How can I do an endpoint analysis to scan for two different domain memberships?

0 votes
asked Nov 17, 2016 by Gatorscott (620 points)

We have a multi microsoft domain environment.  I need to configure an EPA pre-auth scan that checks for the existence of domainA OR domainB.  I haven't been able to figure it out using OR statements.  I am able to successfully scan for a single domain using:

LIENT.REG('HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters_Domain').VALUE== example.net

However, trying to add a second is beyond me... I couldn't get it to work using OPSWAT either.

Any ideas? 

Thanks!

1 Answer

+1 vote
answered Nov 22, 2016 by SuperZ82 (640 points)

I would configure it like this;

Pre-Auth Policy

  • Request Action  = Allow
  • Expression = CLIENT.SYSTEM(DOMAIN_SUFFIX_anyof_DomainA,DomainB[COMMENT: Domain check]) EXISTS
See if that works and let me know.
...