Recently i was trying to create a custom endpoint policy and was trying to find some online resources. I realized that this topic has not been covered in much detail online or within the product documentation. So, let’s see what we can gather here.
Endpoint policies are required to determine that the Endpoint client machine meets the minimum set of requirements configured by the administrator. There are so many out-of-box Endpoint policies which you may use to determine which clients should and which shouldn’t connect to your portal. You can also use these Endpoint policies to restrict access to the applications published through the UAG portal.
You may create your own VBScripts to determine the state of the machine and then use it for restricting or allowing access to the portal and the applications published through UAG. That’s what we will see below.
To start creating the VBScript, you first need to determine what do you want to check on the client machine and how would you use it. You can do all kinds of crazy things like determining processor Architecture, reading a secret registry key or reading a specific file to make sure it’s a right machine.
Below is an example WMI script which to determine the physical Architecture (x86 or x64) of the machine.
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\" & strComputer & "rootcimv2")
Set colSettings = objWMIService.ExecQuery("Select * from Win32_Processor")
For Each objOperatingSystem in colSettings
objOperatingSystem.Architecture
Next
To make it work with your scenario, find out which WMI class to gather that information from. Check WMI classes at http://msdn.microsoft.com/en-us/library/aa394084(VS.85).aspx and figure out the property you would like to use.
In the example above I am using the Win32_Processor WMI class to get the value for the property “Architecture”. You may similarly gather the information for any WMI class and supported property of that class.
Your VBScript should something similar to the below example script
You have to use the Results(“YourVariable”) to a Boolean value (True or False) or to a specific value (For data gathering). This is used to create the Endpoint policies.
Once you are done with the script then save it under the /InternalSite/CustomUpdate folder
Then, Copy the Detect.inc file from the /InternalSite/Samples directory and paste it in /InternalSite/Inc/CustomUpdate Folder. Rename the file in the format as <PortalName><0 or 1>Detect.inc
Edit the <PortalName><0 or 1>Detect.inc file and replace the YourFilename.vbs to your actual VBScript file you created above. The file after editing will look as below
<%
g_ScriptList(“/InternalSite/CustomUpdate/<YourScript.vbs>”) = true
%>
Copy PolicyTemplate.xml and PolicyDefinations.xml from /von/Conf to
von/conf/CustomUpdate/
Edit the PolicyTemplate.xml as mentioned at http://www.ssl-vpn.de/wiki/Developing%20your%20own%20detection%20scripts.ashx
Edit the PolicyDefinations.xml as shown in http://blogs.technet.com/blogfiles/amolrb/WindowsLiveWriter/CreatingCustomendpointdetectionpolicyand_E17C/image_12.png
Make the necessary changes in the files as shown in http://blogs.technet.com/amolrb/archive/2009/07/03/creating-custom-endpoint-detection-policy-and-script-for-iag.aspx
At this time you should be able to gather the information in the Endpoint Parameters. We are yet check the endpoint based on to this policy
** Check the "Test" variable which is being set by the script shown above**
Now, you are ready to use this endpoint policy for checking the client machines
The script could be a simple one as shown above or you may have more complex scripts as well depending on what you would like to do.
Cheers !!