Hi all, Does anyone use Cisco's NAC with the posture checking agent out there for windows endpoints? If so, I would love to hear about how you managed to get it to play nicely with your AD environment! Because the agent doesn't run until *after* you pass the GINA, it stops certain GPO based settings that require trusted network resources (eg. folder redirection) and then gets in a race condition with other scripts and software that may need access to trusted network resourced (eg. login scripts that map drives and any other agents that log into internal servers). If it loads last, everything is broken. Even if it loads quickly, some things are broken. This seems to be a fundamental architectural issue - defeats me as to why the agent doesn't check in as a machine based entity on boot, rather than waiting for user login. I know there are options that can be based on user or group, but that should be an additional option, not a design assumption! The only alternative appears to be to defeat the purpose of the "unauthenticated" group and blow a load of firewall holes through it, thus rendering it semi-useless when inline since you're no longer protecting your network from unauthorised hosts (MAC address can only come from the agent in a VPN setup, unlike the L2 functionality on internal switches). a
************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
