Thanks Bruce. That's what I thought, but have been able to avoid this since before Vista and all of the variations of XP, so it was a lot less tedious. I suppose if I didn't have the rest of the network and servers to manage it wouldn't be that big of a deal, but we are a small institution and I can't afford to spend that much time doing this weekly.
Similar to others on this list the announced end of life support for CCA running on hardware of our choice has made us begin to look into other solutions. This IE8 issue just confirms that Cisco is not the right solution for us anymore. We too have had this in place dating back to Perfigo days, where it helped tremendously. If Cisco had kept up on this and kept us happy then we'd never even look anywhere else, but they are forcing us to at this point. Eric - I had the same thoughts as you about another listserv. It would be good to have a place where everyone could discuss what they've researched and implemented, success and failures, etc.. I'm sure we can do it on this list, but the people who signed up strictly for CCA might get sick of hearing us. Although the other thought on that is maybe they will read success stories and it will influence them to leave Cisco! Rob -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Osborne, Bruce W. (NS) Sent: Thursday, April 02, 2009 7:26 AM To: [email protected] Subject: Re: IE 8 Rob, That is correct. You have to update each OS rule. Rinse & repeat after every "Patch Tuesday" update. Bruce -----Original Message----- From: Robert J. Rutkowski [mailto:[email protected]] Sent: Wednesday, April 01, 2009 6:09 PM Subject: Re: IE 8 Correct me if I'm wrong please.. In order to use this manually created check, if I don't have any other manual checks incorporated into my hotfix rules, then I need to make copies of every hotfix rule (XP, XP MCE, XP Tablet, Vista Basic, Vista Home Premium, etc...) and add this check as an OR for the IE area to all of my copies, and then enable them for the Requirement. This is the way I understood it, I could very well be incorrect though. It seems like a lot of work just to tell it to allow IE8. Also, if that's what needs to be done, then why can't Cisco simply update their hotfix rules for everyone? It's sad that they would tell you how to manually do a workaround, but not just do it themselves... Rob -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Roberto Montoya Sent: Wednesday, April 01, 2009 2:06 PM To: [email protected] Subject: Re: IE 8 This is what we got on a case that we opened. "For now we will have to create a custom check until the next agent version download has been released. Here is an outline for the customer check that you can put in place: Check Category - Registry Check Check Type - Registry Value Registry Key - HLKM\SOFTWARE\Microsoft\Internet Explorer\ Value Name - Version Value Data Type - String Operator - starts with Value Data - 8.0 For now we are expecting support for IE8 within the next two weeks. Right now there is a bug for this issue and is listed below: Bug ID: CSCsy62611" HTH, -Roberto -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[email protected]] On Behalf Of Terry Mitchell Sent: Wednesday, April 01, 2009 9:52 AM To: [email protected] Subject: Re: IE 8 Anyone from Cisco/NAC team willing provide an estimate for IE8 support (days, weeks or months?). It doesn't have to be carved in stone, but a ballpark estimate would be most useful for planning and support purposes. Thanks in advance. Terry
