NAC Agent-based assessment: Service State Check

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
Hi guys,

I have a NAC customer (full former-Enterasys solution deployed) with issues on users connecting their laptops to the wired network onsite (and being assessed by NAC) and enabling Windows Internet Connection Sharing to allow the user's smartphones to connect to the Internet using the laptop's wireless (this is not allowed by the company's policy, but employees don't care, and we are on Brazil).

The customer could simply disable the ICS service using a GPO, but these users travel with the laptops and should be allowed to share the internet connection only outside of the company sites.

Taking a look at the assessment tests, we can check a Service State. In the NAC Manager Help it states:

Service Name The name of the service you are checking for. You must specify the actual service name. To see the names of running services you can run tasklist /SVC from a command prompt. This command will show the registered names of the services and not the alias names that may be shown in the Windows Administrative Services UI.

I took a look at the tasklist command and got the following info:



It's not completly clear to me, but this means that I need to fill the "Service Name" field in NAC Manager test as "svchost.exe" and not "SharedAccess" (ICS)? If this is correct, I can't use this test, because svchost.exe is runs many other needed processes...

In other hand, if we could use the "Services" info and fill the field with "SharedAccess" we should be fine...

Any idea?

Best regards,

-Leo
Photo of Leonardo Peixoto

Leonardo Peixoto

  • 2,722 Points 2k badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Yacobucci, Ryan

Yacobucci, Ryan, Multi-Tier Technical Support Engineer

  • 5,470 Points 5k badge 2x thumb
Hello Leonardo,

What version of NetSight, NAC and the Agent are you currently running?

I was able to get the test set to identify the service running by the service name of "SharedAccess". I was testing on a Windows 10 PC. 



If that image is too small here is a link: 
https://extremenetworks2com-my.sharepoint.com/personal/ryacobuc_extremenetworks_com/Documents/Shared...


If this doesn't work, or if you can't get this to work on other windows platforms it looks like there is a registry value is the H_KEY/LOCAL_COMPUTER directory, however it looks like the location is different based on OS: 
https://msdn.microsoft.com/en-us/library/ee494069.aspx

https://msdn.microsoft.com/en-us/library/ee495137.aspx


https://www.shadowsplace.net/1242/windows/internet-connection-sharing-has-been-disabled-by-the-netwo...

http://computerstepbystep.com/internet_connection_sharing_(ics)_service.html

http://www.pctools.com/guides/registry/detail/1257/

They all had different places where this could potentially be checked in a registry value.

Let me know if you have the same results with the service state check.

Thanks
-Ryan