Possible to check if computer is a Active Directory computer?
Created: 29 Nov 2011 | 2 comments
Hello everybody,
Our company is looking at Symantec Network Access Control 11. Is it prossible to let the Network Access Control server check if the client is part of our Active Directoy domain?
If it is possible to use that check; is it then possible to route the clients, which fails the check, to a guest VLAN?
Many thanks in advance.
V
Discussion Filed Under:
Comments
LAN Enforcement is best option
Yes, the SNAC LAN Enforcer is designed to assign clients to specific VLANs based on Host Integrity checks and autnetication criteria. VLAN assignments can occur for multiple reasons, such as no SNAC agent is installed or if AV is out of date. Using RADIUS on your network in conjunction with the LAN Enforcer would be the best configuration for your environment - allowing RADIUS to manage the AD authentication process.
Let me know if you have any outstanding questons.
How to check if Machine is member of your AD Domain using SNAC
Here a way I know how to do this:
You can use a custom Host Integrity policy to check to see if the machine in question is part of your AD Domain.
This information is stored in the registry, and you need to craft a custom policy to look at the following registry key. Have the policy fail if it does not match the following key:
Would you like to reply?
Login or Register to post your comment.