https://community.cisco.com/t5/network-access-control/patch-management-with-ise/m-p/3493930#M535460 <HTML><HEAD></HEAD><BODY><P>Hi Chyps,</P><P></P><P>Can you please elaborate more on your response - </P><P></P><P><STRONG>"</STRONG><EM><STRONG>ISE 2.2 has additional enhancements in 2.2 for checking SCCM checks with external Windows server.&nbsp; I suggest trying to leverage existing WSUS/SCCM integration, or patch management solution to help automate operation."</STRONG></EM></P><P></P><P></P><P></P></BODY></HTML> Wed, 24 Jan 2018 13:17:37 GMT Bcssi Network 2018-01-24T13:17:37Z https://community.cisco.com/t5/network-access-control/patch-management-with-ise/m-p/3493928#M535458 <HTML><HEAD></HEAD><BODY><P>Hello Experts,</P><P></P><P>I have come across a scenario where patch management for Windows' Machines is getting done through various methods like SCCM, WSUS and sometimes running scripts on end points.</P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">As per my understanding patch management with ISE is performed using AnyConnect integration with ISE, where AnyConnect verifies Critical Patches installation on machine with the help of SCCM Client before giving network access to end point.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">Customer doesn't want to <SPAN style="font-size: 13.3333px;">ISE to</SPAN> rely on SCCM, stating that due to some issues patches can be missing on SCCM client and hence<BR /></SPAN></P><P><SPAN style="font-size: 10pt;">want ISE to </SPAN>verify<SPAN style="font-size: 10pt;"> presence of patches on end points using some manual configuration of Windows registry or KB values.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">Request you to please help me out if you are aware of any such </SPAN>customisation<SPAN style="font-size: 10pt;"> </SPAN>with<SPAN style="font-size: 10pt;"> ISE for Windows patch validations and suggest if any solution/workaround is </SPAN>available<SPAN style="font-size: 10pt;">.</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;">Thank you.</SPAN></P><P><SPAN style="font-size: 10pt;">Abhishek</SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="font-size: 10pt;"><BR /></SPAN></P></BODY></HTML> Wed, 02 Aug 2017 09:55:26 GMT https://community.cisco.com/t5/network-access-control/patch-management-with-ise/m-p/3493928#M535458 abhvyas 2017-08-02T09:55:26Z https://community.cisco.com/t5/network-access-control/patch-management-with-ise/m-p/3493929#M535459 <HTML><HEAD></HEAD><BODY><P>There are a number of custom checks for Windows updates that are pushed as part of the Posture rules updates&nbsp;&nbsp; from Cisco.&nbsp; That said, this is typically a much more management intensive route.&nbsp; ISE 2.2 has additional enhancements in 2.2 for checking SCCM checks with external Windows server.&nbsp; I suggest trying to leverage existing WSUS/SCCM integration, or patch management solution to help automate operation.</P><P></P><P>/Craig</P></BODY></HTML> Wed, 02 Aug 2017 14:09:32 GMT https://community.cisco.com/t5/network-access-control/patch-management-with-ise/m-p/3493929#M535459 Craig Hyps 2017-08-02T14:09:32Z https://community.cisco.com/t5/network-access-control/patch-management-with-ise/m-p/3493930#M535460 <HTML><HEAD></HEAD><BODY><P>Hi Chyps,</P><P></P><P>Can you please elaborate more on your response - </P><P></P><P><STRONG>"</STRONG><EM><STRONG>ISE 2.2 has additional enhancements in 2.2 for checking SCCM checks with external Windows server.&nbsp; I suggest trying to leverage existing WSUS/SCCM integration, or patch management solution to help automate operation."</STRONG></EM></P><P></P><P></P><P></P></BODY></HTML> Wed, 24 Jan 2018 13:17:37 GMT https://community.cisco.com/t5/network-access-control/patch-management-with-ise/m-p/3493930#M535460 Bcssi Network 2018-01-24T13:17:37Z https://community.cisco.com/t5/network-access-control/patch-management-with-ise/m-p/3493931#M535461 <HTML><HEAD></HEAD><BODY><P>Hello, comment was around enhancements on AC compliance module code to check for all patches instead of just critical patches, recommend using the latest CM module to work with all patch levels </P><P></P><P>thank you</P><P><BR />Regards</P><P>Imran.</P></BODY></HTML> Sat, 27 Jan 2018 01:51:54 GMT https://community.cisco.com/t5/network-access-control/patch-management-with-ise/m-p/3493931#M535461 imbashir 2018-01-27T01:51:54Z