The NetIQ Secure Configuration Manager Windows Agent (Windows agent) validates the configuration of Windows endpoints managed by NetIQ Secure Configuration Manager to ensure compliance with corporate security policies and pinpoint potential vulnerabilities. An endpoint represents an agent-monitored operating system, application, web server, or database instance.
The Windows agent can monitor the operating system of the computer where you install the agent as well as the following types of assets in your Windows environment:
Microsoft Active Directory
Microsoft Internet Information Services (IIS)
Microsoft SQL Server database instances
Network Attached Storage (NAS) servers
Network devices
Oracle database instances
Windows operating systems
The Windows agent can collect security compliance information from one or more Windows endpoints. The Windows agent receives requests from Secure Configuration Manager Core Services and runs commands or responds by returning data, status, or results. The Windows agent can run locally on computers throughout your enterprise or you can install the Windows agent locally on a few computers and have those agents manage by proxy endpoints on many other computers. The NetIQ Security Agent for Windows service (Windows agent service) must be enabled to run on the Windows agent computer. For more information about the Windows agent service, see Understanding the Windows Agent Service.
When you install a Windows agent, you can add the computer on which the agent resides to the Secure Configuration Manager asset map. Secure Configuration Manager registers the new Windows agent and assigns an endpoint to the agent representing the operating system of the agent computer. As you add more systems and endpoints to the asset map, you can designate the endpoint type. For example, you can specify one new endpoint as Active Directory and another as SQL Server. A single Windows agent can monitor multiple types of endpoints. For more information about monitoring multiple endpoints, see Understanding Management by Proxy. For more information about discovering and adding endpoints to your managed systems in the asset map, see the User’s Guide for Secure Configuration Manager.
Each Windows agent sends regular communication, called a heartbeat, to Secure Configuration Manager to verify operation. When the agent receives a heartbeat request, the agent polls its monitored endpoints to verify their status and then responds to Secure Configuration Manager. The Windows agent also responds to requests for data sent from Core Services in the form of security checks and policy templates. Policy templates are groups of security checks that audit a specific series of IT controls that match a security policy standard. The agent translates the security checks into queries which it forwards to its monitored endpoints. Upon receiving responses to the queries, the agent reports the results to Secure Configuration Manager. For more information about Secure Configuration Manager, see the User’s Guide for Secure Configuration Manager.