A script could be built to look at a user in a database, if they haven't put in the time for the day then drop them in an AD group. If your switches are set to re-auth the ports every x minutes or so, you can setup a policy with that AD group to move their port to a locked down policy.
Another idea would be to query the database, and disable their AD account, however if they are dependent on AD to do their time, they would have to be re-enabled to do time and might 'neglect' to enter time. With the locked down policy, you could cut off internet or any resource except for the time application, perhaps redirect their browser to the time app if it is web based? :) And when they did their time, your scripted job would re-query the database (every 30 min let's say) and pull them out of that group, and port would re-auth and they would get their access back. If you have NAC, perhaps something creative could be done there. From: Nick Allen [mailto:[email protected]] Sent: Thursday, April 05, 2012 5:34 AM To: Enterasys Customer Mailing List Subject: [enterasys] Timesheets... Hi, A slightly odd question - but does anyone have any kind of policy applied that restricts network access depending on whether they've filled their timesheets in. So maybe something that looks the user up in a database, or - perhaps less useful - tests for AD group membership? I'm sure it's possible, but interested to hear any solutions - even if they're not specifically policy related - or even Enterasys related. I work for a creative agency where timesheets are required, but people are awful at filling them in. We've had various carrot and stick approaches over the years but nothing that works for everyone, or for every OS - we have a mix of Mac (90%) and PC (10%). Thanks, Nick. -- This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to [email protected]<mailto:[email protected]> and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * NOTICE: The Arkansas Department of Human Services has determined that this message may contain confidential or otherwise protected information. We have used transport encryption to help protect this message while in transit to you. Please take all reasonable measures to protect any protected or confidential data that might be in this message, including the limitation of re-disclosure to the minimum number of recipients necessary. Please report any inappropriate disclosure to https://dhs.arkansas.gov/reporting or as required by law. --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
