Network Access Control

Can SNAC custom requirement support the use of wildcards? I want to monitor a registry string called “DhcpIPAddress” inside the subkeys {ID of Adapter} that is unique to each machine, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ID of Adapter} If that string value contains a value of 41.* ,where it represents an IP of lets say 41.x.x.x, it should fail host integrity.

Not supported today, and does not work as you know.

However, have you tried using the location awareness ability to determine location and monitor IP addressing instead of a reg key? Location awareness can do IP ranges and subnets....

what are you tryin to accompish at a higher level?

Hey Josh,

Sorry for coming back to you so late..

What i would like to accomplish is to prevent users from bridging the network. When i say this I mean, a user have his corporate network connection active, then he connects his personal HTC, iPhone Nokia or Huawei modem or Wireless network to his pc and connect to the internet using that. If more than one connection is active at any given time it need to put the user into a quarantine network where we will prevent them reaching any subnet except the local corporate network by using a firewall policy. The 41.x.x.x IP is assigend by our local mobilel carriers if you connect to the internet via a mobile device.

Hope this helps.

Hi,

Any help on this issue or a solution would be appreciated.

Thanks
Hendrik

Chapter 5 (pg79 -88) talks about Managing a groups locations.   You can setup a location that triggers if the the clients IP address changes to the 41.x.x.x IP range. 

ftp://ftp.entsupport.symantec.com/pub/support/documentation/Administration_Guide_SEP11.0.6.pdf