cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

161
Views
0
Helpful
1
Replies
Highlighted
Beginner

Can users without local admin rights use ISE for BYOD EAP-TLS wireless?

We are looking for a solution that would integrate with existing EAP-TLS wifi and Cisco 9800 that would allow users with pre-approved BYOD Windows and Mac laptops to connect with only minimal IT assistance.

 

Most of these “BYOD” laptops are only BYOD to us since we don’t have access to manage them.  The users don’t own them. They are company assigned laptops from another company (contractors) and the end users do not have admin privileges on them.

 

I see that the Network Setup Assistant in ISE requires the user to have administrator rights to run. https://bst.cloudapps.cisco.com/bugsearch/bug/CSCve09982/?rfs=iqvred

 

Can BYOD onboarding using user certificates be completed without relying on the Network Setup Assistant on Windows devices or has that “bug” in the link I posted above been fixed or have a workaround? Installing a user certificate can be done by a standard user if the certificate is presented to the user as a link to download through the browser.

1 REPLY 1
Highlighted
Beginner

Re: Can users without local admin rights use ISE for BYOD EAP-TLS wireless?

I just noticed the link says there is a workaround for the Network Setup Assistant.  I didn’t see the text of the workaround until I looked at the link after signing into this discussion area.

It says: 
Workaround:
We can run the below command to by-pass the admin account.

cmd /min /C "set __COMPAT_LAYER=RUNASINVOKER && START NetworkSetupAssistant.exe

 

However, how would that be automated to happen automatically during the onboarding experience?  The user is not going to know how to do that.

Is that command still needed and does it work on newer versions of the Network Setup Assistant?