AdapterBridgeDisabledState, MinimumWiFiSecurityState, DialupDisabledState
JScript:
var ret;
Action.Trace("Reset Policy Change");
ret = Action.RemovableMediaState(-1, ePolicyChange);
Action.Trace("RemovableMediaState = " + ret);
ret = Action.CDMediaState(-1, ePolicyChange);
Action.Trace("CDMediaState = " + ret);
ret = Action.HDCState(eApplyGlobalSetting, eIrDA, ePolicyChange);
Action.Trace("\nHDCState(eApplyGlobalSetting, eIrDA) = " + ret);
ret = Action.HDCState(eApplyGlobalSetting, e1394, ePolicyChange);
Action.Trace("HDCState(eApplyGlobalSetting, e1394) = " + ret);
ret = Action.HDCState(eApplyGlobalSetting, eBlueTooth, ePolicyChange);
Action.Trace("HDCState(eApplyGlobalSetting, eBlueTooth) = " + ret);
ret = Action.HDCState(eApplyGlobalSetting, eSerialPort, ePolicyChange);
Action.Trace("HDCState(eApplyGlobalSetting, eSerialPort) = " + ret);
ret = Action.HDCState(eApplyGlobalSetting, eParrallelPort, ePolicyChange);
Action.Trace("HDCState(eApplyGlobalSetting, eParrallelPort) = " + ret);
ret = Action.WiFiDisabledState(eApplyGlobalSetting, ePolicyChange);
Action.Trace("\n WiFiDisabledState = " + ret);
ret = Action.WiFiDisabledWhenWiredState(eApplyGlobalSetting, ePolicyChange);
Action.Trace("WiFiDisabledWhenWiredState = " + ret);
ret = Action.AdHocDisabledState(eApplyGlobalSetting, ePolicyChange);
Action.Trace("AdHocDisabledState = " + ret);
ret = Action.AdapterBridgeDisabledState(eApplyGlobalSetting, ePolicyChange);
Action.Trace("AdapterBridgeDisabledState = " + ret);
ret = Action.MinimumWiFiSecurityState(eGlobalSetting, ePolicyChange);
Action.Trace("MinimumWiFiSecurityState = " + ret);
ret = Action.WiredDisabledState(eGlobalSetting, ePolicyChange);
Action.Trace("WiredDisabledState = " + ret);
ret = Action.DialupDisabledState(eGlobalSetting, ePolicyChange);
Action.Trace("DialupDisabledState = " + ret);
Action.Trace("Reset Location Change state");
ret = Action.RemovableMediaState(-1, eLocationChange);
Action.Trace("RemovableMediaState = " + ret);
ret = Action.CDMediaState(-1, eLocationChange);
Action.Trace("CDMediaState = " + ret);
ret = Action.HDCState(eApplyGlobalSetting, eIrDA, eLocationChange);
Action.Trace("\n HDCState(eApplyGlobalSetting, eIrDA) = " + ret);
ret = Action.HDCState(eApplyGlobalSetting, e1394, eLocationChange);
Action.Trace("HDCState(eApplyGlobalSetting, e1394) = " + ret);
ret = Action.HDCState(eApplyGlobalSetting, eBlueTooth, eLocationChange);
Action.Trace("HDCState(eApplyGlobalSetting, eBlueTooth) = " + ret);
ret = Action.HDCState(eApplyGlobalSetting, eSerialPort, eLocationChange);
Action.Trace("HDCState(eApplyGlobalSetting, eSerialPort) = " + ret);
ret = Action.HDCState(eApplyGlobalSetting, eParrallelPort, eLocationChange);
Action.Trace("HDCState(eApplyGlobalSetting, eParrallelPort) = " + ret);
ret = Action.WiFiDisabledState(eApplyGlobalSetting, eLocationChange);
Action.Trace("\n WiFiDisabledState = " + ret);
ret = Action.WiFiDisabledWhenWiredState(eApplyGlobalSetting, eLocationChange);
Action.Trace("WiFiDisabledWhenWiredState = " + ret);
ret = Action.AdHocDisabledState(eApplyGlobalSetting, eLocationChange);
Action.Trace("AdHocDisabledState = " + ret);
ret = Action.AdapterBridgeDisabledState(eApplyGlobalSetting, eLocationChange);
Action.Trace("AdapterBridgeDisabledState = " + ret);
ret = Action.MinimumWiFiSecurityState(eGlobalSetting, eLocationChange);
