Good plan Brian - we'll have to give that a go. The AD group + policy with re-auth sounds best.
Cheers, Nick. On Thu, Apr 5, 2012 at 1:03 PM, Brian Anderson <[email protected]>wrote: > A script could be built to look at a user in a database, if they haven’t > put in the time for the day then drop them in an AD group. If your > switches are set to re-auth the ports every x minutes or so, you can setup > a policy with that AD group to move their port to a locked down policy. * > *** > > ** ** > > Another idea would be to query the database, and disable their AD account, > however if they are dependent on AD to do their time, they would have to be > re-enabled to do time and might ‘neglect’ to enter time.**** > > ** ** > > With the locked down policy, you could cut off internet or any resource > except for the time application, perhaps redirect their browser to the time > app if it is web based? J And when they did their time, your scripted > job would re-query the database (every 30 min let’s say) and pull them out > of that group, and port would re-auth and they would get their access back. > **** > > ** ** > > If you have NAC, perhaps something creative could be done there.**** > > ** ** > > *From:* Nick Allen [mailto:[email protected]] > *Sent:* Thursday, April 05, 2012 5:34 AM > *To:* Enterasys Customer Mailing List > *Subject:* [enterasys] Timesheets...**** > > ** ** > > Hi,**** > > ** ** > > A slightly odd question - but does anyone have any kind of policy applied > that restricts network access depending on whether they've filled their > timesheets in.**** > > So maybe something that looks the user up in a database, or - perhaps less > useful - tests for AD group membership?**** > > ** ** > > I'm sure it's possible, but interested to hear any solutions - even if > they're not specifically policy related - or even Enterasys related.**** > > ** ** > > I work for a creative agency where timesheets are required, but people are > awful at filling them in.**** > > ** ** > > We've had various carrot and stick approaches over the years but nothing > that works for everyone, or for every OS - we have a mix of Mac (90%) and > PC (10%).**** > > ** ** > > Thanks,**** > > ** ** > > Nick.**** > > ** ** > > -- **** > > This e-mail is intended only for the named person or entity to which it is > addressed and**** > > contains valuable business information that is proprietary, privileged, > confidential and/or**** > > otherwise protected from disclosure. If you received this e-mail in error, > any review, use,**** > > dissemination, distribution or copying of this e-mail is strictly prohibited. > Please notify**** > > us immediately of the error via e-mail to [email protected] and > please delete**** > > the e-mail from your system, retaining no copies in any media. We appreciate > your cooperation.**** > > ** ** > > ** ** > > ** ** > > **· ** --To unsubscribe from enterasys, send email to > [email protected] with the body: unsubscribe enterasys > [email protected]**** > > **· **** ** > > > - --To unsubscribe from enterasys, send email to [email protected] with > the body: unsubscribe enterasys [email protected] > > **NOTICE:** The Arkansas Department of Human Services has determined > that this message may contain confidential or otherwise protected > information. We have used transport encryption to help protect this message > while in transit to you. Please take all reasonable measures to protect any > protected or confidential data that might be in this message, including the > limitation of re-disclosure to the minimum number of recipients necessary. > Please report any inappropriate disclosure to > https://dhs.arkansas.gov/reporting or as required by law. -- This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to [email protected] and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
