https://community.cisco.com/t5/network-access-control/microsoft-windows-profiling/m-p/3932034#M456779 <P>What is the best way of profiling machines running different version of Windows? Nmap sometimes give false positive and the user agent can also be modified.Dhcp probes /device sensor too is not helping that much or maybe am just missing something in there Just wondering what solution is out there without using an agent. Probably an attribute that distinguishes different&nbsp; OS versions. It works fine for domain joined machine&nbsp; but I am interested in knowing how others are addressing non domain PCs running microsoft windows.</P><P>&nbsp;</P><P>Xtreme</P> Sun, 29 Sep 2019 09:25:27 GMT xtreme 2019-09-29T09:25:27Z https://community.cisco.com/t5/network-access-control/microsoft-windows-profiling/m-p/3932034#M456779 <P>What is the best way of profiling machines running different version of Windows? Nmap sometimes give false positive and the user agent can also be modified.Dhcp probes /device sensor too is not helping that much or maybe am just missing something in there Just wondering what solution is out there without using an agent. Probably an attribute that distinguishes different&nbsp; OS versions. It works fine for domain joined machine&nbsp; but I am interested in knowing how others are addressing non domain PCs running microsoft windows.</P><P>&nbsp;</P><P>Xtreme</P> Sun, 29 Sep 2019 09:25:27 GMT https://community.cisco.com/t5/network-access-control/microsoft-windows-profiling/m-p/3932034#M456779 xtreme 2019-09-29T09:25:27Z https://community.cisco.com/t5/network-access-control/microsoft-windows-profiling/m-p/3932595#M456781 <P>Yeah this a tough one.&nbsp; As you said NMAP OS detection is unreliable.&nbsp; The only reason the domain joined ones are correct is because the OS attribute is pulled from AD via the AD profiler. The only other reliable way I know of is doing posturing, but I am guessing performing posturing on these devices is not an option.&nbsp;</P> <P>&nbsp;</P> <P>I run across this a lot in the medical field.&nbsp; The client will have Windows XP machines provided by a vendor doing a critical function in their network.</P> <P>&nbsp;</P> <P>What issue are you trying to solve by knowing the OS?</P> Mon, 30 Sep 2019 15:33:11 GMT https://community.cisco.com/t5/network-access-control/microsoft-windows-profiling/m-p/3932595#M456781 paul 2019-09-30T15:33:11Z https://community.cisco.com/t5/network-access-control/microsoft-windows-profiling/m-p/3932598#M456782 <P>Just thought of one thing you could try.&nbsp; You could possibly try an SMB NMAP probe against the machines to see if you can pull OS data that way.</P> Mon, 30 Sep 2019 15:34:12 GMT https://community.cisco.com/t5/network-access-control/microsoft-windows-profiling/m-p/3932598#M456782 paul 2019-09-30T15:34:12Z https://community.cisco.com/t5/network-access-control/microsoft-windows-profiling/m-p/3932882#M456784 <P>Thanks for the info Paul.&nbsp; Am trying to block win 7 machines from gaining access in the future but need to identify them first. My concern with the SMB feature is that once NMAP is enabled it automatically start scanning all the unknown endpoints which can be resource intensive. I also know the Nmap scanning can be triggered when the device hit a specific profiling rules (generic microsoft rule).... is there a way to first disable the auto scanning ? so Nmap will only kick in when the profiling rule is matched.</P><P>&nbsp;</P><P>Thanks for the response.</P><P>&nbsp;</P><P>Xtreme</P> Tue, 01 Oct 2019 05:57:42 GMT https://community.cisco.com/t5/network-access-control/microsoft-windows-profiling/m-p/3932882#M456784 xtreme 2019-10-01T05:57:42Z