Walt, There are only 3 groups. Let's break my rule down:
(pc_vista64)| [64-bit] or ( (pc_Windows-Vista-SP1|pc_Windows-Vista-SP1-int)& [SP1] and (MS08-067_Vista_SP1))| or (MS08-067_Vista) [non-SP1] Any SP1 user would get caught by "(pc_Windows-Vista-SP1|pc_Windows-Vista-SP1-int)", wouldn't they? Your rule should work too. Bruce From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Walt Howd Sent: Tuesday, October 28, 2008 9:24 AM To: [email protected] Subject: Re: [CLEANACCESS] kb 958644 Bruce, With this current syntax is it possible that Vista SP1 boxes that do not have the patch would have a netapi32.dll that is higher then 6.0.6000.16763 but not as high as the patched version? I wrote the rule as follows: (pc_vista64)|((pc_Windows-Vista-SP1|pc_Windows-Vista-SP1-int)&(MS08-067_Vista_SP1))|((!pc_Windows-Vista-SP1)&(!pc_Windows-Vista-SP1-int)&(MS08-067_Vista)) Walt On Oct 28, 2008, at 6:57 AM, Osborne, Bruce W. (NS) wrote: Todd, Yes, I posted my checks & rules last night. You need to check Vista & Vista SP1 separately. Here is the information: MS08-067_Vista: SYSTEM32\netapi.dll later than 6.0.6000.16763 MS08-076_Vista_SP1: SYSTEM32\ netapi.dll later than 6.0.6001.18156 MS08-067_Vista-rule: (pc_vista64)|((pc_Windows-Vista-SP1|pc_Windows-Vista-SP1-int)&(MS08-067_Vista_SP1))|(MS08-067_Vista) In other words, Vista 64-bit passes. If you pass either SP1 check, you need > 6.0.6001.18156 Otherwise you need > 6.0.6000.16763 This seems to be working for me here. I am using the registry check for XP. Bruce Osborne Liberty University From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Todd Joyce Sent: Tuesday, October 28, 2008 7:48 AM To: [email protected]<mailto:[email protected]> Subject: [CLEANACCESS] kb 958644 Has anyone figured out a way to check Vista for last weeks patch? I have tried file version but I have been unable to get it to work We have figured out how to force XP users with a registry check and file distribution. We feel like we should be PROACTIVE like Microsoft and get everyone patched by any means necessary before a Blaster happens to our campus. todd Radford University -- Todd Joyce [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> Pain is the precursor of change
