ExtremeCloud IQ- Site Engine & Extreme Management Center

Expand all | Collapse all

NAC Agent-based assessment: Service State Check

  • 1.  NAC Agent-based assessment: Service State Check

    Posted 05-30-2017 19:24
    Hi guys,

    I have a NAC customer (full former-Enterasys solution deployed) with issues on users connecting their laptops to the wired network onsite (and being assessed by NAC) and enabling Windows Internet Connection Sharing to allow the user's smartphones to connect to the Internet using the laptop's wireless (this is not allowed by the company's policy, but employees don't care, and we are on Brazil).

    The customer could simply disable the ICS service using a GPO, but these users travel with the laptops and should be allowed to share the internet connection only outside of the company sites.

    Taking a look at the assessment tests, we can check a Service State. In the NAC Manager Help it states:

    Service Name The name of the service you are checking for. You must specify the actual service name. To see the names of running services you can run tasklist /SVC from a command prompt. This command will show the registered names of the services and not the alias names that may be shown in the Windows Administrative Services UI.

    I took a look at the tasklist command and got the following info:

    It's not completly clear to me, but this means that I need to fill the "Service Name" field in NAC Manager test as "svchost.exe" and not "SharedAccess" (ICS)? If this is correct, I can't use this test, because svchost.exe is runs many other needed processes...

    In other hand, if we could use the "Services" info and fill the field with "SharedAccess" we should be fine...

    Any idea?

    Best regards,


  • 2.  RE: NAC Agent-based assessment: Service State Check

    Posted 06-05-2017 10:44
    Hello Leonardo,

    What version of NetSight, NAC and the Agent are you currently running?

    I was able to get the test set to identify the service running by the service name of "SharedAccess". I was testing on a Windows 10 PC.

    If that image is too small here is a link:

    If this doesn't work, or if you can't get this to work on other windows platforms it looks like there is a registry value is the H_KEY/LOCAL_COMPUTER directory, however it looks like the location is different based on OS:





    They all had different places where this could potentially be checked in a registry value.

    Let me know if you have the same results with the service state check.