 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 13 Nov 2007 16:17:49 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Mike,
All failed checks don't necessarily lead to the requirement failing. The
requirement is a logical statement that ORs and ANDs many different
individual checks.
In this case, it is OK that you failed SP1, because you have SP2
installed. So even though you failed the check, that won't cause you to
fail the requirement. Same goes for IE7 (you passed the IE6 check).
The one you are failing that is causing you to fail is
pc_KB923789_MS06-069_XP_SP2 so I'd focus on that. Check on your test
client. Does that registry key exist? If not, download that hotfix
manually and install. Does it pass then?
Nate
Wilusz, Mike wrote:
>
> Hope everyone has been well. Always watching this list for great
> insight. We’re moving forward on our NAC appliance setup and have
> gotten pretty far in the test. I’m hitting this problem though. We
> have a vanilla Windows XP SP2 computer as a corporate test client.
> When using the canned pr_XP_Hotfixes check that comes from Cisco (and
> is updated by Cisco going forward), the user always fail. It appears
> the failure is due to the user not having SP1 installed (the desktop
> is imaged from an XP SP2 instance), along with failing for KB923789
> (Adobe Flash update) and IE 7.0 not being installed. You can see the
> details below. Would this behavior be expected? I would assume there’s
> no need to check for SP1 if SP2 is installed, and requiring IE 7.0
> seems unnecessary. How is everyone here handling this? Do you create a
> custom rules using a tweaked version of pr_XP_Hotfixes, and thus have
> to update it every time Cisco updates the rule? I could tweak it and
> deal with the mess of sorting the logic of the Cisco rule (not their
> fault, there is a lot to check), but don’t want to do that if it’s not
> necessary.
>
> 1. *WSUS Updates* (/Optional/)
>
> o Passed Checks:
> pc_KB938829_MS07-046_XP
> pc_Windows-XP-SP2
> pc_HotFix908519_XP
> pc_HotFix904706_XP
> pc_KB908531_MS06-015_XP
> pc_KB932168_MS07-020_XP
> pc_KB920683_MS06-041_XP
> pc_MDAC_28_SP1
> pc_KB914388_MS06-036_XP
> pc_KB935840_MS07-031_XP
> pc_KB930178_MS07-021_XP
> pc_HotFix901214_XP
> pc_KB917344_MS06-023_XP
> pc_IE6_0
> pc_Flash_6r79_Registered_LC
> pc_Flash_6_0_79
> pc_KB923191_MS06-057_XP
> pc_KB935839_MS07-035_XP
> pc_KB921503_MS07-043_XP
> pc_KB938127_MS07-050_XP_SP2_IE6
> pc_KB939653_MS07-057_XP_SP2_IE6
> pc_MSXML3_MS07-042
> pc_KB925902_MS07-017_XP
> pc_KB928843_MS07-008_XP_SP2
> pc_HotFix896358_XP
> pc_KB927779_MS07-009_XP_SP2_MDAC_28SP1
> pc_KB931261_MS07-019_XP
> pc_KB920213_MS06-068_XP_SP2
>
> o Failed Checks:
> pc_Windows-XP-SP1, Registry Check
> [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\CSDVersion contains Service Pack 1]
> pc_KB923789_MS06-069_XP_SP2, Registry Check
> [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
> Components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}\ exists ]
> pc_IE7_0, Registry Check
> [\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version
> starts with 7.0]
>
> o Not executed Checks:
> pc_MSXML4_MS07-042
> pc_HotFix896423_XP
> pc_KB918439_MS06-022_XP_SP2
> pc_KB921883_MS06-040_XP
> pc_KB913433_MS06-020_XP_9x_Flash
> pc_KB918899_MS06-042_XP_SP1_2K_IE6
> pc_HotFix902400_XP
> pc_MSXML5_MS07-042
> pc_KB918439_MS06-022_XP_SP1_IE6
> pc_MSXML6_MS07-042
> pc_Swflash_5_0_44
> pc_Flash_6r79_Registered_UC
> pc_KB918439_MS06-022_XP_SP2_JGDW
> pc_KB938127_MS07-050_XP_SP2_IE7
> pc_Swflash_4r28_5r44_Registered_LC
> pc_KB939653_MS07-057_XP_SP2_IE7
> pc_Swflash_4r28_5r44_Registered_UC
> pc_KB918439_MS06-022_XP_SP2_JGPL
>
> o Description:
>
> -Mike
>
|
|
|
