Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Enabling Customized Server-Side Policies (NSM Procedure)

    For Windows clients, you can create global Host Checker policies that take a third-party J.E.D.I. DLL that you upload to the Infranet Controller and run on client machines.

    Note: This feature is primarily provided for backwards compatibility. We recommend that you use integrity measurement collectors (IMCs) and integrity measurement verifiers (IMVs) instead.

    To enable a customized server-side Host Checker policy:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the Infranet Controller for which you want to enable a customized server-side Host Checker policy.
    3. Click the Configuration tab. In the configuration tree, select Authentication > Endpoint Security > Host Checker > Settings.
    4. Under Policies, create a new policy and select 3rd Party Policy.
    5. Add or modify settings as specified in Table 1.
    6. Click one:
      • OK—Saves the changes.
      • Cancel—Cancels the modifications.

    Table 1: Customized Server-Side Policies Configuration Details

    OptionFunctionYour Action


    Specifies the 3rd party policy package.

    Select the package from the drop-down or browse for the package using the browse (+) button.

    File Name

    Specifies the filename.

    Enter a filename.

    Enable Custom Instructions

    Specifies that custom instructions can be displayed to the user on the Host Checker remediation page.

    Select this option and enter the custom instructions you want to display to the user on the Host Checker remediation page. You can use the following HTML tags to format text and add links to resources such as policy servers or Web sites: <i>, <b>, <br>, <font>, and <a href>.


    Specifies that remediation actions are enabled.

    Select this option.

    Kill Processes

    Specifies the processes you want to kill if the user’s computer does not meet the policy requirements. You can include an optional MD5 checksum for the process.

    Select this option and on each line enter the name of one or more processes you want to kill.

    Note: You cannot use wildcards in the process name.

    Delete Files

    Specifies the filenames to be deleted if the user’s computer does not meet the policy requirements.

    Select this option and add or modify files to be deleted.

    Note: You cannot use wildcards in the filename.

    Send reason strings

    Displays a message to users (called a reason string) that is returned by Host Checker or IMV and explains why the client machine does not meet the Host Checker policy requirements. This option applies to predefined rules, custom rules, and to third-party IMVs that use extensions in the Juniper Networks TNC SDK.

    Select this option.

    Published: 2012-11-28