Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Host Checker to check remote machines for domain membership? How?

Dan_mm_
Not applicable
‎02-24-2009 04:47:PM
‎02-24-2009 04:47:PM

Host Checker to check remote machines for domain membership? How?

Hello all!

I am happy to join th Juniper SSL community.

I have a question on Host Checker. How do i best create a policy that will check if a given machine is a member of a company domain? We want to create different roles for people who login with company issues machines (domain members) and people who login from non-compny issued machines.

How do i this when it comes to Host Checker policy? Do i look for specific registry key on the remote machines? If so, what am i looking for? Let's say the domain name is ... "acmegizmo"

Btw, i am running IVE 6.3.

Thank you!

0 Kudos
7 REPLIES 7
racetiger_
Occasional Contributor
‎02-25-2009 12:14:AM
‎02-25-2009 12:14:AM

Re: Host Checker to check remote machines for domain membership? How?

Hey,

Best would be to use client certificates but if you settle for checking the registry you can read the domain name from

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain

It contains the FQDN as a string, e.g. "redmond.corp.microsoft.com"

Might be other places as well but this is the one I use.

/mk

0 Kudos
Mrkool_
Super Contributor
‎02-25-2009 02:08:PM
‎02-25-2009 02:08:PM

Re: Host Checker to check remote machines for domain membership? How?

I recommend using "Domain" or "NV Domain" located in "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" instead. This should always be the machines FQDN (goldlnk.rootlnka.net).

0 Kudos
NWS_
Occasional Contributor
‎03-05-2009 04:59:AM
‎03-05-2009 04:59:AM

Re: Host Checker to check remote machines for domain membership? How?

if you want make sure the user logged in is a domain user, not a local user, check:

For XP: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultDomainName

For Vista: HKEY_CURRENT_USER\Volatile Environment\USERDOMAIN

0 Kudos
DeaconZ_
Frequent Contributor
‎03-12-2009 08:52:AM
‎03-12-2009 08:52:AM

Re: Host Checker to check remote machines for domain membership? How?

I use this HKLM\Software\Microsoft\Windows\CurrentVersion\Telephony\DomainName

But I only check to make sure its a domain computer. I don't check users.

0 Kudos
HB_
Occasional Contributor
‎03-16-2009 08:11:AM
‎03-16-2009 08:11:AM

Re: Host Checker to check remote machines for domain membership? How?

How about HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CachePrimaryDomain
0 Kudos
Junspert_
Not applicable
‎02-05-2013 06:44:AM
‎02-05-2013 06:44:AM

Re: Host Checker to check remote machines for domain membership? How?

Whats to stop a user from manually adding this to the registry if they are not part of the domain?

0 Kudos
zanyterp_
Respected Contributor
‎02-06-2013 10:24:PM
‎02-06-2013 10:24:PM

Re: Host Checker to check remote machines for domain membership? How?

nothing, unless there are policies on the pc that do not allow registry modification.

if you don't show reason strings, users will not know the failure reason

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.