https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152632#M145510 <P>Is there a way to get the NAC Agent to run when a user logs on a Windows machine in a RDP session?</P> Mon, 11 Mar 2019 03:08:31 GMT jms112080 2019-03-11T03:08:31Z https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152632#M145510 <P>Is there a way to get the NAC Agent to run when a user logs on a Windows machine in a RDP session?</P> Mon, 11 Mar 2019 03:08:31 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152632#M145510 jms112080 2019-03-11T03:08:31Z https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152633#M145511 <P>fyi, the device which will give services of RDP to other clients should have NAC if it has to be part of any network.</P> Tue, 22 Apr 2014 09:40:25 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152633#M145511 Saurav Lodh 2014-04-22T09:40:25Z https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152634#M145512 <P>You have to go and check the dACL that is part of authorization profile, you will find that it is blocking your RDP access as when you do a remote desktop your authentication token is host/machine-name.domain. Now, the easiest FIX to permit RDP traffic is to modify the dACL but this won't solve your problem. Why? Because now your dACL will allow you do a remote desktop now BUT it will block rest of your communication.</P><P>&nbsp;</P><P>So either you permit all as soon as your machine is authenticated or you will continue to face this issue.</P> Fri, 02 May 2014 13:13:14 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152634#M145512 ankur1984 2014-05-02T13:13:14Z https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152635#M145513 <P>Hi<SPAN class="fullname"><SPAN rel="sioc:has_creator"><A class="username" href="https://supportforums.cisco.com/users/ankur1984" title="View user profile."> ankur1984</A></SPAN></SPAN></P><P>How can I permit RDP for one user only ?</P><P>for exemple windows user login administrator_123 ?</P><P>&nbsp;</P><P>&nbsp;</P><P>regards</P><P>&nbsp;</P> Thu, 02 Oct 2014 09:40:57 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152635#M145513 nicanor00 2014-10-02T09:40:57Z https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152636#M145514 <P>Microsoft supplicant does not support 802.1X &amp; RDP sessions per user, as detailed in <A href="http://support.microsoft.com/kb/2820847" target="_blank">http://support.microsoft.com/kb/2820847</A>. An alternative is to adopt the supplicant Cisco AnyConnect NAM (Network Access Manager), which is free and supports RDP sessions &amp; 802.1x for user.</P> Thu, 02 Oct 2014 13:46:44 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152636#M145514 Emerson Oliveira 2014-10-02T13:46:44Z https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152637#M145515 <P>Microsoft supplicant does not support 802.1X &amp; RDP sessions per user, as detailed in <A href="http://support.microsoft.com/kb/2820847" target="_blank">http://support.microsoft.com/kb/2820847</A>. An alternative is to adopt the supplicant Cisco AnyConnect NAM (Network Access Manager), which is free and supports RDP sessions &amp; 802.1x for user.</P> Thu, 02 Oct 2014 13:47:12 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152637#M145515 Emerson Oliveira 2014-10-02T13:47:12Z https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152638#M145516 <P>Hi Nicanor00,</P><P>Unfortunately in the current scenario you can only user machine authentication to create your authorization profiles or you can use '<SPAN class="fullname" style="color: rgb(153, 153, 153);"><SPAN rel="sioc:has_creator"><A about="/users/securityreports" class="username" datatype="" href="https://supportforums.cisco.com/users/securityreports" property="foaf:name" title="View user profile." typeof="sioc:UserAccount" lang="">security reports</A></SPAN></SPAN>' suggestion but i haven't tried that personally.</P><P>&nbsp;</P><P>thanks,</P><P>Ankur</P> Mon, 06 Oct 2014 13:26:18 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152638#M145516 ankur1984 2014-10-06T13:26:18Z https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152639#M145517 <P>Thanks for sharing your thoughts securityreports but i have a mandate be implement this without a supplicant and hence the challenge.</P><P>&nbsp;</P><P>-Ankur</P> Mon, 06 Oct 2014 13:30:37 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-nac-agent-rdp-session/m-p/2152639#M145517 ankur1984 2014-10-06T13:30:37Z