(imported topic written by Corda)
Hello, a customer wants a fixlets that reads the domain policy on some endpoints
How I can I do?
Thanks
(imported comment written by Eric Walker)
Hi,
It’s possible, technically speaking, as there are inspectors that look at domain-related settings. But they are very dangerous to use in fixlets that have been deployed in the normal manner, because the system calls the inspectors use generate a lot of network traffic. With one host generating such traffic, things are fine. But when all of the endpoints in a deployment start generating such traffic, you start getting availability problems.
Eric
(imported comment written by Tim.Rice)
Since the Domain GPO Policies actually set Registry Keys locally on the computers, if all you want are inspectors, try looking at
http://msdn.microsoft.com/en-us/library/ms815238.aspx
and you should be able to create some retrieved properties from that.
(imported comment written by Eric Walker)
Very true. Many security checklist providers do this, and I think it’s a good way to go.
(imported comment written by Corda)
thanks for the tip