Action.Trace("MinimumWiFiSecurityState = " + ret);
ret = Action.WiredDisabledState(eGlobalSetting, eLocationChange);
Action.Trace("WiredDisabledState = " + ret);
ret = Action.DialupDisabledState(eGlobalSetting, eLocationChange);
Action.Trace("DialupDisabledState = " + ret);
VBScript:
dim ret;
Action.Trace("Reset Policy Change")
ret = Action.RemovableMediaState(-1, ePolicyChange)
Action.Trace("RemovableMediaState = " & ret)
ret = Action.CDMediaState(-1, ePolicyChange)
Action.Trace("CDMediaState = " & ret)
ret = Action.HDCState(eApplyGlobalSetting, eIrDA, ePolicyChange)
Action.Trace("\n HDCState(eApplyGlobalSetting, eIrDA) = " & ret)
ret = Action.HDCState(eApplyGlobalSetting, e1394, ePolicyChange)
Action.Trace("HDCState(eApplyGlobalSetting, e1394) = " & ret)
ret = Action.HDCState(eApplyGlobalSetting, eBlueTooth, ePolicyChange)
Action.Trace("HDCState(eApplyGlobalSetting, eBlueTooth) = " & ret)
ret = Action.HDCState(eApplyGlobalSetting, eSerialPort, ePolicyChange)
Action.Trace("HDCState(eApplyGlobalSetting, eSerialPort) = " & ret)
ret = Action.HDCState(eApplyGlobalSetting, eParrallelPort, ePolicyChange)
Action.Trace("HDCState(eApplyGlobalSetting, eParrallelPort) = " & ret)
ret = Action.WiFiDisabledState(eApplyGlobalSetting, ePolicyChange)
Action.Trace("\nWiFiDisabledState = " & ret)
ret = Action.WiFiDisabledWhenWiredState(eApplyGlobalSetting, ePolicyChange)
Action.Trace("WiFiDisabledWhenWiredState = " & ret)
ret = Action.AdHocDisabledState(eApplyGlobalSetting, ePolicyChange)
Action.Trace("AdHocDisabledState = " & ret)
ret = Action.AdapterBridgeDisabledState(eApplyGlobalSetting, ePolicyChange)
Action.Trace("AdapterBridgeDisabledState = " & ret)
ret = Action.MinimumWiFiSecurityState(eGlobalSetting, ePolicyChange)
Action.Trace("MinimumWiFiSecurityState = " & ret)
ret = Action.WiredDisabledState(eGlobalSetting, ePolicyChange)
Action.Trace("WiredDisabledState = " & ret)
ret = Action.DialupDisabledState(eGlobalSetting, ePolicyChange)
Action.Trace("DialupDisabledState = " & ret)
Action.Trace("Reset Location Change state")
ret = Action.RemovableMediaState(-1, eLocationChange)
Action.Trace("RemovableMediaState = " & ret)
ret = Action.CDMediaState(-1, eLocationChange)
Action.Trace("CDMediaState = " & ret)
ret = Action.HDCState(eApplyGlobalSetting, eIrDA, eLocationChange)
Action.Trace("\nHDCState(eApplyGlobalSetting, eIrDA) = " & ret)
ret = Action.HDCState(eApplyGlobalSetting, e1394, eLocationChange)
Action.Trace("HDCState(eApplyGlobalSetting, e1394) = " & ret)
ret = Action.HDCState(eApplyGlobalSetting, eBlueTooth, eLocationChange)
Action.Trace("HDCState(eApplyGlobalSetting, eBlueTooth) = " & ret)
ret = Action.HDCState(eApplyGlobalSetting, eSerialPort, eLocationChange)
Action.Trace("HDCState(eApplyGlobalSetting, eSerialPort) = " & ret)
ret = Action.HDCState(eApplyGlobalSetting, eParrallelPort, eLocationChange)
Action.Trace("HDCState(eApplyGlobalSetting, eParrallelPort) = " & ret)
ret = Action.WiFiDisabledState(eApplyGlobalSetting, eLocationChange)
Action.Trace("\nWiFiDisabledState = " & ret)
ret = Action.WiFiDisabledWhenWiredState(eApplyGlobalSetting, eLocationChange)
Action.Trace("WiFiDisabledWhenWiredState = " & ret)
ret = Action.AdHocDisabledState(eApplyGlobalSetting, eLocationChange)
Action.Trace("AdHocDisabledState = " & ret)
ret = Action.AdapterBridgeDisabledState(eApplyGlobalSetting, eLocationChange)
