These have bothered me for a while... (but obviously not enough to ask ;-)
1) Cisco recommends making Windows Update requirements optional:
The Windows Update requirement type is set to Optional (or do not enforce)
by default to optimize user experience by running the update process in the
On Aug 22, 2008, at 9:57 AM, Hall, Rand wrote:
These have bothered me for a while... (but obviously not enough to
ask ;-)
1) Cisco recommends making Windows Update requirements optional:
The Windows Update requirement type is set to Optional (or do not
enforce) by default to optimize user
We upgraded our CAM/CAS to 4.1.6 yesterday and everything went ok. We
upgraded the CAS servers first, then CAM as the release notes addressed.
Our CAM uses the self signed perfigo cert and three CAS HA pairs use
trusted signed cert from Thawte Premium Server CA. Although the Thawte
Premium
Hi Rand
We have used a mandatory WSUS requirement for a long time, and it causes no
problems at all (well, except maybe on Windows 2000 clients). Also 3.1.6
fixes the bug that made it a bad idea to show the UI, so if Cisco would fix
the new Vista bug, I could even give people a progress
As we continue to roll out CCA to our faculty/staff this year we here
suggestions about streamlining the login process. A professor pointed
out that the login process for Clean Access is several steps where the
Cisco VPN is quite a bit less obtrusive (from off campus)
Here were some thoughts
Max,
Do you experience slower Agent login when using WSUS requirement
comparing to the using Cisco rules? I tested it in our lab and it takes
around 30 secs for Agent login using WSUS requirement, and sometimes I
got 1 minute to login. By using Cisco rules, normally it takes 7-8 secs.
That
John,
If the faculty/staff machines are all part of an Active Directory domain, you
can use Single-Sign-On. This uses the user's Kerberos login credentials and
gives no-click login to Clean Access if the machine passes all checks.
You can set a timeout for the login success screen (We use 3
John,
1) SSO itself will not slow down the login process. Blocked traffic in
the unauthenticated role that inhibits GPOs/fileshares/etc will slow
down your login.
As for making it store credentials indefinitely, there have been some
people who want that and some who want the remember me
Dennis,
This is because we have to wait for the windows update agent to
report its status back to us.
When using the built in windows update rules we are just checking
registry values.
The advantage to WSUS is that when patches are released you don't
have to wait for the internal
You guys are right , stay away from wildcard certs They don't work .Thanks all
for the help.
-Original Message-
From: Jesse Dubois [EMAIL PROTECTED]
Sent: Aug 21, 2008 12:41 PM
To: CLEANACCESS@LISTSERV.MUOHIO.EDU
Subject: Re: SSL cert issue
Everyone,
Clean access redirects based on
Thanks Nathaniel and Bruce. Perfect direction and much appreciated.
-Original Message-
From: Cisco Clean Access Users and Administrators
[mailto:[EMAIL PROTECTED] On Behalf Of Nathaniel Austin
Sent: Friday, August 22, 2008 10:58 AM
To: CLEANACCESS@LISTSERV.MUOHIO.EDU
Subject: Re:
Hi Dennis
We don't find Cisco rules as quick as that, but they are a lot quicker than
WSUS. However, we had so much trouble with Cisco rules that I wouldn't dream
of using them again. I was getting two or three instances per day of CCA
wanting patches that either weren't needed or couldn't be
Does anyone know if CAM\CAS 4.1.2.1 and Agent version 4.1.3.0 will work with
Vista 64-bit? I know that the 4.1.2.1 and 4.1.2.2 versions of the Agent
support Vista 64-bit for authentication only.
Thanks,
Shaun Pillé
Network Manager
Campus Technologies, LLC
[EMAIL PROTECTED]
We are currently running 4.1.2.1 on the Managers and 4.1.3.2 for the Windows agent and it supports
Vista 64 bit logging in, but not posture assessment.
--
Isabelle Graham
Information Security
American University
Shaun Pillé wrote:
Does anyone know if CAM\CAS 4.1.2.1 and Agent version 4.1.3.0
Unfortunately even the latest version (4.1.6) only support 64-bit
authentication, no remediation.
Michael Stanclift
Network Analyst
Rockhurst University
http://help.rockhurst.edu
(816) 501-4231
-Original Message-
From: Cisco Clean Access Users and Administrators [mailto:[EMAIL
15 matches
Mail list logo