70-28
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 70 Configuring Dynamic Access Policies
Configuring Endpoint Attributes Used in DAPs
The endpoint ID process information is displayed below the list box.
Step 4 Click OK.
Step 5 Return to Configuring Dynamic Access Policies, page 70-10.
Additional References
See Endpoint Attribute Definitions, page 70-29 for additional information on the Process endpoint
attribute requirements.
Adding a Registry Endpoint Attribute to a DAP
Prerequisites
• Configuring Process endpoint attributes as selection criteria for DAP records is part of a larger
process. Read Configuring Dynamic Access Policies, page 70-10 before you configure Personal
Firewall endpoint attributes.
• Before configuring a Registry endpoint attribute, define the registry key for which you want to scan
in the Host Scan window for Cisco Secure Desktop. In ASDM select Configuration > Remote
Access VPN > Secure Desktop Manager > Host Scan. Click Help on that page for more
information.
Guidelines
• You can only scan for registry endpoint attributes on Windows operating systems.
• You can create multiple instances of each type of endpoint attribute. For each of these types, you
need to decide whether the DAP policy should require that the user have all instances of a type
(Match all = AND) or only one of them (Match Any = OR).
To set this value, after you have defined all instances of the endpoint attribute, click the Logical Op.
button and select the Match Any or Match All button. If you do not specify a Logical Operation,
Match All is used by default.
Detailed Steps
Step 1 In the Endpoint Attribute Type list box, select Registry.
Step 2 Click the appropriate Exists or Does not exist button to indicate whether the Registry endpoint attribute
and its accompanying qualifiers (fields below the Exists and Does not exist buttons) should be present
or not.
Step 3 In the Endpoint ID list box, choose from the drop-down list the endpoint ID that equates to the registry
entry for which you want to scan.
The registry information is displayed below the Endpoint ID list box.
Step 4 Check the Value checkbox and set the operation field to be equal to (=) or not equal to (!=).
Step 5 In the first Value list box, identify the registry key as a dword or a string.
Step 6 In the second Value operation list box, enter the value of the resgistry key you are scanning for.