Action.Trace("AdapterBridgeDisabledState = " & ret)
ret = Action.MinimumWiFiSecurityState(eGlobalSetting, eLocationChange)
Action.Trace("MinimumWiFiSecurityState = " & ret)
ret = Action.WiredDisabledState(eGlobalSetting, eLocationChange)
Action.Trace("WiredDisabledState = " & ret)
ret = Action.DialupDisabledState(eGlobalSetting, eLocationChange)
Action.Trace("DialupDisabledState = " & ret)
RemovableMediaState, CDMediaState, HDCState, IsWiFiDisabled, IsWiFiDisabledWhenWired, IsAdHocDisabled, IsAdapterBridgeDisabled, MinimumWiFiSecurityState, IsWiredDisabled, IsDialupDisabled
JScript:
var ret;
Action.Trace("Status");
ret = Query.RemovableMediaState();
Action.Trace( "RemovableMediaState = " + ret);
ret = Query.CDMediaState();
Action.Trace( "CDMediaState = " + ret);
ret = Query.HDCState(eIrDA);
Action.Trace("\n HDCState(eIrDA) = " + ret);
ret = Query.HDCState(e1394);
Action.Trace( "HDCState(e1394) = " + ret);
ret = Query.HDCState(eBlueTooth);
Action.Trace( "HDCState(eBlueTooth) = " + ret);
ret = Query.HDCState(eSerialPort);
Action.Trace( "HDCState(eSerialPort) = " + ret);
ret = Query.HDCState(eParrallelPort);
Action.Trace( "HDCState(eParrallelPort) = " + ret);
ret = Query.IsWiFiDisabled();
Action.Trace("\n IsWiFiDisabled = " + ret);
ret = Query.IsWiFiDisabledWhenWired();
Action.Trace( "IsWiFiDisabledWhenWired = " + ret);
ret = Query.IsAdHocDisabled();
Action.Trace( "IsAdHocDisabled = " + ret);
ret = Query.IsAdapterBridgeDisabled();
Action.Trace( "IsAdapterBridgeDisabled = " + ret);
ret = Query.MinimumWiFiSecurityState();
Action.Trace( "MinimumWiFiSecurityState = " + ret);
ret = Query.IsWiredDisabled();
Action.Trace( "IsWiredDisabled = " + ret);
ret = Query.IsDialupDisabled();
Action.Trace( "IsDialupDisabled = " + ret);
VBScript:
dim ret;
Action.Trace("Status")
ret = Query.RemovableMediaState()
Action.Trace( "RemovableMediaState = " & ret)
ret = Query.CDMediaState()
Action.Trace( "CDMediaState = " & ret)
ret = Query.HDCState(eIrDA)
Action.Trace("\n HDCState(eIrDA) = " & ret)
ret = Query.HDCState(e1394)
Action.Trace( "HDCState(e1394) = " & ret)
ret = Query.HDCState(eBlueTooth)
Action.Trace( "HDCState(eBlueTooth) = " & ret)
ret = Query.HDCState(eSerialPort)
Action.Trace( "HDCState(eSerialPort) = " & ret)
ret = Query.HDCState(eParrallelPort)
Action.Trace( "HDCState(eParrallelPort) = " & ret)
ret = Query.IsWiFiDisabled()
Action.Trace("\n IsWiFiDisabled = " & ret)
ret = Query.IsWiFiDisabledWhenWired()
Action.Trace( "IsWiFiDisabledWhenWired = " & ret)
ret = Query.IsAdHocDisabled()
Action.Trace( "IsAdHocDisabled = " & ret)
ret = Query.IsAdapterBridgeDisabled()
Action.Trace( "IsAdapterBridgeDisabled = " & ret)
ret = Query.MinimumWiFiSecurityState()
Action.Trace( "MinimumWiFiSecurityState = " & ret)
ret = Query.IsWiredDisabled()
Action.Trace( "IsWiredDisabled = " & ret)
ret = Query.IsDialupDisabled()
Action.Trace( "IsDialupDisabled = " & ret)
Storage Namespace
There are two kinds of storage in the Endpoint Security Client storage space. Persistent storage remains between sessions of the client, while transient storage exists only for the duration of the client. Transient values can be accessed in each rule script invocation. Also, persistent storage can only store and retrieve string values, while transient storage store and retrieve those values that a VARIANT can hold.
