Creating and testing a Host Integrity Policy
The Host Integrity Policy is the foundation of Symantec Network Access Control. The policy that you create for this test is for demonstration purposes only. The policy detects the existence of an operating system and, when detected, generates a FAIL event. Normally, you would generate FAIL events for other reasons.
You can then test the Host Integrity Policy from the Symantec Endpoint Protection Manager Console.
If you purchased and installed Symantec Network Access Control and Symantec Endpoint Protection, you can create a firewall policy for the client computers that fail Host Integrity. If you run Symantec Enforcer with Symantec Network Access Control, you can isolate the clients that fail Host Integrity to specific network segments. This isolation prevents client authentication and domain access.
To create a Host Integrity Policy
In the console, click Policies.
Under View Policies, click and select Host Integrity.
In the right pane, if a Host Integrity Policy is highlighted in yellow, click the white space below the policies to deselect the policy.
Under Tasks, click Add a Host Integrity Policy.
In the Overview pane, in the Policy Name box, type a name for the policy.
In the Requirements pane, check Always do Host Integrity checking, and then click Add.
In the Add Requirement dialog box, in the Type drop-down menu, click Custom Requirement, and then click OK.
In the Custom Requirement window, in the Name box, type a name for the Custom Requirement.
Under Customized Requirement Script, right-click Insert Statements Below, and then click Add > IF .. THEN.
In the right pane, in the Select a condition drop-down menu, click Utility: Operating System is.
Under Operating system, check one or more operating systems that your client computers run.
Under Customized Requirement Script, right-click THEN //Insert statements here, and then click Add > Function > Utility: Show message dialog.
In the Caption of the message box, type a name to appear in the message title.
In the Test of the message box, type the text that you want the message to display.
To display information about the settings for the icons and the buttons that you can integrate with the message, click Help.
In the left pane, under Customized Requirement Script, click PASS.
In the right pane, under As the result of the requirement return, check Fail, and then click OK.
In the Host Integrity window, click OK.
In the Assign Policy prompt, click Yes.
In the Host Integrity Policy dialog box, check the group or groups to which to apply the policy and that contain your test client computers, and then click Assign.
In the Assign Host Integrity Policy prompt, click Yes.
To test a Host Integrity Policy
In the console, click Clients.
In the right pane, click the Clients tab.
In the left pane, under View, click and highlight the group that contains the client computers to which you applied the Host Integrity Policy.
Under Tasks, click Run Command on Group > Update Content.
Log on to a client computer that runs Symantec Network Access Control and note the message box that appears.
Because the rule triggered the fail test, the message box appears. After testing, disable or delete the test policy.