IBM Tivoli and Cisco manual Checking for Windows XP firewall forced off

￿VALUE equal to InstallDirectory.

￿NO_KEY_RULE equal to FAIL.

￿NO_VALUE_RULE equal to FAIL.

￿Since you do not care about the actual value, but only of its existence, the VALUE_DATA_RULES must be set to:

*;PASS

￿If any of the three checks fail you want to have the same remediation workflow kicked off, so specify the same value for all three workflow parameters, for example, TCRZLSoftwareInstalled.

This example will pass only if the value InstallDirectory under key

HKEY_LOCAL_MACHINE\SOFTWARE\Zone Labs\ZoneAlarm is set. If it is not set, the TCRZLSoftwareInstalled workflow will be set for remediation with different parameters depending on which part of the check was missing.

Checking for Windows XP firewall forced off

In order to check whether the Windows XP Firewall is not forced off the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\Sta ndardProfile must have the value EnableFirewall set to something else then 0 or not set at all. To conduct this check you must provide the following parameters:

￿KEY equal to

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\ StandardProfile.

￿VALUE equal to EnableFirewall.

￿NO_KEY_RULE equal to PASS.

￿NO_VALUE_RULE equal to PASS.

￿VALUE_DATA_RULES need to be set to = 0;FAIL.

￿DEFAULT_RULE equal to PASS.

￿Since you need the remediation only in case the value exists and is set to 0 you must specify only one workflow parameter VALUE_DATA_WF to, for example, TCRFirewallForcedOff.

176Building a Network Access Control Solution with IBM Tivoli and Cisco Systems