NOTE:Each script variable stored in the "secure store" is preceded by a "rule id" (one for each script). Variables that need to be shared between scripts MUST have a forward slash BEFORE the variable name in EACH "persist" function accessing them to make that variable global, or accessible, to each script:
Example - "global" variable between scripts: "boolWarnedOnPreviousLoop"
Storage.PersistValueExists("/boolWarnedOnPreviousLoop");
SetNameValue, NameValueExists, GetNameValue
JScript:
var ret;
Storage.SetNameValue("testval",5);
ret = Storage.NameValueExists("testval");
Action.Trace("NameValueExists = " + ret);
ret = Storage.GetNameValue("testval");
Action.Trace("GetNameValue = " + ret);
VBScript:
dim ret
Storage.SetNameValue "testval",5
ret = Storage.NameValueExists("testval")
Action.Trace("NameValueExists = " & ret)
ret = Storage.GetNameValue("testval")
Action.Trace("GetNameValue = " & ret)
SetPersistString, PersistValueExists, GetPersistString
JScript:
var ret;
Storage.SetPersistString("teststr","pstring");
ret = Storage.PersistValueExists("teststr");
Action.Trace("PersistValueExists = " + ret);
ret = Storage.GetPersistString("teststr");
Action.Trace("GetPersistString = " + ret);
VBScript:
dim ret
Storage.SetPersistString "teststr", "pstring"
ret = Storage.PersistValueExists("teststr")
Action.Trace("PersistValueExists = " & ret)
ret = Storage.GetPersistString("teststr")
Action.Trace("GetPersistString = " & ret)
RuleState
JScript:
Storage.RuleState = true;
var ret = Storage.RuleState;
Action.Trace("RuleState = " + ret);
VBScript:
dim ret
Storage.RuleState = true
ret = Storage.RuleState
Action.Trace("RuleState = " & ret)
RetrySeconds
JScript:
var ret;
Storage.RetrySeconds = 30;
ret = Storage.RetrySeconds;
Action.Trace("RetrySeconds = " + ret);
VBScript:
dim ret
Storage.RetrySeconds = 30
ret = Storage.RetrySeconds
Action.Trace("RetrySeconds = " & ret)
Interfaces
These interfaces are returned by one of the methods of the namespaces described in section 3 or by one of the methods or properties of the following interfaces.
IClientAdapter Interface
This interface returns information about an adapter.
GetNetworkEnvironment
JScript:
var adplist;
var adplength;
var adp;
var env;
var ret;
adplist = Query.GetAdapters();
adplength = adplist.Length;
Action.Trace("adplength = " + adplength);
if(adplength > 0)
{
adp = adplist.Item(0);
env = adp.GetNetworkEnvironment();
ret = env.DHCPCount;
Action.Trace("DHCPCount = " + ret);
ret = env.DNSCount;
Action.Trace("DNSCount = " + ret);
ret = env.GatewayCount;
Action.Trace("GatewayCount = " + ret);
ret = env.WINSCount;
Action.Trace("WINSCount = " + ret);
}
VBScript:
dim adplist
dim adplength
dim adp
dim env
dim ret
set adplist = Query.GetAdapters()
adplength = adplist.Length
Action.Trace("adplength = " & CInt(adplength))
if(CInt(adplength) > 0) then
set adp = adplist.Item(0)
set env = adp.GetNetworkEnvironment()
ret = env.DHCPCount
Action.Trace("DHCPCount = " & ret)
ret = env.DNSCount
Action.Trace("DNSCount = " & ret)
ret = env.GatewayCount
Action.Trace("GatewayCount = " & ret)
ret = env.WINSCount
Action.Trace("WINSCount = " & ret)
end if
DeviceID
See Query Namespace - GetAdapters
Enabled
See Query Namespace - GetAdapters
IP
See Query Namespace - GetAdapters
MAC
See Query Namespace - GetAdapters
MaxSpeed
See Query Namespace - GetAdapters
Name
See Query Namespace - GetAdapters
SubNetMask
See Query Namespace - GetAdapters
Type
See Query Namespace - GetAdapters
IClientEnvData Interface
This interface returns environment data about a Server or Wireless Access Point.
