Subtitles of the Movie

And once we do that we're are taken back to the Citrix Scans for Domain membership and now we actually have a scan that's defined over here and if we expand the Citrix Scans for Domain Membership and we choose Check Windows 2K, XP to K3 for VTC Training Domain Membership here is our one rule. Again we can expand this further, choose our one rule and if we click this Properties Link or we drop down the top when we choose Properties we can actually see this rule is valid for 2000 XP and 2003 if you're using the Sample Logon Point. Client Device Domain Name is required and this is the Domain Name that is expected. With the way this rule is configured, if your Workstation is a member of the VTC Training Domain you will pass this check and return True to the Filter Policy. If you are not a member of this domain you'll return False and depending on how the filter is set up it could be set to only collect this information or it could be set to, deny access if your not a member of this Domain. Now admittedly this is a fairly simple scan. Let's move on to something a little more complex. I have set up under scans for Internet Explorer, I have check for IE Version Scan and underneath this one scan I have a Single Scan Rule set up. In this case it checks Windows XP and Windows 2003 to see if you're running at least IE 7. Now obviously if you have Windows 2000 clients' accessing this particular Logon Point, IE 7 is not supported on Windows 2000. But you want to make sure they at least have IE 6. You could go an modify this rule but then again you would be checking for a lesser version then the latest supported on XP and 2003. What to do? In this case we will add another Scan Rule. So we will say Create Rule and we will name this IE 6 Check. We'll choose Windows 2000 as the operating system, we're going to use the Sample Logon Point and we're going to say for Windows 2000 Clients the minimum required version is 6.0. Now you have a little bit more of a robust rule. You have an IE Version check that makes sure you're using the latest version of Internet Explorer for the particular platform you're accessing it with. Whether that be 2000, XP or 2003. You could expand this further and get the latest versions for ME and NT 4 and Windows 98, but really if you have people trying back to access you're Logon Points where those operating systems, you've got other problems. The way the Filter Policies are set up, you can take this single scan and apply it to a filter and no matter what operating system you are running, whatever rule applies to it are the rules that runs. You could have 30 rules inside this Single Scan Package, some of them for 2000, some of them for XP, etcand only the ones that are specific for that operating system will run. Neat huh? Now you might be asking yourself exactly what do these Scan Packages return? You can get this information from the Access Management Console as well, simply by selecting a Scan Package, in this case Citrix Scans were Internet Explorer and you can drop down this drop down box up here and choose Properties. Now you have the Scan Output. If this scan is run on a Windows Workstation you will get 3 pieces of information back from this scan. You'll get one piece of information back which is the actual version that's installed on the WorkStation. You'll also get two other Boolean values back which are True or False, saying is the version that you're looking for installed, if it is, Yes or No and is the version you're looking for connected to the Logon Point for this Logon Session. Again its best to check all three of these in your filter, check to make sure that the version is what you're looking for as well as does verification say that it is true and then also to check the connected Property as well, to make sure that they are not using Firefox or Safari. Because just because it's installed and just because it's the correct version doesn't necessarily mean that's what their using to connect. And again you can filter this based upon the Filter Policies that we'll get to elsewhere in the course. Not every Scan Package is this complex, for example we have Citrix Scans for Windows Security Center Antivirus and all it does is to see whether Antivirus is enabled in the Windows XP Security and it returns True or False and that's really all there is to it. When you set this rule up, you simply tell it to run on Windows XP, run on the specified Logon Point and there you have it. Now there are ways to chain these Scan Rules so that if a prerequisite scan fails you don't bother running all of the additional scans and that's an advanced topic that we'll get to elsewhere in the course. But for the time being this concludes our discussion on Endpoint Analysis Scan Rules.