topic HiPlease how can I create a in Network Access Control

windows remote access

nicanor00 — Mon, 11 Mar 2019 05:04:07 GMT

I have ISE 1.2 and there an issue with windows remote access on the computer

I use remote access to give assistance to remote user

Issue description:
The windows remote access are possible as much as the user’s assistance does not required to switch to an admin account
In case a switch to admin account is done, the network connection is lost and I can no more continue unless the remote user reconnects again.

Please how can I configure ISE to permit remote acces and switch to administrator user session without loose conexion ?

Thanks in advance

So I am assuming that you are

nspasov — Mon, 29 Sep 2014 20:46:51 GMT

So I am assuming that you are using "user only" based authentication. Correct? If so, that is the problem and it is a problem with Windows XP, 7 and even 8. It appears that during the RDP session, only machine credentials are sent, thus the 802.1x authentication fails. The workaround is to either switch the devices to perform "machine" based authentication or "user or machine" based authentication. In ISE then you will have to create a rule for machine based authentication to permit RDP based ports.

Take a look at the following links:

https://supportforums.cisco.com/discussion/12003786/cisco-ise-12-8021x-wires-ms-rdp

http://social.technet.microsoft.com/Forums/windows/en-US/507cd666-9c86-423c-bbed-789b9e975bd9/windows-7-rdp-and-8021x-authentication

Hope this helps!

Thank you for rating helpful posts!

HiI am using machine auth

nicanor00 — Tue, 30 Sep 2014 12:10:48 GMT

I am using machine auth first then user authentication after user login

But I can create specific authorization profile for the administrator (windows user login : remoteaccess)

How would I configure rule for that specific user ?

How create a rule for machine based authentication to permit RDP based ports ?

Check some printscreen of my config in attachement : it is not work

Please help

HiPlease how can I create a

nicanor00 — Thu, 02 Oct 2014 09:08:06 GMT

Please how can I create a rule to permit windows RDP on machine authentication for a specific user (windows user login : RDPTEST)

Please help

You can try to create a rule

nspasov — Thu, 02 Oct 2014 18:51:20 GMT

You can try to create a rule that allows machine based authentication and with that you can return an authorization profile that allows RDP and perhaps block everything else. Or you can just allow everything.

The rule in your screenshot above is referencing a user-based authentication.

Thank you for rating helpful posts!

Hi Neno,

Pranav Gade — Tue, 24 Nov 2015 05:52:52 GMT

Hi Neno,

Somewhat same issue I am also facing, we are running with ISE 1.4 and we are running with machine + user auth.

But once user gets login to his machine and try to access rdp or copying any file, and if he locked the machine then its stopping the session and use has to do log-off login to reinitiate the connection.

Currently end point are - windows 10 and window 8

We are using user or machine option in windows native supplicant,

Thanks in advance