Is there a way that the SA-4000 w/ SAM can perform some kind of network access protection or remediation with regards to Windows patches?
Perhaps the hostchecker can look somehow to see if patches are missing and if so, it can take the user to a remedial network/webpage to fix the problem?
I know Windows 2008 has this capability built in when you use it as a VPN with NAP. What about Juniper?
OS 6.0R5 (Build 13073)
Understood, so in that case you would need to set a rule for host checker to look for the particular patch, and if not found, offer a remediation screen for the end user to download it and install. Of course thats a lot of manual maintenance.
Yeah I know. I don't have a choice though. There are national security risks involved.
Thanks for your help. I'm working on a HC rule that looks for the registry string for each windows patch.
I have never found a really good way to accomplish what you are trying without doing individual HC polices and redirecting the user to the patch with a custom remediation page.
I did add a comand to our NC start up scripts to force the clients to connect to the WSUS servers.
run "@lanroot\wuauclt.exe /resetauthorization /detectnow"
The 6.2 firmware now has a Shavlik scanner included in the HC policies and I am starting to look at it's functionality.
So I have the custom page pop up, but its this ugly yellow and I can only edit part of the message in html.
Is there a way to edit or make a whole different page than the one it gives you?