Configuring Asset Management › Collection Modules › Device Compliance Scanner (DCS) › Configure the Scanner › Modify Windows Firewall Settings

Modify Windows Firewall Settings

You must modify certain firewall settings on FDCC-compliant Windows XP and Windows 7 computers to ensure that Client Automation functions properly.

Follow these steps:

1. Click Start, Run, and enter gpedit.msc at the Run prompt.
2. In the Local Group Policy Editor window, locate the policies on the following path: Computer Configuration, Administrative Templates, Network, Network Connections, Windows Firewall, Standard Profile.
3. Change the Windows Firewall: Do not allow exceptions policy setting to Disabled.
   • Change the Windows Firewall: Allow local port exceptions policy setting to Enabled. Add the following ports to the exception ports on the firewall:
     • TCP port 4105
     • UDP port 4104
     • TCP port 4728

   The internal communications mechanisms of the Client Automation product use the ports described here. Client Automation cannot operate unless these ports can be accessed. Without access agents are unable to contact their manager or report inventory or status. Also, control messages cannot be passed from the manager to the agent. Communications over these ports is securely encrypted and managed by the Client Automation product; Client Automation Release 12.9 uses FIPS-compliant encryption.

Configure the Collection of Test Result Files

Typically, the FDCC inventory detection modules do not require further configuration, other than the configuration to collect test result files. The XCCDF and OVAL test result files are stored in a subdirectory under the Asset Management agent's working directory. To collect these files after the scan and store them centrally in the domain manager, configure the DCS inventory detection modules to enable the automatic collection of the result files.

Note: To configure other parameters in the inventory detection module, see the description of each parameter in the Creating Inventory Detection Modules for Additional Checklists section.

To configure the collection of test result files

1. Navigate to Control Panel, Configuration, Inventory Detection Modules.

   The new DCS inventory detection modules appear with the other inventory detection modules.

2. Double-click the inventory detection module you want to configure.

   The Properties for Module Name dialog appears.

3. Click the Launch button on the Configuration tab.

   The SCAP Configuration dialog appears with the default configuration.

4. Select the following check boxes in the General tab:
   • Collect XCCDF Result File
   • Collect OVAL Result Files

   Note: The OVAL test result files are often around 10MB. If you do not have specific reasons for storing them on the domain manager, you can collect only the XCCDF result files.

5. Click OK.

   When the collect task runs again, the engine collects the test result files and stores it on the domain manager.

   Note: The result files are signed with a digital signature to prevent data tampering between the agent and the manager. If the manager is unable to verify the signature, an event is raised and logged in the default event log.

More information:

Modify the Result File Location

Modify the Result File Location

When you configure the collection of SCAP result files from the agent, the result files are, by default, stored under the ITCM_installpath\SCAP_Result_Files directory in the domain manager. You can modify the result file location if necessary.

To modify the result file location, change the configuration policy setting SCAP Result File Location under Default Computer Policy, DSM, Manager, Asset Management. When the collect task runs next time, the engine will collect the test result files and store them in the directory specified.