Cisco ISE NAC Agent RDP session

jms112080 · ‎02-28-2013

Is there a way to get the NAC Agent to run when a user logs on a Windows machine in a RDP session?

Saurav Lodh · ‎04-22-2014

fyi, the device which will give services of RDP to other clients should have NAC if it has to be part of any network.

nicanor00 · ‎10-02-2014

Hi ankur1984

How can I permit RDP for one user only ?

for exemple windows user login administrator_123 ?

regards

ankur1984 · ‎10-06-2014

Hi Nicanor00,

Unfortunately in the current scenario you can only user machine authentication to create your authorization profiles or you can use 'security reports' suggestion but i haven't tried that personally.

thanks,

Ankur

ankur1984 · ‎05-02-2014

You have to go and check the dACL that is part of authorization profile, you will find that it is blocking your RDP access as when you do a remote desktop your authentication token is host/machine-name.domain. Now, the easiest FIX to permit RDP traffic is to modify the dACL but this won't solve your problem. Why? Because now your dACL will allow you do a remote desktop now BUT it will block rest of your communication.

So either you permit all as soon as your machine is authenticated or you will continue to face this issue.

Emerson Oliveira · ‎10-02-2014

Microsoft supplicant does not support 802.1X & RDP sessions per user, as detailed in http://support.microsoft.com/kb/2820847. An alternative is to adopt the supplicant Cisco AnyConnect NAM (Network Access Manager), which is free and supports RDP sessions & 802.1x for user.

ankur1984 · ‎10-06-2014

Thanks for sharing your thoughts securityreports but i have a mandate be implement this without a supplicant and hence the challenge.

-Ankur

Emerson Oliveira · ‎10-02-2014

Microsoft supplicant does not support 802.1X & RDP sessions per user, as detailed in http://support.microsoft.com/kb/2820847. An alternative is to adopt the supplicant Cisco AnyConnect NAM (Network Access Manager), which is free and supports RDP sessions & 802.1x for user.