Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1669
Views
5
Helpful
3
Replies

Windows Os Architecture(32bit/64bit) profiling by Cisco ISE Problem.

Go to solution
s.maxina1
Level 1
Level 1

‎09-27-2019 11:48 PM - edited ‎02-21-2020 11:10 AM

Hi All.

I want to classify my Clients as Win7 32bit and Win7 64 bit( I want to install some Apps based on os architectures via ISE Posture File remediation and I know this procedure) in Cisco ISE v2.4. Ho can I do that classification? already, I have configured an authorization rule based on  Attribute "Session OS-Architecture:32bit/64bit", but it doesn't work(only profile Microsoft-workstation).

Thanks so much,

Sina HR.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
s.maxina1
Level 1
Level 1
In response to Colby LeMaire

‎09-29-2019 01:29 PM

Thanks Colby.lemaire.

when i used "Sessein:OS Architecture" Condition in "Client Provisioning policy", it does not work. but, when I used "Sessein:OS Architecture" Condition in "posture policy", it works and choose rule based on os Architecture condition. interesting.

View solution in original post

0 Helpful

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni
In response to s.maxina1

‎09-30-2019 06:09 AM

Client Provisioning policy is used only to provision the Anyconnect posture agent or to push out supplicant configurations for BYOD.  If you want to push files out to a machine, that would be under the Posture Policy.  You check to see if the file exists and if not, have a file remediation action.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni

‎09-28-2019 08:21 AM

First thought is that ISE is not meant to be a software distribution or patch management system.  I would highly recommend looking into something like SCCM to accomplish what you are looking for.

With that said, if you still want to be able to profile the endpoints based on OS details, you will probably need to enable the Active Directory probe and ISE will get the information about the client from AD.  But it will probably not be 100% which is why I wouldn't rely on ISE for pushing files out.

Go to solution
s.maxina1
Level 1
Level 1
In response to Colby LeMaire

‎09-29-2019 01:29 PM

Thanks Colby.lemaire.

when i used "Sessein:OS Architecture" Condition in "Client Provisioning policy", it does not work. but, when I used "Sessein:OS Architecture" Condition in "posture policy", it works and choose rule based on os Architecture condition. interesting.

0 Helpful

Go to solution
Colby LeMaire
VIP Alumni
VIP Alumni
In response to s.maxina1

‎09-30-2019 06:09 AM

Client Provisioning policy is used only to provision the Anyconnect posture agent or to push out supplicant configurations for BYOD.  If you want to push files out to a machine, that would be under the Posture Policy.  You check to see if the file exists and if not, have a file remediation action.

0 Helpful
Customers Also Viewed These Support Documents