7 Replies Latest reply on Mar 21, 2016 11:21 AM by Bill Robinson

    Extended Object basic help

    Laurelyn Collins

      Is there a walkthrough or tutorial for getting started with Extended Objects?  I feel like I'm missing something very obvious because I don't have something like a cheat sheet to hand.


      What I need is to determine whether a Windows file share has been set up or not.  To that end, I have an Extended Object using as the script:

      wmic share get name, path /format:csv

      with the csv grammar file.


      I can live browse the server and see all the file shares, but when I run my compliance job, with a rule looking for this:

      "Extended Object Entry:MyExtendedObject"."Value1 as String (All OS)" contains "Foobar"

      -every server fails compliance although they have the Foobar share.


      Do I need to be retrieving the info differently or looping through the values in some way that I'm missing?




        • 1. Re: Extended Object basic help
          Bill Robinson

          you probably need to add a * or //** and loop.  so like:


          "Extended Object Entry:MyExtendedObject/*"."Value1 as String (All OS)" contains "Foobar"




          for each "Extended Object Entry:MyExtendedObject//**"

          "Value1 as String (All OS)" contains "Foobar"

          • 2. Re: Extended Object basic help
            Laurelyn Collins

            Almost.  When I tried Option 1, got this:




            so I changed it to NetworkShares//*.  I was still getting non-compliant on every server so I altered the rule to this:

            New rule.jpg

            That seems to be doing what I need.  Thanks for the help.


            As a separate issue, I am seeing some odd behavior if I drill down to the compliance results for an individual server - the rule will be marked in red as non-compliant when the server actually is compliant, and the network shares displayed don't always match up with what's really on the server.  But the summary report is right as far as I can tell.  We are still on 8.5 - was that ever reported as an issue?

            • 3. Re: Extended Object basic help
              Bill Robinson

              can you show an example of the problem you are describing ?

              • 4. Re: Extended Object basic help
                Laurelyn Collins

                Overview shows AKRFSW801 as Compliant.  This is correct.




                Expanded view shows server as Non-Compliant and lists Network Shares without Icinga share.  This is incorrect.



                Here is the Live Browse view of the server showing the Icinga share.





                • 5. Re: Extended Object basic help
                  Bill Robinson

                  I would get rid of the header row in your output, that's going to be treated like data and cause confusion.


                  live browse (image007) shows these shares: ADMIN$, Apps, C$, D$, Data, G$, Icinga, IPC$, TNSNAMES, Users$ for the akrfsw801 host.


                  the compliance result shows all of the same shares as not matching 'Icinga', because they don't.  but the operator is 'exists' which means it will pass if atleast one of them matches.  i believe we are not showing the successful match to the Icinga share due to a blasadmin setting for EnableDataPrunerForCompliance which will by default not store/show successful result data.


                  i don't see that the rule is marked in red - just the conditions that fail.

                  1 of 1 people found this helpful
                  • 6. Re: Extended Object basic help
                    Laurelyn Collins

                    Embedding images for easier reference.  So this is the expected result, if I'm understanding correctly.


                    What's the best way to strip the header data from the list of shares?  Is the blasadmin setting global or local, and how is it changed?





                    Live Browse shows Icinga share.pngNo Icinga share is shown.pngIcinga rule is non-compliant.png

                    • 7. Re: Extended Object basic help
                      Bill Robinson

                      right - the rule passed, the condition that made it pass is hidden due to the blasadmin setting i noted, and the failed conditions in the rule are shown.  your rules can have multiple failed conditions - that is expected - it just matters if those conditions will cause a rule failure.


                      as for the output - you can control that w/ whatever commands get run and some text processing on the result.

                      1 of 1 people found this helpful