https://community.cisco.com/t5/network-access-control/ise-lockdown-user/m-p/3174767#M555025 <P>Yes, you can configure a group policy to configure 802.1x on a computer to authenticate a user, this can be transparent. Either EAP-TLS (certificate) or PEAP/MSCHAPv2 (username and password) - both methods can be transparent, assuming the computer is trusting the certificates.</P><P>&nbsp;</P><P>Any reason why not doing computer authentication? You can do both, the benefit of authenticating the computer is that computer gpo are processed.</P><P>&nbsp;</P><P>HTH</P> Wed, 23 Aug 2017 17:21:33 GMT Rob Ingram 2017-08-23T17:21:33Z https://community.cisco.com/t5/network-access-control/ise-lockdown-user/m-p/3174665#M555023 <P>All,</P><P>few questions on topic of ISE today <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> and think this one deserves its own thread</P><P>&nbsp;</P><P>Can you lock down users in windows not to type their login details and use single sign on ?</P><P>I suppose use by using group policy and on the machine configuring dot1x for the user only and not machine( we are not authenticating the machine)</P><P>&nbsp;</P><P>Thanks</P><P>&nbsp;</P> Fri, 21 Feb 2020 18:32:49 GMT https://community.cisco.com/t5/network-access-control/ise-lockdown-user/m-p/3174665#M555023 cisco8887 2020-02-21T18:32:49Z https://community.cisco.com/t5/network-access-control/ise-lockdown-user/m-p/3174767#M555025 <P>Yes, you can configure a group policy to configure 802.1x on a computer to authenticate a user, this can be transparent. Either EAP-TLS (certificate) or PEAP/MSCHAPv2 (username and password) - both methods can be transparent, assuming the computer is trusting the certificates.</P><P>&nbsp;</P><P>Any reason why not doing computer authentication? You can do both, the benefit of authenticating the computer is that computer gpo are processed.</P><P>&nbsp;</P><P>HTH</P> Wed, 23 Aug 2017 17:21:33 GMT https://community.cisco.com/t5/network-access-control/ise-lockdown-user/m-p/3174767#M555025 Rob Ingram 2017-08-23T17:21:33Z https://community.cisco.com/t5/network-access-control/ise-lockdown-user/m-p/3174828#M555027 <P>thanks for this</P><P>&nbsp;</P><P>do you have any article to show the process for wlc 8 and ise 2.2?</P><P>&nbsp;</P><P>what do you mean by it applies GPOs?</P> Wed, 23 Aug 2017 18:56:48 GMT https://community.cisco.com/t5/network-access-control/ise-lockdown-user/m-p/3174828#M555027 cisco8887 2017-08-23T18:56:48Z https://community.cisco.com/t5/network-access-control/ise-lockdown-user/m-p/3174852#M555028 <P>Here is the best place for ISE configuration guides</P><P><A href="https://communities.cisco.com/docs/DOC-64012" target="_self">https://communities.cisco.com/docs/DOC-64012</A></P><P>&nbsp;</P><P>What I mean by gpo i was referring to the windows group policies. When the computer boots up it updates the computer group policies, when a user logins it processes user group policies. So you may want to authenticate the user and computer to ensure all group policies are updated.</P><P>&nbsp;</P> Wed, 23 Aug 2017 19:30:10 GMT https://community.cisco.com/t5/network-access-control/ise-lockdown-user/m-p/3174852#M555028 Rob Ingram 2017-08-23T19:30:10Z