Network Security component uses IPsec policies for authentication and encryption of DirectAccess connections.
Network Security component uses IPsec policies for authentication and encryption of DirectAccess connections. Multiple policies can be applied to a computer simultaneously, each providing a different function. The result of all of these policies working together is a DirectAccess client that can securely communicate with the DirectAccess server and intranet servers.
Discovery of the Network Security component happens only if the machine is discovered as a DirectAccess server. Discovery happens when following event is generated: STATUS_IPSEC_DOSP_INSTALLED (Id.: 1020), Event Source: Microsoft-Windows-WFP, Event Log Channel: Microsoft-Windows-WFP/Operational.
Target | DirectAccess_Server_Class |
Enabled | True |
Remotable | False |
Discovered Classes and their attribuets: |
---|
ID | Module Type | TypeId | RunAs |
---|---|---|---|
eventDiscovery | DataSource | Network_Security_Discovery_Module | Default |
<Discovery ID="Network_Security_Discovery" Enabled="true" Target="DirectAccess_Server_Class" ConfirmDelivery="true" Remotable="true" Priority="Normal">
<Category>Custom</Category>
<DiscoveryTypes>
<DiscoveryClass TypeID="Network_Security_Class"/>
</DiscoveryTypes>
<DataSource ID="eventDiscovery" TypeID="Network_Security_Discovery_Module">
<Arguments>$MPElement$ $Target/Id$ $Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</Arguments>
<TargetComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</TargetComputerName>
<TimeoutSeconds>300</TimeoutSeconds>
<LogName>Microsoft-Windows-WFP/Operational</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>1020</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Microsoft-Windows-WFP</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</Discovery>