I’m trying to modify 2 exisitng baselines so that one is only directed at a particular subnet and the other at all other subnets except the one defined in the first baseline. I was using a relevance that looked for a particular environment setting and that XP was Service Pack 2. Now wanting to add in the subnet check. Here is what I have. I must have the verbage incorrect for the subnet piece - as it is not working properly. The other 2 pieces (env setting ans SP2) worked fine as a double relevance. Adding the third kills the entire check. Anyone know where I am going wrong? Thanks a ton.
Mike
Relevance - Must be in the 192.168.70.0 subnet
(value of variable “IMAGE” of environment contains “XPSP2”) AND (value “CSDVersion” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion” of registry = “Service Pack 2”) AND (subnet addresses whose (it as string = “192.168.70.0”) of ip interfaces whose (loopback of it = false) of network)
Relevance - Must NOT be in the 192.168.7.0 subnet
(value of variable “IMAGE” of environment contains “XPSP2”) AND (value “CSDVersion” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion” of registry = “Service Pack 2”) AND (subnet addresses whose (it as string != “192.168.70.0”) of ip interfaces whose (loopback of it = false) of network)
You are super close. You’re missing an ‘exists’ in front of ‘subnet addresses’ for your first version, and ‘not exists’ in the second version. In both versions you should use the = comparison instead of the != you are currently using in the second.
Also, instead of checking the service pack registry key, you can just use: csd version of operating system = “Service Pack 2” . Yours will work, but is a little less clear and will be a little slower.
Same is true for the XP image setting. You can just use: name of operating system = “WinXP” . Again, yours will work but will error on machines where the “IMAGE” variable doesn’t exist.
Here’s my final working version:
name of operating system = “WinXP” AND csd version of operating system = “Service Pack 2” AND (exists subnet addresses whose (it as string = “10.211.55.0”) of ip interfaces whose (loopback of it = false) of network)
You mention not using a ! for the second relevance. Don’t I want to say “not equal too 192.168.70.0” if I want all other subnets except that particular 70?
Do I need the ( ) at the begining and end for a baseline relevance? Something is off and I’m not getting the correct response.
(value of variable “IMAGE” of environment contains “XPSP2”) AND (name of operating system = “WinXP” AND csd version of operating system = “Service Pack 2”) AND (exists subnet addresses whose (it as string = “192.168.70.0”) of ip interfaces whose (loopback of it = false) of network)
No, you don’t need to enclose the whole thing in parenthesis.
On my machine the expression errors out because I don’t have the “IMAGE” environment variable. Everything else works fine though. I’m not sure the behavior you’re seeing, but I’d guess that some of the machines don’t have the expected “IMAGE” variable or the value is not “XPSP2”.
Ok, something is out of wack. Nothing stands out as being incorrect. Here is what this Baseline is trying to do.
Our PC image has an environment variable on it as IMAGE=XPS2. This is how we distinguish the Hospital’s base image over a couple of affilliates that use our BF system - but manage their own agents.
Most of our IT folk who do testing live on the 192.168.70.0 network. For these folks - I have my baseline display BES pop-ups that give them the option of canceling any componants of the baseline that would normally get slammed down.
With the below relevence - I am still getting some agents on other network segments to pop into this baseline. I decided to drop the OS check - as checking for the env variable and the OS fingerprint was doing relatively the same thing. Only the OS of XPSP2 will have that env variable anyway - so why double check. Does anything look out of place? It appears to all be in order. Thanks again for all the help.
value of variable “IMAGE” of environment contains “XPSP2” AND exists subnet addresses whose (it as string = “192.168.70.0”) of ip interfaces whose (loopback of it = false) of network
That looks correct to me. Are you sure that the machines you don’t expect to be relevant to the baseline do not have more than one subnet, of which one is 192.168.70.0?
Another possibility is that you had the baseline with less restrictive relevance originally and then updated it to be more restrictive. It’s possible that some of the machines haven’t come online to receive the new baseline and don’t realize they are not relevant anymore. You might try sending them a full refresh and see if that solves the problem.