Filter
Top Products
Appendix A. Hints and tips 467
– Security Compliance Manager Client:
• Runs compliance validation. In this case, no violations are found, so set
semaphore to 1.
• No violations are found so return.
– User clicks Next button.
– NAC Appliance now finds Security Compliance Manager Client running
and semaphore=1, so admit client.
Scenario 4: post-admission, Security Compliance Manager not running,
compliant client
– This is a border case and is similar to scenario 2.
– This state can be reached if the user halts the Security Compliance
Manager Client after the client has already been admitted to the network
but the client is actually compliant.
– A potential solution would be a background process that is run by the
Windows Scheduler or Cron job to check whether the Security
Compliance Manager Client is running and start it if it is not running. This
would then bring the client to state #8.
Scenario 5 - pre-admission, Security Compliance Manager running,
noncompliant client
– This is the most normal case and is the one that gets demonstrated. It is a
subset of scenario 1.
– NAC Appliance detects that semaphore is not equal to 1.
i. Pops up Temporary Access window
ii. User clicks Update button
iii. Starts TSCMAgent.bat
– TSCMAgent.bat:
i. Sets semaphore to -1
ii. Starts Security Compliance Manager Client (if already running, this
step is redundant but not harmful)
iii. Runs statuscheck.exe
– Statuscheck.exe:
• Requests rescan from Security Compliance Manager Client
– Security Compliance Manager Client
• Runs compliance scan. In this case, violations are found and
semaphore does not equal 1, so leave semaphore unchanged.
• Since violations are found, run remediation handler