I am unable to get remediation commands to properly function. What I want to do is create a check that mimics the native McAfee Screensaver Checks. The only difference is that I want them to check a different location in the registry as compared to the native McAfee Screensaver Checks.
The native native McAfee Screensaver Checks are as follows:
Screen Saver to be used - HKEY_USERS\.Default
Screen Saver timeout - HKEY_USERS\.Default
Screen Saver is secure - HKEY_USERS\.Default
I have tried creating my own checks to mimic the above native McAfee Checks with the exception of looking in a different registry location. The location is as follows:
Following are the details of the check that I manually created for Screen Saver to be used:
Registry Hive: The hive that the registry key belongs to. This is restricted to a specific set of values:
Registry Value Name: The name of a registry value within the specified registry key.
equals HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop
Registry Key Path: The registry key to be tested. Note that the hive portion of the string should not be included, as this data should be selected in the hive parameter. If the operation selected is equals, the Registry Key Path should be the exact path to the registry key. For example: 'Software\TestParentKey\TestSubKey'. If the operation selected is pattern match, a basic regular expression should be used. For example: '^SOFTWARE\\SampleSoftwareVendor\\SampleSoftwareProduct\\[0-9]+\.0\\Common' could be used to detect the 'Common' key in a specific version of a software product.
equals Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE
optional:Registry Value Data: The expected registry value's data for the registry key(s) specified in the check.
optional:Registry Value Type: The expected registry type associated with the specified registry value(s).
The reason I want to look in this location is because this is the location that Group Policy places our screen saver.
After creating my own check, I want to add remediation commands to add the Keys and Values to the aforementioned registry location if they do not exist. The remediation command I used for Screen Saver to be used is as follows:
/C Reg.EXE ADD "HKEY_CURRENT_USERS\Software\Policies\Microsoft\Windows\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d "C:\Windows\system32\scrnsave.scr" /f
I have tried changing the case of the parameters in the event that anything was case sensitive. I have also tried adding and removing the quotations around each of the path variables. The remediation commands that I have used work perfectly from the command line, however they will not work via MNAC.
Unfortunately, there is no way for me to reference a native McAfee Check to see what I may be doing wrong because the native Checks are not editable. Any advice would be greatly appreciated.
Message was edited by: eguhlin on 5/9/11 10:10:25 AM CDT