IP
See Query Namespace - GetLocationMatchData
MAC
See Query Namespace - GetLocationMatchData
SSIP
See Query Namespace - GetLocationMatchData
Type
See Query Namespace - GetLocationMatchData
IClientNetEnv Interface
This interface provides Network Environment Information.
GetDHCPItem
JScript:
var adplist;
var adplength;
var adp;
var env;
var ret;
var item;
adplist = Query.GetAdapters();
adplength = adplist.Length;
Action.Trace("adplength = " + adplength);
if(adplength > 0)
{
adp = adplist.Item(0);
env = adp.GetNetworkEnvironment();
ret = env.DHCPCount;
Action.Trace("DHCPCount = " + ret);
if(ret > 0)
{
item = env.GetDHCPItem(0);
ret = item.IP;
Action.Trace("IP = " + ret);
}
}
VBScript:
dim adplist
dim adplength
dim adp
dim env
dim ret
dim item
set adplist = Query.GetAdapters()
adplength = adplist.Length
Action.Trace("adplength = " & CInt(adplength))
if(CInt(adplength) > 0) then
set adp = adplist.Item(0)
set env = adp.GetNetworkEnvironment()
ret = env.DHCPCount
Action.Trace("DHCPCount = " & ret)
if(ret > 0) then
set item = env.GetDHCPItem(0)
ret = item.IP
Action.Trace("IP = " & ret)
end if
end if
GetDNSItem
JScript:
var adplist;
var adplength;
var adp;
var env;
var ret;
var item;
adplist = Query.GetAdapters();
adplength = adplist.Length;
Action.Trace("adplength = " + adplength);
if(adplength > 0)
{
adp = adplist.Item(0);
env = adp.GetNetworkEnvironment();
ret = env.DNSCount;
Action.Trace("DNSCount = " + ret);
if(ret > 0)
{
item = env.GetDNSItem(0);
ret = item.IP;
Action.Trace("IP = " + ret);
}
}
VBScript:
dim adplist
dim adplength
dim adp
dim env
dim ret
dim item
set adplist = Query.GetAdapters()
adplength = adplist.Length
Action.Trace("adplength = " & CInt(adplength))
if(CInt(adplength) > 0) then
set adp = adplist.Item(0)
set env = adp.GetNetworkEnvironment()
ret = env.DNSCount
Action.Trace("DNSCount = " & ret)
if(ret > 0) then
set item = env.GetDNSItem(0)
ret = item.IP
Action.Trace("IP = " & ret)
end if
end if
GetGatewayItem
JScript:
var adplist;
var adplength;
var adp;
var env;
var ret;
var item;
adplist = Query.GetAdapters();
adplength = adplist.Length;
Action.Trace("adplength = " + adplength);
if(adplength > 0)
{
adp = adplist.Item(0);
env = adp.GetNetworkEnvironment();
ret = env.GatewayCount;
Action.Trace("GatewayCount = " + ret);
if(ret > 0)
{
item = env.GetGatewayItem(0);
ret = item.IP;
Action.Trace("IP = " + ret);
}
}
VBScript:
dim adplist
dim adplength
dim adp
dim env
dim ret
dim item
set adplist = Query.GetAdapters()
adplength = adplist.Length
Action.Trace("adplength = " & CInt(adplength))
if(CInt(adplength) > 0) then
set adp = adplist.Item(0)
set env = adp.GetNetworkEnvironment()
ret = env.GatewayCount
Action.Trace("GatewayCount = " & ret)
if(ret > 0) then
set item = env.GetGatewayItem(0)
ret = item.IP
Action.Trace("IP = " & ret)
end if
end if
GetWINSItem
JScript:
var adplist;
var adplength;
var adp;
var env;
var ret;
var item;
adplist = Query.GetAdapters();
adplength = adplist.Length;
