Enabling Customized Server-Side Policies (NSM Procedure)

For Windows clients, you can create global Host Checker policies that take a third-party J.E.D.I. DLL that you upload to the Infranet Controller and run on client machines.

Note: This feature is primarily provided for backwards compatibility. We recommend that you use integrity measurement collectors (IMCs) and integrity measurement verifiers (IMVs) instead.

To enable a customized server-side Host Checker policy:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the Infranet Controller for which you want to enable a customized server-side Host Checker policy.
  3. Click the Configuration tab. In the configuration tree, select Authentication > Endpoint Security > Host Checker > Settings.
  4. Under Policies, create a new policy and select 3rd Party Policy.
  5. Add or modify settings as specified in Table 53.
  6. Click one:
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 53: Customized Server-Side Policies Configuration Details

OptionFunctionYour Action

Package

Specifies the 3rd party policy package.

Select the package from the drop-down or browse for the package using the browse (+) button.

File Name

Specifies the filename.

Enter a filename.

Enable Custom Instructions

Specifies that custom instructions can be displayed to the user on the Host Checker remediation page.

Select this option and enter the custom instructions you want to display to the user on the Host Checker remediation page. You can use the following HTML tags to format text and add links to resources such as policy servers or Web sites: <i>, <b>, <br>, <font>, and <a href>.

Remediate

Specifies that remediation actions are enabled.

Select this option.

Kill Processes

Specifies the processes you want to kill if the user’s computer does not meet the policy requirements. You can include an optional MD5 checksum for the process.

Select this option and on each line enter the name of one or more processes you want to kill.

Note: You cannot use wildcards in the process name.

Delete Files

Specifies the filenames to be deleted if the user’s computer does not meet the policy requirements.

Select this option and add or modify files to be deleted.

Note: You cannot use wildcards in the filename.

Send reason strings

Displays a message to users (called a reason string) that is returned by Host Checker or IMV and explains why the client machine does not meet the Host Checker policy requirements. This option applies to predefined rules, custom rules, and to third-party IMVs that use extensions in the Juniper Networks TNC SDK.

Select this option.

Related Documentation