Operating system parameters - Windows
The table below contains an alphabetical list of possible Configuration Parameters that can be used when setting up scans for Windows. A subset of these parameters is available for each version of this operating system.
Default parameter values are entered and updated automatically by the scheduled Auto-Def Updates. If the values have been manually edited, the Auto-Def Updates will not override those changes. |
Settings
Parameter |
Description |
||||
Allowed Editions |
Select the allowed editions. Options are Home Basic, Home Premium, Business, Enterprise, Ultimate, and Starter. |
||||
Critical / Security Updates Label |
The Critical / Security Updates Label that displays on the results page. |
||||
Critical / Security Updates Web Address |
The URL for the web page where Windows-Server-2008 Critical / Security Updates information can be located and downloaded. Supply a local or Internet URL to display in the Failed Policy Results window if the host fails the scan. |
||||
Custom Scans |
Any custom scans that have been created are shown. |
||||
Disable Bridging |
When selected, disables bridging on the host. |
||||
Disable Internet |
When selected Internet Connection Sharing is disabled on the host. |
||||
Edition Label |
Enter a label. This label appears in the Results page information to identify which scan the host failed. |
||||
Edition Web Address |
The URL for the web page where the specific edition information can be located and downloaded. Supply a local or Internet URL to display in the Failed Policy Results window if the host fails the scan. |
||||
Enable Automatic Updates |
See the enable automatic updates parameters table below. |
||||
Enable Windows |
When selected, the Windows Firewall is enabled. |
||||
Force DHCP |
Requires write access to the registry if done through the .
|
||||
Label |
Enter a label. This label appears in the Results page information to identify which scan the host failed.
|
||||
Prohibit Home Edition |
When selected, prohibits Windows-XP Home Edition. |
||||
Require All Critical Updates |
When selected, all Critical Updates are required for the host. |
||||
Require Critical Updates |
When selected, Require Critical Updates must be enabled on the host. |
||||
|
|||||
Require Security Updates |
When selected will Require Security Updates to be enabled on the host. |
||||
Require Service Pack |
When the checkbox labeled "Require Service Pack" is selected a text field displays. Enter the numeric value for the Service Pack Level. |
||||
SCCM Evaluation Label |
The SCCM Evaluation label that is displayed in scan results to indicate that the SCCM Evaluation was triggered for the host. |
||||
Service Pack Label |
The Service Pack Label that displays on the results page. |
||||
Service Pack Level |
The required Service Pack Level. Enter the numeric value. Select the Operator to apply to the definition value found on the host: greater than, equal to, or both. |
||||
Service Pack Web Address |
URL for the web page where Service Pack information can be located and downloaded. Supply either a local or Internet URL. This URL is displayed in the Failed Policy Results window if the host fails the scan. |
||||
Trigger SCCM Evaluation |
When selected, an upgrade is forced on the host from the SCCM controller. This ensures all hosts on the network are up-to-date. No error is generated within FortiNAC. See the SCCM controller for failure details.
|
||||
Edition Label |
The Updates Label that displays on the results page. |
||||
Validate Edition |
When enabled, only those editions of Windows that are selected in FortiNAC Manager are permitted. When disabled, all/any edition of the selected Windows operating systems will be allowed, such as Windows Vista N or Windows Vista K. |
||||
Web Address |
The URL for the web page where Windows operating system information can be located and downloaded. Supply either a local or Internet URL. This URL is displayed in the Failed Policy Results window if the host fails the scan. |
Enable automatic updates parameters
When this option is checked for the selected operating system, it enables Automatic Updates on the host by modifying the registry. Additional configuration options appear once the box is selected. Use CAUTION when changing any of the Auto Update Settings. It is recommended that you are familiar with these options before you make any changes.
Parameter |
Description |
||
---|---|---|---|
Auto Update Web Address |
Web address used for Windows update. The default is sma/windowsupdates.jsp. |
||
Apply as a Policy |
Select True or False. Default = True. If this option is enabled, users of hosts running the selected version of Windows can no longer set Windows Update Parameters for their own hosts. Registry keys for those settings are set by FortiNAC Manager and are locked. Changing this option to False does not remove the lock from the registry keys. The keys must be deleted to restore user access to Windows Update settings. Keys are as follows:
|
||
RescheduleWaitTime |
Time to wait between the time Automatic Updates starts and the time it begins installations, where the scheduled times have passed. The time is set in minutes from 1 to 60, representing 1 minute to 60 minutes).
|
||
NoAuto |
Select True or False. Default = False. If set to true, Automatic Updates does not automatically restart a computer while users are logged on. This setting affects host behavior after the hosts have updated to the SUS SP1 host version or later. |
||
NoAutoUpdate |
0 = Automatic Updates is enabled. 1 = Automatic Updates is disabled. Default = 0 |
||
AUOptions |
1 = Keep my computer up to date has been disabled in Automatic Updates. 2 = Notify of download and installation. 3 =Automatically download and notify of installation. 4 = Automatically download and schedule installation. |
||
AUState |
0 = Initial 24-hour timeout (Automatic Updates doesn't run until 24 hours after it first detects an Internet connection.) 1 = Waiting for the user to run Automatic Updates 2 = Detection pending 3 = Download pending (Automatic Updates is waiting for the user to accept the pre-downloaded prompt.) 4 = Download in progress 5 = Install pending 6 = Install complete 7 = Disabled 8 = Reboot pending (Updates that require a reboot were installed, but the reboot was declined. Automatic Updates will not do anything until this value is cleared and a reboot occurs.) |
||
ScheduledInstallDay |
0 = Every day. 1 - 7 = The days of the week from Sunday (1) to Saturday (7). |
||
ScheduledInstallTime |
The time of day in a 24-hour format (0-23). |
||
UseWUServer |
Select True or False Use or not use a server that is running Software Update Services instead of Windows Update. |
||
WUServer |
http://<server> This value sets the SUS server by HTTP name (for example, http://IntranetSUS). |
||
WUStatusServer |
http://<server> This value sets the SUS statistics server by HTTP name (for example, http://IntranetSUS). |
If you configure the scan to enable Automatic Updates and an error occurs (for example, a network or permission error) so that the scan cannot perform the update, then the scan might fail. |