Action.Trace("adplength = " + adplength);
if(adplength > 0)
{
adp = adplist.Item(0);
env = adp.GetNetworkEnvironment();
ret = env.WINSCount;
Action.Trace("WINSCount = " + ret);
if(ret > 0)
{
item = env.GetWINSItem(0);
ret = item.IP;
Action.Trace("IP = " + ret);
}
}
VBScript:
dim adplist
dim adplength
dim adp
dim env
dim ret
dim item
set adplist = Query.GetAdapters()
adplength = adplist.Length
Action.Trace("adplength = " & CInt(adplength))
if(CInt(adplength) > 0) then
set adp = adplist.Item(0)
set env = adp.GetNetworkEnvironment()
ret = env.WINSCount
Action.Trace("WINSCount = " & ret)
if(ret > 0) then
set item = env.GetWINSItem(0)
ret = item.IP
Action.Trace("IP = " & ret)
end if
end if
GetWirelessAPItem, WirelessAPCount
JScript:
var adplist;
var adplength;
var adp;
var env;
var apitem;
var adptype;
var adpname;
var apcount;
var i;
adplist = Query.GetAdapters();
adplength = adplist.Length;
Action.Trace("adplength = " + adplength);
if(adplength > 0)
{
for(i=0;i < adplength;i++)
{
adp = adplist.Item(i);
adptype = adp.Type;
if(adptype == eWIRELESS)
{
Action.Trace("Wireless index = " + i);
adpname = adp.Name;
Action.Trace("adp = " + adpname);
env = adp.GetNetworkEnvironment();
apcount = env.WirelessAPCount;
Action.Trace("WirelessAPCount = " + apcount);
if(apcount > 0)
{
apitem = env.GetWirelessAPItem(0);
Action.Trace("apitem.SSID = " + apitem.SSID);
}
}
}
}
VBScript:
dim adplist
dim adplength
dim adp
dim env
dim apitem
dim adptype
dim adpname
dim apcount
dim i
set adplist = Query.GetAdapters()
adplength = adplist.Length
Action.Trace("adplength = " & CInt(adplength))
if(CInt(adplength) > 0) then
For i = 0 To (CInt(adplength) - 1)
set adp = adplist.Item(i)
adptype = adp.Type
if(adptype = eWIRELESS) then
Action.Trace("Wireless index = " & i)
adpname = adp.Name
Action.Trace("adp = " & adpname)
set env = adp.GetNetworkEnvironment()
apcount = env.WirelessAPCount
Action.Trace("WirelessAPCount = " & apcount)
if(apcount > 0) then
set apitem = env.GetWirelessAPItem(0)
Action.Trace("apitem.SSID = " & apitem.SSID)
end if
end if
Next
end if
DHCPCount
See ICLIENTADAPTER Interface - GetNetworkEnvironment
DNSCount
See ICLIENTADAPTER Interface - GetNetworkEnvironment
GatewayCount
See ICLIENTADAPTER Interface - GetNetworkEnvironment
WINSCount
See ICLIENTADAPTER Interface - GetNetworkEnvironment
WirelessAPCount
See ICLIENTADAPTER Interface - GetNetworkEnvironment
IClientWAP Interface
This interface provides information about a Wireless Access Point.
AvgRssi
See IClientNetEnv Interface - GetWirelessAPItem
MAC
See IClientNetEnv Interface - GetWirelessAPItem
MaxRssi
See IClientNetEnv Interface - GetWirelessAPItem
MinRssi
See IClientNetEnv Interface - GetWirelessAPItem
Rssi
See IClientNetEnv Interface - GetWirelessAPItem
SSID
See IClientNetEnv Interface - GetWirelessAPItem
IClientAdapterList Interface
This interface is a list of adapters in the network environment.
Item & Length
See Query Namespace - GetAdapters