Re: host checker after login

lapluk_ · ‎02-09-2012

Hi,

how i can configure host checker to check antivirous after login, not before?

thanks

kanorro_ · ‎02-09-2012

Yes you can do it in USER ROLES->(ROLE)->GENERAL->RESTRICTIONS->HOSTCHECKER

muttbarker_ · ‎02-09-2012

Make sure you enable host check at the realm level also - just don't enforce.

kenlars_ · ‎02-09-2012

You can also use the result of Host Checker policy evaluation in role-mapping rules in the realm. So, if the user passes a specific Host Checker policy (or some combination of policies), you could assign them to a more "open" role. Don't pass the policy, and yet get assigned to a role with only (say) Outlook Web Access.

Ken

muttbarker_ · ‎02-09-2012

Ken - nice addition to the the thread! One of the great benefits of host check that most people don't consider.

lapluk_ · ‎02-10-2012

hi,

i can't find it under USER ROLES->(ROLE)->GENERAL->RESTRICTIONS->HOSTCHECKER

what is the name of this option?

muttbarker_ · ‎02-10-2012

What option are you looking for? Are you refering to Ken's comment on using host check to assign roles? If that is what you are asking about it is not an option.

If you want to do that you go must enforce host check at the realm level. Then under realms / role mapping - you would create a role mapping rule based on a "custom expression" - You would create an expression of your own that would assign the role based on that value.

lapluk_ · ‎02-13-2012

nope am still looking for way to configure it in the way that first user will need to provide username and pwd and then host checker will check pc

kenlars_ · ‎02-13-2012

My configuration works the way you want yours to. Here is how it is set up -

Host checker policies are defined
At Realm - Authentication Policies - Host Checker, I have checked "Evaluate Policies" for each policy I want evaluated when a user logs in
I then use the "hostCheckerPolicy" in expressions used in role-mapping rules.

For example, if you defined a policy called "Antivirus" which passed if your antivirus was working correctly, you would check "Evaluate Policies" to the left of "Antivirus" on the Authentication Policies - Host Checker page for the realm, and then could define an expression like

hostCheckerPolicy = "Antivirus"

This expression will be true if the Antivirus policy passed when Host Checker ran. I actually define mine as

hostCheckerPolicy != "Antivirus"

and then use that policy to assign the user to a role which tells them (via the welcome message) that their antivirus does not meet standards, and which displays a bookmark which the user can click on for remediation help.

You could also use the Host Checker restrictions on the role. I have never done that, so I don't know what type of experience that affords the end user.

Hope this is helpful.

Ken

zanyterp_ · ‎02-29-2012

Host Checker must always run in some form on the realm; enforcement is at the role for what you are doing.

Users>Realms>realmName>Authentication Policy>Host Checker for checking at the realm for enforcement later
Users>Roles>roleNane>General>Restrictions>Host Checker for enforcing at the role
You can also use the realm-evaluated policies for resource policies/enforcement