Registry Based EPA Scan on ADC to Look Active Device or Computer Name of Explicit

Registry Based EPA Scan on ADC to Look Active Device or Computer Name of Explicit

book

Article ID: CTX128039

calendar_today

Updated On:

Description

This article describes how to configure a registry-based EPA scan on NetScaler to look for the active device or computer name of an explicit workstation.

Background

When the user types the NetScaler Gateway web address, the NetScaler Gateway checks to see if there are any client-based security policies in place. This is called as pre-authentication policy. If pre-authentication policy is configured on NetScaler Gateway, it checks for the specified condition on the user device. These security checks verify that the user device has necessary security related operating system updates, antivirus protection, and a properly configured firewall.

If the user device fails the security check, the NetScaler Gateway blocks the user from logon. A user who is unable to logon, needs to download the necessary updates, packages, or keys and install them on the user device.

Instructions

To perform a registry-based scan expression to look for the active device or computer name of an explicit workstation, use either of the following registry keys:

Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.

ActiveComputerName

This registry key is located at - My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName.
rtaImage_1.png

The EPA expression to use on the NetScaler Gateway is:

CLIENT.REG('HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\ComputerName\\\\ActiveComputerName_ComputerName').VALUE== SJCLM02

Configure from NetScaler CLI

Run the following command from NetScaler CLI:
add aaa preauthenticationpolicy EPA_expression_ActiveComputerName q/CLIENT.REG('HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\ComputerName\\\\ActiveComputerName_ComputerName').VALUE == SJCLM02/ Test

Configure from NetScaler GUI

  1. From the configuration utility, in the navigation pane, click Access Gateway.
  2. In the details pane, under Policy Manager, click Change group settings and user permissions.
  3. In the Access Gateway Policy Manager, under Available Policies / Resources, click Pre-Authentication Policies.
  4. Under Related Tasks, click Create new preauthentication policy and complete the fields as shown in the following screen shot:

rtaImage_2.png

ComputerName

This registry key is located at - My Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName.


rtaImage_3.png

The EPA expression to use on the NetScaler Gateway is:
CLIENT.REG('HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\ComputerName\\\\ComputerName_ComputerName').VALUE == SJCLM02

Configure from NetScaler CLI

Run the following command from NetScaler CLI:
add aaa preauthenticationpolicy EPA_expression_ComputerName q/CLIENT.REG('HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\ComputerName\\\\ComputerName_ComputerName').VALUE == SJCLM02/ Test

Configure from NetScaler GUI

  1. From the configuration utility, in the navigation pane, click Access Gateway.
  2. In the details pane, under Policy Manager, click Change group settings and user permissions.
  3. In the Access Gateway Policy Manager, under Available Policies / Resources, click Pre-Authentication Policies.
  4. Under Related Tasks, click Create new preauthentication policy and complete the fields as shown in the following screen shot:

rtaImage_4.png

Single Policy to Look for Both Keys

Alternatively, you can use both expressions to create a single Pre-Authentication Policy and look for both registry keys.

Configure from NetScaler CLI

Run the following command from NetScaler CLI:
add aaa preauthenticationpolicy EPA_expression_REPRO q/CLIENT.REG('HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\ComputerName\\\\ComputerName_ComputerName').VALUE == SJCLM02 || CLIENT.REG('HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\ComputerName\\\\ActiveComputerName_ComputerName').VALUE == SJCLM02/ Test

Configure from NetScaler GUI

  1. From the configuration utility, in the navigation pane, click Access Gateway.
  2. In the details pane, under Policy Manager, click Change group settings and user permissions.
  3. In the Access Gateway Policy Manager, under Available Policies / Resources, click Pre-Authentication Policies.
  4. Under Related Tasks, click Create new preauthentication policy and complete the fields as shown in the following screen shot:

rtaImage_5.png

Environment

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Issue/Introduction

This article describes how to configure a registry based EPA scan on ADC to look active device/system name explicit workstation
Powered by Wolken Software