https://community.cisco.com/t5/network-access-control/ise-and-local-machine-access/m-p/3052210#M22750 <P>Hellow guys,</P> <P></P> <P>I created policies for Machine and user authentication under ISE, so if the machine and user is AD authenticated, then Authorization profile will be applied.</P> <P></P> <P>My question, if the Machine AD authenticated but the user is using local account to access, i want this user to have specific access, not deny.</P> <P></P> <P>How can i acheive this?</P> <P></P> <P>Regards</P> Mon, 11 Mar 2019 07:44:23 GMT network@bigbenkuwait.com 2019-03-11T07:44:23Z https://community.cisco.com/t5/network-access-control/ise-and-local-machine-access/m-p/3052210#M22750 <P>Hellow guys,</P> <P></P> <P>I created policies for Machine and user authentication under ISE, so if the machine and user is AD authenticated, then Authorization profile will be applied.</P> <P></P> <P>My question, if the Machine AD authenticated but the user is using local account to access, i want this user to have specific access, not deny.</P> <P></P> <P>How can i acheive this?</P> <P></P> <P>Regards</P> Mon, 11 Mar 2019 07:44:23 GMT https://community.cisco.com/t5/network-access-control/ise-and-local-machine-access/m-p/3052210#M22750 network@bigbenkuwait.com 2019-03-11T07:44:23Z https://community.cisco.com/t5/network-access-control/ise-and-local-machine-access/m-p/3052211#M22751 <P>It's not exactly what you asked for but this might work:</P> <P>Copy the first AuthC result (machine and user is from AD identity source) to a second one without the user check. Since the AuthC results are evaluated top down with first match ending the processing, the second one will only be checked where there is a machine authentication but no user authentication (at least not on any identity store that ISE know about).</P> Wed, 24 May 2017 10:41:55 GMT https://community.cisco.com/t5/network-access-control/ise-and-local-machine-access/m-p/3052211#M22751 Marvin Rhoads 2017-05-24T10:41:55Z